research-article

Deep Learning-based Anomaly Detection in Cyber-physical Systems: Progress and Opportunities

Authors:
Yuan Luo

Wuhan University, Hubei, China

Wuhan University, Hubei, China

0000-0002-5521-2516
View Profile

,
Ya Xiao

Virginia Tech, Blacksburg, VA

Virginia Tech, Blacksburg, VA
View Profile

,
Long Cheng

Clemson University, Clemson, SC

Clemson University, Clemson, SC
View Profile

,
Guojun Peng

Wuhan University, Hubei, China

Wuhan University, Hubei, China
View Profile

,
Danfeng (Daphne) Yao

Virginia Tech, Blacksburg, VA

Virginia Tech, Blacksburg, VA
View Profile

Authors Info & Claims

ACM Computing Surveys Volume 54 Issue 5Article No.: 106pp 1–36https://doi.org/10.1145/3453155

Published:25 May 2021Publication History

ACM Computing Surveys

Abstract

Anomaly detection is crucial to ensure the security of cyber-physical systems (CPS). However, due to the increasing complexity of CPSs and more sophisticated attacks, conventional anomaly detection methods, which face the growing volume of data and need domain-specific knowledge, cannot be directly applied to address these challenges. To this end, deep learning-based anomaly detection (DLAD) methods have been proposed. In this article, we review state-of-the-art DLAD methods in CPSs. We propose a taxonomy in terms of the type of anomalies, strategies, implementation, and evaluation metrics to understand the essential properties of current methods. Further, we utilize this taxonomy to identify and highlight new characteristics and designs in each CPS domain. Also, we discuss the limitations and open problems of these methods. Moreover, to give users insights into choosing proper DLAD methods in practice, we experimentally explore the characteristics of typical neural models, the workflow of DLAD methods, and the running performance of DL models. Finally, we discuss the deficiencies of DL approaches, our findings, and possible directions to improve DLAD methods and motivate future research.

