Anomaly Detection for a Water Treatment System Using Unsupervised Machine Learning
This work addresses anomaly detection for cyber-physical systems like water treatment plants, but it is incremental as it applies existing methods to a specific dataset.
The paper tackled anomaly detection in a water treatment system by comparing unsupervised machine learning methods, finding that a Deep Neural Network (DNN) had fewer false positives and a slightly better F-measure than a one-class SVM, with both methods evaluated on 36 attack scenarios.
In this paper, we propose and evaluate the application of unsupervised machine learning to anomaly detection for a Cyber-Physical System (CPS). We compare two methods: Deep Neural Networks (DNN) adapted to time series data generated by a CPS, and one-class Support Vector Machines (SVM). These methods are evaluated against data from the Secure Water Treatment (SWaT) testbed, a scaled-down but fully operational raw water purification plant. For both methods, we first train detectors using a log generated by SWaT operating under normal conditions. Then, we evaluate the performance of both methods using a log generated by SWaT operating under 36 different attack scenarios. We find that our DNN generates fewer false positives than our one-class SVM while our SVM detects slightly more anomalies. Overall, our DNN has a slightly better F measure than our SVM. We discuss the characteristics of the DNN and one-class SVM used in this experiment, and compare the advantages and disadvantages of the two methods.