Deepnoise: Learning sensor and process noise to detect data integrity attacks in CPS

Cyber-physical systems (CPS) have been widely deployed in critical infrastructures and are vulnerable to various attacks. Data integrity attacks manipulate sensor measurements and cause control systems to fail, which are one of the prominent threats to CPS. Anomaly detection methods are proposed to...

Full description

Saved in:
Bibliographic Details
Published inChina communications Vol. 18; no. 9; pp. 192 - 209
Main Authors Luo, Yuan, Cheng, Long, Liang, Yu, Fu, Jianming, Peng, Guojun
Format Journal Article
LanguageEnglish
Published China Institute of Communications 01.09.2021
Key Laboratory of Aerospace Information Security and Trusted Computing,Ministry of Education,Wuhan 430072,China%School of Computing,Clemson University,USA%Tencent Technology Shenzhen Company,Shenzhen,China
School of Cyber Science and Engineering,Wuhan University,Wuhan 430072,China
Subjects
Anomaly detection
cyber-physical systems
Data integrity
data integrity attacks
Data models
Detectors
Noise measurement
Robot sensing systems
Sparse matrices
cyber-physical systems
anomaly detec-tion
data integrity attacks
Online AccessGet full text

Cover

More Information
Summary:Cyber-physical systems (CPS) have been widely deployed in critical infrastructures and are vulnerable to various attacks. Data integrity attacks manipulate sensor measurements and cause control systems to fail, which are one of the prominent threats to CPS. Anomaly detection methods are proposed to secure CPS. However, existing anomaly detection studies usually require expert knowledge (e.g., system model-based) or are lack of interpretability (e.g., deep learning-based). In this paper, we present Deepnoise, a deep learning-based anomaly detection method for CPS with interpretability. Specifically, we utilize the sensor and process noise to detect data integrity attacks. Such noise represents the intrinsic characteristics of physical devices and the production process in CPS. One key enabler is that we use a robust deep autoencoder to automatically extract the noise from measurement data. Further, an LSTM-based detector is designed to inspect the obtained noise and detect anomalies. Data integrity attacks change noise patterns and thus are identified as the root cause of anomalies by Deepnoise. Evaluated on the SWaT testbed, Deep-noise achieves higher accuracy and recall compared with state-of-the-art model-based and deep learning-based methods. On average, when detecting direct attacks, the precision is 95.47%, the recall is 96.58%, and F is 95.98%. When detecting stealthy attacks, precision, recall, and F scores are between 96% and 99.5%.
ISSN:1673-5447
DOI:10.23919/JCC.2021.09.015