References

Sebastian Berg. 2020. NumPy. https://numpy.org/.Google Scholar
Chuadhry Mujeeb Ahmed, Gauthama Raman M. R., and Aditya P. Mathur. 2020. Challenges in machine learning based approaches for real-time anomaly detection in industrial control systems. In Proceedings of the 6th ACM on Cyber-Physical System Security Workshop (Taipei, Taiwan) (CPSS ’20). Association for Computing Machinery, New York, NY, 23--29. DOI:https://doi.org/10.1145/3384941.3409588Google Scholar
Salman Ahmed, Ya Xiao, Kevin Z. Snow, Gang Tan, Fabian Monrose, and Danfeng (Daphne) Yao. 2020. Methodologies for quantifying (re-)randomization security and timing under JIT-ROP. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’20). Association for Computing Machinery, New York, NY, 1803--1820. DOI:https://doi.org/10.1145/3372297.3417248Google ScholarDigital Library
Luai Al Shalabi and Zyad Shaaban. 2006. Normalization as a preprocessing engine for data mining and the approach of preference matrix. In Proceedings of the International Conference on Dependability of Computer Systems. IEEE, 207--214.Google ScholarDigital Library
Mario Almeida, Stefanos Laskaridis, Ilias Leontiadis, Stylianos I. Venieris, and Nicholas D. Lane. 2019. EmBench: Quantifying performance variations of deep neural networks across modern commodity devices. In Proceedings of the 3rd International Workshop on Deep Learning for Mobile Systems and Applications. 1--6.Google Scholar
Kasun Amarasinghe and Milos Manic. 2018. Improving user trust on deep neural networks based intrusion detection systems. In Proceedings of the 44th Conference of the IEEE Industrial Electronics Society. IEEE, 3262--3268.Google ScholarCross Ref
CNN. 2020. Car assembly line robot kills worker in Germany. Retrieved from: https://www.cnn.com/2015/07/02/europe/germany-volkswagen-robot-kills-worker/index.html.Google Scholar
T. Athay, R. Podmore, and S. Virmani. 1979. A practical method for the direct analysis of transient stability. IEEE Trans. Pow. Apparat. Syst.2 (1979), 573--584.Google ScholarCross Ref
Arian Bär, Alessandro Finamore, Pedro Casas, Lukasz Golab, and Marco Mellia. 2014. Large-scale network traffic monitoring with DBStream, a system for rolling big data analysis. In Proceedings of the IEEE International Conference on Big Data (Big Data’14). IEEE, 165--170.Google ScholarCross Ref
Sagnik Basumallik, Rui Ma, and Sara Eftekharnejad. 2019. Packet-data anomaly detection in PMU-based state estimator using convolutional neural network. Int. J. Electric. Power Energy Syst. 107 (2019), 690--702.Google ScholarCross Ref
Debby Bezzina and James Sayer. 2014. Safety pilot model deployment: Test conductor team report. Report No. DOT HS 812 (2014), 171.Google Scholar
Karl Biron, Wael Bazzaza, Khalid Yaqoob, Amjad Gawanmeh, and Claude Fachkha. 2020. A big data fusion to profile CPS security threats against operational technology. In Proceedings of the IEEE 21st International Symposium on A World of Wireless, Mobile and Multimedia Networks (WoWMoM’20). IEEE, 397--402.Google ScholarCross Ref
Andrea Borghesi, Andrea Bartolini, Michele Lombardi, Michela Milano, and Luca Benini. 2019. Anomaly detection using autoencoders in high performance computing systems. In Proceedings of the AAAI Conference on Artificial Intelligence, Vol. 33. 9428--9433.Google ScholarDigital Library
Markus M. Breunig, Hans-Peter Kriegel, Raymond T. Ng, and Jörg Sander. 2000. LOF: Identifying density-based local outliers. In Proceedings of the ACM SIGMOD International Conference on Management of Data. 93--104.Google ScholarDigital Library
Mikel Canizo, Isaac Triguero, Angel Conde, and Enrique Onieva. 2019. Multi-head CNN–RNN for multi-time series anomaly detection: An industrial case study. Neurocomputing 363 (2019), 246--260.Google ScholarDigital Library
Z. Berkay Celik, Earlence Fernandes, Eric Pauley, Gang Tan, and Patrick McDaniel. 2019. Program analysis of commodity IoT applications for security and privacy: Challenges and opportunities. ACM Comput. Surv. 52, 4 (2019), 1--30.Google ScholarDigital Library
Raghavendra Chalapathy and Sanjay Chawla. 2019. Deep learning for anomaly detection: A survey. arXiv preprint arXiv:1901.03407 (2019).Google Scholar
Varun Chandola, Arindam Banerjee, and Vipin Kumar. 2009. Anomaly detection: A survey. ACM Comput. Surv. 41, 3 (2009), 15.Google ScholarDigital Library
Long Cheng, Ke Tian, and Danfeng Yao. 2017. Orpheus: Enforcing cyber-physical execution semantics to defend against data-oriented attacks. In Proceedings of the 33rd Computer Security Applications Conference. 315--326.Google ScholarDigital Library
Yulia Cherdantseva, Pete Burnap, Andrew Blyth, Peter Eden, Kevin Jones, Hugh Soulsby, and Kristan Stoddart. 2016. A review of cyber security risk assessment methods for SCADA systems. Comput. Secur. 56 (2016), 1--27.Google ScholarDigital Library
