Visible to the public Research of Classical Machine Learning Methods and Deep Learning Models Effectiveness in Detecting Anomalies of Industrial Control System

TitleResearch of Classical Machine Learning Methods and Deep Learning Models Effectiveness in Detecting Anomalies of Industrial Control System
Publication TypeConference Paper
Year of Publication2018
AuthorsSokolov, A. N., Pyatnitsky, I. A., Alabugin, S. K.
Conference Name2018 Global Smart Industry Conference (GloSIC)
Keywordsanomaly detection, anomaly detection evaluation dataset, composability, control engineering computing, Cyber Attacks, Data processing, Decision trees, Deep Learning, deep learning models, Feeds, ICs, ICS security, industrial control, industrial process anomaly detection task, learning (artificial intelligence), linear algorithms, machine learning, machine learning algorithms, machine learning methods, modern industrial control systems, neural nets, Neural networks, privacy, production engineering computing, pubcrawl, resilience, Resiliency, security, security of data, signal correlations, Support vector machines, Tennessee Eastman process simulation data, Training
Abstract

Modern industrial control systems (ICS) act as victims of cyber attacks more often in last years. These attacks are hard to detect and their consequences can be catastrophic. Cyber attacks can cause anomalies in the work of the ICS and its technological equipment. The presence of mutual interference and noises in this equipment significantly complicates anomaly detection. Moreover, the traditional means of protection, which used in corporate solutions, require updating with each change in the structure of the industrial process. An approach based on the machine learning for anomaly detection was used to overcome these problems. It complements traditional methods and allows one to detect signal correlations and use them for anomaly detection. Additional Tennessee Eastman Process Simulation Data for Anomaly Detection Evaluation dataset was analyzed as example of industrial process. In the course of the research, correlations between the signals of the sensors were detected and preliminary data processing was carried out. Algorithms from the most common techniques of machine learning (decision trees, linear algorithms, support vector machines) and deep learning models (neural networks) were investigated for industrial process anomaly detection task. It's shown that linear algorithms are least demanding on computational resources, but they don't achieve an acceptable result and allow a significant number of errors. Decision tree-based algorithms provided an acceptable accuracy, but the amount of RAM, required for their operations, relates polynomially with the training sample volume. The deep neural networks provided the greatest accuracy, but they require considerable computing power for internal calculations.

URLhttps://ieeexplore.ieee.org/document/8570073
DOI10.1109/GloSIC.2018.8570073
Citation Keysokolov_research_2018