A Comparative Study of Time Series Anomaly Detection Models for Industrial Control Systems
Author:
Kim Bedeuro1ORCID, Alawami Mohsen Ali1ORCID, Kim Eunsoo1, Oh Sanghak1, Park Jeongyong2, Kim Hyoungshick1ORCID
Affiliation:
1. Department of Electrical and Computer Engineering, Sungkyunkwan University, 2066 Seobu-ro, Jangan-gu, Suwon-si 16419, Gyeonggi-do, Republic of Korea 2. Department of Computer Science and Engineering, Sungkyunkwan University, 2066 Seobu-ro, Jangan-gu, Suwon-si 16419, Gyeonggi-do, Republic of Korea
Abstract
Anomaly detection has been known as an effective technique to detect faults or cyber-attacks in industrial control systems (ICS). Therefore, many anomaly detection models have been proposed for ICS. However, most models have been implemented and evaluated under specific circumstances, which leads to confusion about choosing the best model in a real-world situation. In other words, there still needs to be a comprehensive comparison of state-of-the-art anomaly detection models with common experimental configurations. To address this problem, we conduct a comparative study of five representative time series anomaly detection models: InterFusion, RANSynCoder, GDN, LSTM-ED, and USAD. We specifically compare the performance analysis of the models in detection accuracy, training, and testing times with two publicly available datasets: SWaT and HAI. The experimental results show that the best model results are inconsistent with the datasets. For SWaT, InterFusion achieves the highest F1-score of 90.7% while RANSynCoder achieves the highest F1-score of 82.9% for HAI. We also investigate the effects of the training set size on the performance of anomaly detection models. We found that about 40% of the entire training set would be sufficient to build a model producing a similar performance compared to using the entire training set.
Subject
Electrical and Electronic Engineering,Biochemistry,Instrumentation,Atomic and Molecular Physics, and Optics,Analytical Chemistry
Reference64 articles.
1. Nawrocki, M., Schmidt, T.C., and Wählisch, M. (2020, January 20–24). Uncovering Vulnerable Industrial Control Systems from the Internet Core. Proceedings of the IEEE/IFIP Network Operations and Management Symposium, Budapest, Hungary. 2. Barbieri, G., Conti, M., Tippenhauer, N.O., and Turrin, F. (2020). Sorry, Shodan is not Enough! Assessing ICS Security via IXP Network Traffic Analysis. arXiv. 3. Di Pinto, A., Dragoni, Y., and Carcano, A. (2018, January 4–9). TRITON: The First ICS Cyber Attack on Safety Instrument Systems. Proceedings of the Black Hat USA, Las Vegas, NV, USA. 4. On Security Challenges and Open Issues in Internet of Things;Sha;Future Gener. Comput. Syst.,2018 5. Lab, K. (1997). Threat Landscape for Industrial Automation Systems in the Second Half of 2016, AO Kaspersky Lab. Technical Report.
Cited by
35 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
|
|