Kyong-Tak Cho and Kang G. Shin. 2016. Fingerprinting electronic control units for vehicle intrusion detection. In Proceedings of the 25th USENIX Security Symposium (USENIX Security’16). 911--927.Google Scholar
Alysha M. De Livera, Rob J. Hyndman, and Ralph D. Snyder. 2011. Forecasting time series with complex seasonal patterns using exponential smoothing. J. Amer. Statist. Assoc. 106, 496 (2011), 1513--1527.Google ScholarCross Ref
Qingyu Deng and Jian Sun. 2018. False data injection attack detection in a power grid using RNN. In Proceedings of the 44th Conference of the IEEE Industrial Electronics Society. IEEE, 5983--5988.Google ScholarCross Ref
Min Du, Feifei Li, Guineng Zheng, and Vivek Srikumar. 2017. DeepLog: Anomaly detection and diagnosis from system logs through deep learning. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. 1285--1298.Google ScholarDigital Library
Benedikt Eiteneuer, Nemanja Hranisavljevic, and Oliver Niggemann. 2019. Dimensionality reduction and anomaly detection for CPPS data using autoencoder. DOI:https://doi.org/10.1109/ICIT.2019.8755116Google Scholar
Mellitus Ezeme, Akramul Azim, and Qusay H. Mahmoud. 2017. An imputation-based augmented anomaly detection from large traces of operating system events. In Proceedings of the 4th IEEE/ACM International Conference on Big Data Computing, Applications and Technologies. 43--52.Google Scholar
Mellitus O. Ezeme, Qusay H. Mahmoud, and Akramul Azim. 2018. Hierarchical attention-based anomaly detection model for embedded operating systems. In Proceedings of the IEEE 24th International Conference on Embedded and Real-time Computing Systems and Applications (RTCSA’18). IEEE, 225--231.Google ScholarCross Ref
Okwudili M. Ezeme, Michael Lescisin, Qusay H. Mahmoud, and Akramul Azim. 2019. DeepAnom: An ensemble deep framework for anomaly detection in system processes. In Proceedings of the Canadian Conference on Artificial Intelligence. Springer, 549--555.Google ScholarDigital Library
Okwudili M. Ezeme, Qusay H. Mahmoud, and Akramul Azim. 2019. Dream: Deep recursive attentive model for anomaly detection in kernel events. IEEE Access 7 (2019), 18860--18870.Google ScholarCross Ref
Cheng Fan, Fu Xiao, Yang Zhao, and Jiayuan Wang. 2018. Analytical investigation of autoencoder-based methods for unsupervised anomaly detection in building energy data. Appl. Energy 211 (2018), 1123--1135.Google ScholarCross Ref
Cheng Feng, Tingting Li, and Deeph Chana. 2017. Multi-level anomaly detection in industrial control systems via package signatures and LSTM networks. In Proceedings of the 47th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN’17). IEEE, 261--272.Google ScholarCross Ref
P. Ferrari, S. Rinaldi, E. Sisinni, F. Colombo, F. Ghelfi, D. Maffei, and M. Malara. 2019. Performance evaluation of full-cloud and edge-cloud architectures for industrial IoT anomaly detection based on deep learning. In Proceedings of the Workshop on Metrology for Industry 4.0 and IoT (MetroInd4.0 & IoT’19). IEEE, 420--425.Google Scholar
FireEye. 2020. A View into the Top 20 Cyber Attacks on ICS Networks | FireEye. Retrieved from: https://www.fireeye.com/solutions/industrial-systems-and-critical-infrastructure-security/wp-top-20-cyberattacks.html.Google Scholar
Flightradar24. 2019. Live Flight Tracker - Real-Time Flight Tracker Map. Retrieved from: https://www.flightradar24.com/.Google Scholar
Amin Ghafouri, Waseem Abbas, Aron Laszka, Yevgeniy Vorobeychik, and Xenofon Koutsoukos. 2016. Optimal thresholds for anomaly-based intrusion detection in dynamical environments. In Proceedings of the International Conference on Decision and Game Theory for Security. Springer, 415--434.Google ScholarDigital Library
Jairo Giraldo, David Urbina, Alvaro Cardenas, Junia Valente, Mustafa Faisal, Justin Ruths, Nils Ole Tippenhauer, Henrik Sandberg, and Richard Candell. 2018. A survey of physics-based attack detection in cyber-physical systems. ACM Comput. Surv. 51, 4 (2018), 1--36.Google ScholarDigital Library
Ioana Giurgiu and Anika Schumann. 2019. Additive explanations for anomalies detected from multivariate temporal data. In Proceedings of the 28th ACM International Conference on Information and Knowledge Management. 2245--2248.Google ScholarDigital Library
Jonathan Goh, Sridhar Adepu, Khurum Nazir Junejo, and Aditya Mathur. 2016. A dataset to support research in the design of secure water treatment systems. In Proceedings of the International Conference on Critical Information Infrastructures Security. Springer, 88--99.Google Scholar
Jonathan Goh, Sridhar Adepu, Marcus Tan, and Zi Shan Lee. 2017. Anomaly detection in cyber physical systems using recurrent neural networks. In Proceedings of the IEEE 18th International Symposium on High Assurance Systems Engineering (HASE’17). IEEE, 140--145.Google ScholarCross Ref
