Anomaly detection for industrial control systems (ICS)

Anomaly detection for industrial control systems (ICS)

Industrial control systems (ICSs) combine distributed computing with physical process monitoring and control. They are comprised of elements providing feedback from the physical world (sensors) and elements influencing it (actuators), as well as computers and controller networks, which process the feedback data and issue commands to the actuators. Many ICSs are safety-critical, and an attack interfering with their functionality can cause substantial financial and environmental harm and endanger people. The importance of ICSs makes them an attractive target for attacks, particularly cyber attacks.

Several high impact incidents have been reported in recent years. Recent studies have utilized machine learning (ML), both supervised and unsupervised, to model the ICS for detecting cyber attacks. Despite their achievements, these studies suffer from some limitations.

  • First, they were typically verified on a single dataset, limiting the ability to address the method’s generality and applicability in other settings.
  • Second, these studies barely addressed the need to properly preprocess the input data and conduct feature selection, an important step which may have significant impact on performance.
  • Third, we believe that the ability of these methods to detect many attacks is limited, because they focus on processing the time domain signals.
  • Finally, most studies do not consider adversarial attacks on the proposed methods.

In this research [1], we propose a method for detecting anomalies and cyber-attacks in physical-level ICS data using 1D CNNs, shallow undercomplete autoencoders (UAEs), variational autoencoders (VAEs), and PCA, which does not require labeled datasets.

The method improves upon the method presented in previous researches, allowing arbitrary length sequence prediction and an arbitrary prediction horizon, adding a max-based method for threshold detection, and formalizing the detection hyperparameter criteria.

In addition, we propose a feature selection approach using the Kolmogorov-Smirnov test, and transform time domain signals into frequency representation, and model the system in both the time and frequency domains.

The method was evaluated on three popular public datasets representing both real-world and simulated data (SWaT, BATADAL, WADI) and achieved better detection performance than previously published research in this area. In addition, we demonstrate the effectiveness of the proposed feature selection method and its generalizability.

Finally, the proposed method’s robustness to adversarial evasion attacks under a threat model of a white-box attacker that has gained control of the sensor data was evaluated. The results show the method’s resilience: to evade detection, the attacker must abandon his/her goal of physically impacting the system.

In the next phase of this research, we evaluated how vulnerable such attack detectors for ICS to poisoning attacks [2]. The threat model assumed in our research considers an adversary whose goal is to change a physical-level process of the targeted ICS, which includes an online-trained anomaly detector.

The adversary considered has gained control of a sensor or a number (subset) of sensors and is able to falsify the sensors’ readings. Spoofed sensory data can cause the controller of the ICS to issue commands driving the system to a specific state desired by the attacker. The attacker needs to change the controlled sensor’s data gradually in the direction that would lead the detector to accept the planned attack as normal behavior. The changes introduced should neither be detected as anomalous by the detector nor cause the detector to detect the normal data as anomalous, thus increasing the problem’s difficulty.

Our study aims to answer the following research questions:

  1. What algorithms can be used to effectively generate poisoning input for a NN-based ICSanomaly detector operating in online training mode?
  2. How robust are the detectors to such poisoning attacks?
  3. How can such attacks be mitigated?

The main contributions of this research are as follows:

  1. To the best of our knowledge, we present the first study of poisoning attacks on online trained NN-based detectors for multivariate time series.
  2. We propose two algorithms for the generation of poisoning samples in such settings: an interpolation-based algorithm and a back-gradient optimization-based algorithm.
  3. We implement and validate both algorithms on synthetic data and evaluate the influence of various test parameters on the poisoning abilities of the algorithms.
  4. We apply the algorithms to an autoencoder-based anomaly detector for real-world ICS data and study the detector’s robustness to poisoning attacks.
  5. We propose a number of mitigation techniques against poisoning attacks.
  6. The implementation of both algorithms and the evaluation test code are open source and freely available.

(By Prof. Asaf Shabtai, Dr. Yair Meidan, Mr. Moshe Kravchik, Ben Gurion University of the Negev)


  1. Kravchik, M. and Shabtai, A., 2021. Efficient cyber-attack detection in industrial control systems using lightweight neural networks and pca. IEEE Transactions on Dependable and Secure Computing.
  2. Kravchik, M., Biggio, B. and Shabtai, A., 2021, March. Poisoning attacks on cyber-attack detectors for industrial control systems. In Proceedings of the 36th Annual ACM Symposium on Applied Computing (pp. 116-125).