Two-phase Dual COPOD Method for Anomaly Detection in Industrial Control System
This work addresses the need for transparent and interpretable anomaly detection in critical infrastructures like water treatment and power plants, though it appears incremental as it builds on existing COPOD methods.
The paper tackled the problem of anomaly detection in industrial control systems by proposing a two-phase dual COPOD method, which achieved superior performance with high F1-score and recall on three open-source datasets.
Critical infrastructures like water treatment facilities and power plants depend on industrial control systems (ICS) for monitoring and control, making them vulnerable to cyber attacks and system malfunctions. Traditional ICS anomaly detection methods lack transparency and interpretability, which make it difficult for practitioners to understand and trust the results. This paper proposes a two-phase dual Copula-based Outlier Detection (COPOD) method that addresses these challenges. The first phase removes unwanted outliers using an empirical cumulative distribution algorithm, and the second phase develops two parallel COPOD models based on the output data of phase 1. The method is based on empirical distribution functions, parameter-free, and provides interpretability by quantifying each feature's contribution to an anomaly. The method is also computationally and memory-efficient, suitable for low- and high-dimensional datasets. Experimental results demonstrate superior performance in terms of F1-score and recall on three open-source ICS datasets, enabling real-time ICS anomaly detection.