Dong Gong, Lingqiao Liu, Vuong Le, Budhaditya Saha, Moussa Reda Mansour, Svetha Venkatesh, and Anton van den Hengel. 2019. Memorizing normality to detect anomaly: Memory-augmented deep autoencoder for unsupervised anomaly detection. In Proceedings of the IEEE International Conference on Computer Vision. 1705--1714.Google Scholar
Lachlan Gunn, Peter Smet, Edward Arbon, and Mark D. McDonnell. 2018. Anomaly detection in satellite communications systems using LSTM networks. In Proceedings of the Military Communications and Information Systems Conference (MilCIS’18). IEEE, 1--6.Google Scholar
Edan Habler and Asaf Shabtai. 2018. Using LSTM encoder-decoder algorithm for detecting anomalous ADS-B messages. Comput. Secur. 78 (2018), 155--173.Google ScholarCross Ref
Waqas Haider, Jiankun Hu, Yi Xie, Xinghuo Yu, and Qianhong Wu. 2017. Detecting anomalous behavior in cloud servers by nested arc hidden SEMI-Markov model with state summarization. IEEE Trans. Big Data 5, 3 (2017).Google Scholar
Y. He, G. Meng, K. Chen, X. Hu, and J. He. 2020. Towards security threats of deep learning systems: A survey. IEEE Trans. Softw. Eng. (Nov. 2020). DOI:https://doi.org/10.1109/TSE.2020.3034721Google Scholar
Ryan Heartfield, George Loukas, Sanja Budimir, Anatolij Bezemskij, Johnny R. J. Fontaine, Avgoustinos Filippoupolitis, and Etienne Roesch. 2018. A taxonomy of cyber-physical threats and impact in the smart home. Comput. Secur. 78 (2018), 398--428.Google ScholarCross Ref
Yi Huang, Mohammad Esmalifalak, Huy Nguyen, Rong Zheng, Zhu Han, Husheng Li, and Lingyang Song. 2013. Bad data injection in smart grid: Attack and defense mechanisms. IEEE Commun. Mag. 51, 1 (2013), 27--33.Google ScholarCross Ref
Kyle Hundman, Valentino Constantinou, Christopher Laporte, Ian Colwell, and Tom Soderstrom. 2018. Detecting spacecraft anomalies using LSTMs and nonparametric dynamic thresholding. In Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining. ACM, 387--395.Google ScholarDigital Library
Jun Inoue, Yoriyuki Yamagata, Yuqi Chen, Christopher M. Poskitt, and Jun Sun. 2017. Anomaly detection for a water treatment system using unsupervised machine learning. In Proceedings of the IEEE International Conference on Data Mining Workshops (ICDMW’17). IEEE, 1058--1065.Google ScholarCross Ref
Aya Abdelsalam Ismail, Mohamed Gunady, Hector Corrada Bravo, and Soheil Feizi. 2020. Benchmarking deep learning interpretability in time series predictions. Adv. Neural Inf. Proc. Syst. 33 (2020).Google Scholar
iTrust Labs. 2019. iTrust Labs_Dataset Info. Retrieved from: https://itrust.sutd.edu.sg/itrust_labs_datasets/dataset_info/#swat.Google Scholar
Camil Jichici, Bogdan Groza, and Pal-Stefan Murvay. 2018. Examining the use of neural networks for intrusion detection in controller area networks. In Proceedings of the International Conference on Security for Information Technology and Communications. Springer, 109--125.Google Scholar
Kaspersky. 2019. Threat landscape for industrial automation systems, H1 2019. Retrieved from: https://ics-cert.kaspersky.com/reports/2019/09/30/threat-landscape-for-industrial-automation-systems-h1-2019/.Google Scholar
Haider Adnan Khan, Nader Sehatbakhsh, Luong N. Nguyen, Milos Prvulovic, and Alenka Zajić. 2019. Malware detection in embedded systems using neural network model for electromagnetic side-channel signals. J. Hardw. Syst. Secur. 3, 4 (2019), 305--318.Google ScholarCross Ref
Eshaan Khanapuri, Tarun Chintalapati, Rajnikant Sharma, and Ryan Gerdes. 2019. Learning-based adversarial agent detection and identification in cyber physical systems applied to autonomous vehicular platoon. In Proceedings of the IEEE/ACM 5th International Workshop on Software Engineering for Smart Cyber-Physical Systems (SEsCPS’19). IEEE, 39--45.Google ScholarDigital Library
Tung Kieu, Bin Yang, and Christian S. Jensen. 2018. Outlier detection for multidimensional time series using deep neural networks. In Proceedings of the 19th IEEE International Conference on Mobile Data Management (MDM’18). IEEE, 125--134.Google Scholar
Diederik P. Kingma and Max Welling. 2013. Auto-encoding variational bayes. arXiv preprint arXiv:1312.6114 (2013).Google Scholar
Oliver Kosut, Liyan Jia, Robert J. Thomas, and Lang Tong. 2011. Malicious data attacks on the smart grid. IEEE Trans. Smart Grid 2, 4 (2011), 645--658.Google ScholarCross Ref
Moshe Kravchik and Asaf Shabtai. 2018. Detecting cyber attacks in industrial control systems using convolutional neural networks. In Proceedings of the Workshop on Cyber-physical Systems Security and PrivaCy. ACM, 72--83.Google ScholarDigital Library
Adrien Legrand, Brad Niepceron, Alain Cournier, and Harold Trannois. 2018. Study of autoencoder neural networks for anomaly detection in connected buildings. In Proceedings of the IEEE Global Conference on Internet of Things (GCIoT’18). IEEE, 1--5.Google ScholarCross Ref
