ABATe: Automatic Behavioral Abstraction Technique to Detect Anomalies in Smart Cyber-Physical Systems

Sandeep Nair Narayanan, Anupam Joshi, Ranjan Bose

Research output: Contribution to journalArticlepeer-review

5 Scopus citations

Abstract

Detecting anomalies and attacks in smart cyber-physical systems are of paramount importance owing to their growing prominence in controlling critical systems. However, this is a challenging task due to the heterogeneity and variety of components of a CPS, and the complex relationships between sensed values and potential attacks or anomalies. Such complex relationships are results of physical constraints and domain norms which exist in many CPS domains. In this article, we propose ABATe, an Automatic Behavioral Abstraction Technique based on neural networks for detecting anomalies in smart cyber-physical systems. Unlike traditional techniques which abstract the statistical properties of different sensor values, ABATe learns complex relationships between event vectors from normal operational data available in abundance with smart CPS and uses this abstracted model to detect anomalies. ABATe detected more than 88 percent of attacks in the publicly available SWaT dataset featuring data from a scaled down sewage water treatment plant with a very low false positive rate of 1 percent. We also evaluated our technique's ability to capture domain semantics and multi-domain adaptability using a real-world automotive dataset, as well as a synthetic dataset.

Original languageEnglish
Pages (from-to)1673-1686
Number of pages14
JournalIEEE Transactions on Dependable and Secure Computing
Volume19
Issue number3
DOIs
StatePublished - 2022
Externally publishedYes

Keywords

  • Anomaly detection
  • attack detection
  • CPS
  • cyber-physical systems
  • security

Fingerprint

Dive into the research topics of 'ABATe: Automatic Behavioral Abstraction Technique to Detect Anomalies in Smart Cyber-Physical Systems'. Together they form a unique fingerprint.

Cite this