RNN-based Early Cyber-Attack Detection for the Tennessee Eastman Process
This work addresses cyber-attack detection for industrial control systems, but it is incremental as it adapts a previously proposed LSTM-based method to more complex data.
The authors tackled early cyber-attack detection in the Tennessee Eastman Process using an RNN-based forecasting approach on multivariate time series data, achieving results compared to DPCA with a focus on early detection metrics.
An RNN-based forecasting approach is used to early detect anomalies in industrial multivariate time series data from a simulated Tennessee Eastman Process (TEP) with many cyber-attacks. This work continues a previously proposed LSTM-based approach to the fault detection in simpler data. It is considered necessary to adapt the RNN network to deal with data containing stochastic, stationary, transitive and a rich variety of anomalous behaviours. There is particular focus on early detection with special NAB-metric. A comparison with the DPCA approach is provided. The generated data set is made publicly available.