Dan Li, Dacheng Chen, Baihong Jin, Lei Shi, Jonathan Goh, and See-Kiong Ng. 2019. MAD-GAN: Multivariate anomaly detection for time series data with generative adversarial networks. In Proceedings of the International Conference on Artificial Neural Networks. Springer, 703--716.Google ScholarDigital Library
Yidong Li, Li Zhang, Zhuo Lv, and Wei Wang. 2021. Detecting anomalies in intelligent vehicle charging and station power supply systems with multi-head attention models. IEEE Trans. Intell. Transport. Syst. 22, 1 (2021), 555--564.Google ScholarDigital Library
Zhe Li, Jingyue Li, Yi Wang, and Kesheng Wang. 2019. A deep learning approach for anomaly detection based on SAE and LSTM in mechanical equipment. Int. J. Adv. Manuf. Technol. 103, 1 (2019), 499--510.Google ScholarCross Ref
Benjamin Lindemann, Fabian Fesenmayr, Nasser Jazdi, and Michael Weyrich. 2019. Anomaly detection in discrete manufacturing using self-learning approaches. Procedia CIRP 79 (2019), 313--318.Google ScholarCross Ref
Yao Liu, Peng Ning, and Michael K. Reiter. 2011. False data injection attacks against state estimation in electric power grids. ACM Trans. Inf. Syst. Secur. 14, 1 (2011), 13.Google ScholarDigital Library
Yuriy Zacchia Lun, Alessandro D’Innocenzo, Francesco Smarra, Ivano Malavolta, and Maria Domenica Di Benedetto. 2019. State of the art of cyber-physical systems security: An automatic control perspective. J. Syst. Softw. 149 (2019), 174--216.Google ScholarCross Ref
Larry M. Manevitz and Malik Yousef. 2001. One-class SVMs for document classification. J. Mach. Learn. Res. 2, Dec. (2001), 139--154.Google Scholar
Aditya P. Mathur and Nils Ole Tippenhauer. 2016. SWaT: A water treatment testbed for research and training on ICS security. In Proceedings of the International Workshop on Cyber-physical Systems for Smart Water Networks (CySWater’16). IEEE, 31--36.Google Scholar
MATPOWER. 2019. Open-source tools for electric power system simulation and optimization. Retrieved from: https://matpower.org/.Google Scholar
Dongyu Meng and Hao Chen. 2017. Magnet: A two-pronged defense against adversarial examples. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. 135--147.Google ScholarDigital Library
Robert Mitchell and Ing-Ray Chen. 2014. A survey of intrusion detection techniques for cyber-physical systems. ACM Comput. Surv. 46, 4 (2014), 1--29.Google ScholarDigital Library
Yilin Mo and Bruno Sinopoli. 2010. False data injection attacks in control systems. In Preprints of the 1st Workshop on Secure Control Systems. 1--6.Google Scholar
Yilin Mo and Bruno Sinopoli. 2012. Integrity attacks on cyber-physical systems. In Proceedings of the 1st International Conference on High Confidence Networked Systems. 47--54.Google ScholarDigital Library
Mehdi Mohammadi, Ala Al-Fuqaha, Sameh Sorour, and Mohsen Guizani. 2018. Deep learning for IoT big data and streaming analytics: A survey. IEEE Commun. Surv. Tutor. 20, 4 (2018), 2923--2960.Google ScholarDigital Library
Khosrow Moslehi and Ranjit Kumar. 2010. A reliability perspective of the smart grid. IEEE Trans. Smart Grid 1, 1 (2010), 57--64.Google ScholarCross Ref
Anvardh Nanduri and Lance Sherry. 2016. Anomaly detection in aircraft data using recurrent neural networks (RNN). In Proceedings of the Integrated Communications Navigation and Surveillance (ICNS’16). IEEE, 5C2--1.Google ScholarCross Ref
Sandeep Nair Narayanan, Anupam Joshi, and Ranjan Bose. 2020. ABATe: Automatic behavioral abstraction technique to detect anomalies in smartcyber-physical systems. IEEE Trans. Depend. Sec. Comput. (2020). DOI:10.1109/TDSC.2020.3034331Google Scholar
Sajid Nazir, Shushma Patel, and Dilip Patel. 2017. Assessing and augmenting SCADA cyber security: A survey of techniques. Comput. Secur. 70 (2017), 436--454.Google ScholarCross Ref
Xiangyu Niu, Jiangnan Li, Jinyuan Sun, and Kevin Tomsovic. 2019. Dynamic detection of false data injection attack in smart grid using deep learning. In Proceedings of the IEEE Power & Energy Society Innovative Smart Grid Technologies Conference (ISGT’19). IEEE, 1--6.Google ScholarCross Ref
Daehyung Park, Yuuna Hoshi, and Charles C. Kemp. 2018. A multimodal anomaly detector for robot-assisted feeding using an LSTM-based variational autoencoder. IEEE Robot. Automat. Lett. 3, 3 (2018), 1544--1551.Google ScholarCross Ref
Neehar Peri, Pirazh Khorramshahi, Sai Saketh Rambhatla, Vineet Shenoy, Saumya Rawat, Jun-Cheng Chen, and Rama Chellappa. 2020. Towards real-time systems for vehicle re-identification, multi-camera tracking, and anomaly detection. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops. 622--623.Google ScholarCross Ref
Eric Ras, Fridolin Wild, Christoph Stahl, and Alexandre Baudet. 2017. Bridging the skills gap of workers in Industry 4.0 by human performance augmentation tools: Challenges and roadmap. In Proceedings of the 10th International Conference on PErvasive Technologies Related to Assistive Environments. 428--432.Google ScholarDigital Library
