Temporal state-aware unsupervised anomaly detection for industrial control system

Abstract

The increasing interrelationship with Information Technology infrastructure between the Industrial Control Systems (ICS) and critical infrastructure has presented advanced cyber-attacks to critical infrastructure, which not only places data security at risk but also threatens the physical safety, to operational continuity. The thesis will visit the issue of creating an efficient, interpretable and computationally efficient intrusion detection system in an ICS environment through a proposed novel LSTM auto-encoder architecture, specifically trained with edge deployment in mind. The article takes a rigorous approach where physics-conscious feature engineering is embraced, deep-learning architecture creation, and thorough assessment of the WADI (Water Distribution) benchmark data. The proposed system achieves a score of 0.7018 in F1 (Precision=0.7196, Recall=0.7149) by performing the dimensionality reduction of 127 sensors to 30 (which is a reduction of 76 per cent), and by adding the zero-crossing-rate features to the frequency-domain analysis, which is drastically higher than more traditional statistical methods, including Isolation Forest (0.58 F1), or the current state-of-the-art methods, including STADN. To be practical, the system is edge-compatible with an inference latency of 1.84ms, a million parameters, and consumes 5.38W of power when run on simulated NVIDIA Jetson Nano hardware, which is a ten-fold faster inference time than graph-based algorithms. Unsupervised approach, which learns only based on normal operational data, helps to detect novel, zero-day attacks, therefore overcoming the limitation of labelled attack data in operational settings. The study establishes that advanced deep-learning systems can be deployed on the tight computational requirements of industrial edge devices, thus creating a reproducible model of secure and real-time secure critical infrastructure protection.