Log-based Anomaly Detection of CPS Using a Statistical Method
This work addresses anomaly detection for cyber-physical systems, which is important for autonomous operation in unpredictable environments, but it is incremental as it applies an existing statistical method to a new domain.
The authors tackled anomaly detection in cyber-physical systems by applying an outlier detection method to logs from an aquarium management system, confirming that it detected actual faults like mutual exclusion failures, transient losses, and unexpected reboots, but missed some anomalies and reported false positives.
Detecting anomalies of a cyber physical system (CPS), which is a complex system consisting of both physical and software parts, is important because a CPS often operates autonomously in an unpredictable environment. However, because of the ever-changing nature and lack of a precise model for a CPS, detecting anomalies is still a challenging task. To address this problem, we propose applying an outlier detection method to a CPS log. By using a log obtained from an actual aquarium management system, we evaluated the effectiveness of our proposed method by analyzing outliers that it detected. By investigating the outliers with the developer of the system, we confirmed that some outliers indicate actual faults in the system. For example, our method detected failures of mutual exclusion in the control system that were unknown to the developer. Our method also detected transient losses of functionalities and unexpected reboots. On the other hand, our method did not detect anomalies that were too many and similar. In addition, our method reported rare but unproblematic concurrent combinations of operations as anomalies. Thus, our approach is effective at finding anomalies, but there is still room for improvement.