Orbis Research. 2020. Global Cyber Physical System Market 2020 by Company, Regions, Type and Application, Forecast to 2025 | Orbis Research. Retrieved from: https://www.orbisresearch.com/reports/index/global-cyber-physical-system-market-2020-by-company-regions-type-and-application-forecast-to-2025.Google Scholar
Danilo Jimenez Rezende and Shakir Mohamed. 2015. Variational inference with normalizing flows. arXiv preprint arXiv:1505.05770 (2015).Google Scholar
Michele Russo, Maxime Labonne, Alexis Olivereau, and Mohammad Rmayti. 2018. Anomaly detection in vehicle-to-infrastructure communications. In Proceedings of the IEEE 87th Vehicular Technology Conference (VTC Spring’18). IEEE, 1--6.Google ScholarCross Ref
Ahmed Salem, Apratim Bhattacharya, Michael Backes, Mario Fritz, and Yang Zhang. 2020. Updates-leak: Data set inference and reconstruction attacks in online learning. In Proceedings of the 29th USENIX Security Symposium (USENIX Security’20). 1291--1308.Google Scholar
Mahmoud Salem, Mark Crowley, and Sebastian Fischmeister. 2016. Anomaly detection using inter-arrival curves for real-time systems. In Proceedings of the 28th Euromicro Conference on Real-Time Systems (ECRTS’16). IEEE, 97--106.Google ScholarCross Ref
Jürgen Schmidhuber. 2015. Deep learning in neural networks: An overview. Neural Netw. 61 (2015), 85--117.Google ScholarDigital Library
Peter Schneider and Konstantin Böttinger. 2018. High-performance unsupervised anomaly detection for cyber-physical system networks. In Proceedings of the Workshop on Cyber-physical Systems Security and PrivaCy. ACM, 1--12.Google ScholarDigital Library
Xiaokui Shu, Danfeng Yao, and Naren Ramakrishnan. 2015. Unearthing stealthy program attacks buried in extremely long execution paths. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. 401--413.Google ScholarDigital Library
Alban Siffer, Pierre-Alain Fouque, Alexandre Termier, and Christine Largouet. 2017. Anomaly detection in streams with extreme value theory. In Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM, 1067--1075.Google ScholarDigital Library
Prabhu Teja Sivaprasad, Florian Mai, Thijs Vogels, Martin Jaggi, and Francois Fleuret. 2020. Optimizer benchmarking needs to account for hyperparameter tuning. In Proceedings of the International Conference on Machine Learning. PMLR, 9036--9045.Google Scholar
Ya Su, Youjian Zhao, Chenhao Niu, Rong Liu, Wei Sun, and Dan Pei. 2019. Robust anomaly detection for multivariate time series through stochastic recurrent neural network. In Proceedings of the 25th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining. ACM, 2828--2837.Google ScholarDigital Library
Shahroz Tariq, Sangyup Lee, Youjin Shin, Myeong Shin Lee, Okchul Jung, Daewon Chung, and Simon S. Woo. 2019. Detecting anomalies in space using multivariate convolutional LSTM with mixtures of probabilistic PCA. In Proceedings of the 25th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining. ACM, 2123--2133.Google Scholar
Norman L. Tasfi, Wilson A. Higashino, Katarina Grolinger, and Miriam A. M. Capretz. 2017. Deep neural networks with confidence sampling for electrical anomaly detection. In Proceedings of the IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). IEEE, 1038--1045.Google Scholar
Adrian Taylor, Sylvain Leblanc, and Nathalie Japkowicz. 2016. Anomaly detection in automobile control network data with long short-term memory networks. In Proceedings of the IEEE International Conference on Data Science and Advanced Analytics (DSAA’16). IEEE, 130--139.Google ScholarCross Ref
Keras Team. 2019. Keras documentation: About Keras. Retrieved from https://keras.io/about/.Google Scholar
Franco van Wyk, Yiyang Wang, Anahita Khojandi, and Neda Masoud. 2019. Real-time sensor anomaly detection and identification in automated vehicles. IEEE Trans. Intell. Transport. Syst. 21, 3 (2019), 1264--1276.Google ScholarCross Ref
Eric Veith, Lars Fischer, Martin Tröschel, and Astrid Nieße. 2019. Analyzing cyber-physical systems from the perspective of artificial intelligence. arXiv preprint arXiv:1908.11779 (2019).Google Scholar
Bolun Wang, Yuanshun Yao, Bimal Viswanath, Haitao Zheng, and Ben Y. Zhao. 2018. With great training comes great vulnerability: Practical attacks against transfer learning. In Proceedings of the 27th USENIX Security Symposium (USENIXSecurity’18). 1281--1297.Google Scholar
Huaizhi Wang, Jiaqi Ruan, Zhengwei Ma, Bin Zhou, Xueqian Fu, and Guangzhong Cao. 2019. Deep learning aided interval state prediction for improving cyber security in energy internet. Energy 174 (2019), 1292--1304.Google ScholarCross Ref
Jingyu Wang, Dongyuan Shi, Yinhong Li, Jinfu Chen, Hongfa Ding, and Xianzhong Duan. 2018. Distributed framework for detecting PMU data manipulation attacks with deep autoencoders. IEEE Trans. Smart Grid 10, 4 (2018), 4401--4410.Google ScholarCross Ref
Wenye Wang and Zhuo Lu. 2013. Cyber security in the smart grid: Survey and challenges. Comput. Netw. 57, 5 (2013), 1344--1371.Google ScholarCross Ref
Xiaofei Wang, Yiwen Han, Chenyang Wang, Qiyang Zhao, Xu Chen, and Min Chen. 2019. In-edge AI: Intelligentizing mobile edge computing, caching and communication by federated learning. IEEE Netw. 33, 5 (2019), 156--165.Google ScholarDigital Library
Yawei Wang, Donghui Chen, Cheng Zhang, Xi Chen, Baogui Huang, and Xiuzhen Cheng. 2019. Wide and recurrent neural networks for detection of false data injection in smart grids. In Proceedings of the International Conference on Wireless Algorithms, Systems, and Applications. Springer, 335--345.Google ScholarCross Ref
Wikipedia. 2020. December 2015 Ukraine power grid cyberattack. Retrieved from: https://en.wikipedia.org/w/index.php?title=December_2015_Ukraine_power_grid_cyberattack&oldid=920905638.Google Scholar
Wikipedia. 2020. List of self-driving car fatalities. Retrieved from: https://en.wikipedia.org/w/index.php?title=List_of_self-driving_car_fatalities&oldid=928100815.Google Scholar
Wikipedia. 2020. Stuxnet. Retrieved from: https://en.wikipedia.org/w/index.php?title=Stuxnet&oldid=939556423.Google Scholar
Zhenyu Wu, Yang Guo, Wenfang Lin, Shuyang Yu, and Yang Ji. 2018. A weighted deep representation learning model for imbalanced fault diagnosis in cyber-physical systems. Sensors 18, 4 (2018), 1096.Google ScholarCross Ref
Yu-jun Xiao, Wen-yuan Xu, Zhen-hua Jia, Zhuo-ran Ma, and Dong-lian Qi. 2017. NIPAD: A non-invasive power-based anomaly detection scheme for programmable logic controllers. Front. Inf. Technol. Electron. Eng. 18, 4 (2017), 519--534.Google ScholarCross Ref
Le Xie, Yilin Mo, and Bruno Sinopoli. 2010. False data injection attacks in electricity markets. In Proceedings of the 1st IEEE International Conference on Smart Grid Communications. IEEE, 226--231.Google ScholarCross Ref
Guowen Xu, Hongwei Li, Hao Ren, Kan Yang, and Robert H. Deng. 2019. Data security issues in deep learning: Attacks, countermeasures, and opportunities. IEEE Commun. Mag. 57, 11 (2019), 116--122.Google ScholarDigital Library
Kui Xu, Ke Tian, Danfeng Yao, and Barbara G. Ryder. 2016. A sharper sense of self: Probabilistic reasoning of program behaviors for anomaly detection with context sensitivity. In Proceedings of the 46th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN’16). IEEE, 467--478.Google Scholar
Danfeng Yao, Xiaokui Shu, Long Cheng, and Salvatore J. Stolfo. 2017. Anomaly detection as a service: Challenges, advances, and opportunities. Synth. Lect. Inf. Secur., Priv., Trust 9, 3 (2017), 1--173.Google ScholarCross Ref
Houssam Zenati, Chuan Sheng Foo, Bruno Lecouat, Gaurav Manek, and Vijay Ramaseshan Chandrasekhar. 2018. Efficient GAN-based anomaly detection. arXiv preprint arXiv:1802.06222 (2018).Google Scholar
Chuxu Zhang, Dongjin Song, Yuncong Chen, Xinyang Feng, Cristian Lumezanu, Wei Cheng, Jingchao Ni, Bo Zong, Haifeng Chen, and Nitesh V. Chawla. 2019. A deep neural network for unsupervised anomaly detection and diagnosis in multivariate time series data. In Proceedings of the AAAI Conference on Artificial Intelligence. 1409--1416.Google Scholar
Hao Zhang, Danfeng Daphne Yao, Naren Ramakrishnan, and Zhibin Zhang. 2016. Causality reasoning about network events for detecting stealthy malware activities. Comput. Secur. 58 (2016), 180--198.Google ScholarDigital Library
Mu Zhang, Chien-Ying Chen, Bin-Chou Kao, Yassine Qamsane, Yuru Shao, Yikai Lin, Elaine Shi, Sibin Mohan, Kira Barton, James Moyne et al. 2019. Towards automated safety vetting of PLC code in real-world plants. In Proceedings of the IEEE Symposium on Security and Privacy (SP’19). IEEE, 522--538.Google ScholarCross Ref
Xinyang Zhang, Ningfei Wang, Hua Shen, Shouling Ji, Xiapu Luo, and Ting Wang. 2020. Interpretable deep learning under fire. In Proceedings of the 29th USENIX Security Symposium (USENIX Security’20).Google ScholarDigital Library
Y. Zhang, V. V. G. Krishnan, J. Pi, K. Kaur, A. Srivastava, A. Hahn, and S. Suresh. 2019. Cyber physical security analytics for transactive energy systems. IEEE Trans. Smart Grid 11, 2 (2019), 931--941.Google ScholarCross Ref
Konglin Zhu, Zhicheng Chen, Yuyang Peng, and Lin Zhang. 2019. Mobile edge assisted literal multi-dimensional anomaly detection of in-vehicle network using LSTM. IEEE Trans.Vehic. Technol. 68, 5 (2019), 4275--4284.Google ScholarCross Ref
Zahra Zohrevand, Uwe Glässer, Mohammad A. Tayebi, Hamed Yaghoubi Shahir, Mehdi Shirmaleki, and Amir Yaghoubi Shahir. 2017. Deep learning based forecasting of critical infrastructure data. In Proceedings of the ACM on Conference on Information and Knowledge Management. ACM, 1129--1138.Google ScholarDigital Library
Bo Zong, Qi Song, Martin Renqiang Min, Wei Cheng, Cristian Lumezanu, Daeki Cho, and Haifeng Chen. 2018. Deep autoencoding Gaussian mixture model for unsupervised anomaly detection. In Proceedings of the 6th International Conference on Learning Representations (ICLR'18).Google Scholar

Index Terms

Deep Learning-based Anomaly Detection in Cyber-physical Systems: Progress and Opportunities
1. Computer systems organization
  1. Embedded and cyber-physical systems
2. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation

Recommendations

Time Series Anomaly Detection for Cyber-physical Systems via Neural System Identification and Bayesian Filtering
KDD '21: Proceedings of the 27th ACM SIGKDD Conference on Knowledge Discovery & Data Mining

Recent advances in AIoT technologies have led to an increasing popularity of utilizing machine learning algorithms to detect operational failures for cyber-physical systems (CPS). In its basic form, an anomaly detection module monitors the sensor ...
Read More
Deep Learning for Anomaly Detection: Challenges, Methods, and Opportunities
WSDM '21: Proceedings of the 14th ACM International Conference on Web Search and Data Mining

In this tutorial we aim to present a comprehensive survey of the advances in deep learning techniques specifically designed for anomaly detection (deep anomaly detection for short). Deep learning has gained tremendous success in transforming many data ...
Read More
Deep Learning for Anomaly Detection
WSDM '20: Proceedings of the 13th International Conference on Web Search and Data Mining

Anomaly detection has been widely studied and used in diverse applications. Building an effective anomaly detection system requires the researchers/developers to learn the complex structure from noisy data, identify the dynamic anomaly patterns and ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Computing Surveys Volume 54, Issue 5
June 2022
719 pages
ISSN:0360-0300
EISSN:1557-7341
DOI:10.1145/3467690
Editor:
Albert Zomaya
University of Sydney, Australia
Issue’s Table of Contents
Copyright © 2021 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 25 May 2021
- Accepted: 1 February 2021
- Revised: 1 December 2020
- Received: 1 March 2020
Published in csur Volume 54, Issue 5

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Deep learning
anomaly detection
cyber-physical systems
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 64
  Total Citations
  View Citations
- 2,630
  Total Downloads
- Downloads (Last 12 months)803
- Downloads (Last 6 weeks)88
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format .

View HTML Format

Deep Learning-based Anomaly Detection in Cyber-physical Systems: Progress and Opportunities

ACM Computing Surveys

Abstract

References

Cited By

Index Terms

Recommendations

Time Series Anomaly Detection for Cyber-physical Systems via Neural System Identification and Bayesian Filtering

Deep Learning for Anomaly Detection: Challenges, Methods, and Opportunities

Deep Learning for Anomaly Detection