A Comparative Study of Time Series Anomaly Detection Models for Industrial Control Systems-Reference-Cited by-同舟云学术

A Comparative Study of Time Series Anomaly Detection Models for Industrial Control Systems

Published:2023-01-23 Issue:3 Volume:23 Page:1310
ISSN:1424-8220
Container-title:Sensors
language:en
Short-container-title:Sensors

Author:

Kim Bedeuro¹^ORCID,Alawami Mohsen Ali¹^ORCID,Kim Eunsoo¹,Oh Sanghak¹,Park Jeongyong²,Kim Hyoungshick¹^ORCID

Affiliation:

1. Department of Electrical and Computer Engineering, Sungkyunkwan University, 2066 Seobu-ro, Jangan-gu, Suwon-si 16419, Gyeonggi-do, Republic of Korea

2. Department of Computer Science and Engineering, Sungkyunkwan University, 2066 Seobu-ro, Jangan-gu, Suwon-si 16419, Gyeonggi-do, Republic of Korea

Abstract

Anomaly detection has been known as an effective technique to detect faults or cyber-attacks in industrial control systems (ICS). Therefore, many anomaly detection models have been proposed for ICS. However, most models have been implemented and evaluated under specific circumstances, which leads to confusion about choosing the best model in a real-world situation. In other words, there still needs to be a comprehensive comparison of state-of-the-art anomaly detection models with common experimental configurations. To address this problem, we conduct a comparative study of five representative time series anomaly detection models: InterFusion, RANSynCoder, GDN, LSTM-ED, and USAD. We specifically compare the performance analysis of the models in detection accuracy, training, and testing times with two publicly available datasets: SWaT and HAI. The experimental results show that the best model results are inconsistent with the datasets. For SWaT, InterFusion achieves the highest F1-score of 90.7% while RANSynCoder achieves the highest F1-score of 82.9% for HAI. We also investigate the effects of the training set size on the performance of anomaly detection models. We found that about 40% of the entire training set would be sufficient to build a model producing a similar performance compared to using the entire training set.

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Biochemistry,Instrumentation,Atomic and Molecular Physics, and Optics,Analytical Chemistry

Link

https://www.mdpi.com/1424-8220/23/3/1310/pdf

Reference64 articles.

1. Nawrocki, M., Schmidt, T.C., and Wählisch, M. (2020, January 20–24). Uncovering Vulnerable Industrial Control Systems from the Internet Core. Proceedings of the IEEE/IFIP Network Operations and Management Symposium, Budapest, Hungary.

2. Barbieri, G., Conti, M., Tippenhauer, N.O., and Turrin, F. (2020). Sorry, Shodan is not Enough! Assessing ICS Security via IXP Network Traffic Analysis. arXiv.

3. Di Pinto, A., Dragoni, Y., and Carcano, A. (2018, January 4–9). TRITON: The First ICS Cyber Attack on Safety Instrument Systems. Proceedings of the Black Hat USA, Las Vegas, NV, USA.

4. On Security Challenges and Open Issues in Internet of Things;Sha;Future Gener. Comput. Syst.,2018

5. Lab, K. (1997). Threat Landscape for Industrial Automation Systems in the Second Half of 2016, AO Kaspersky Lab. Technical Report.

Cited by 12 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Unsupervised novelty detection for time series using a deep learning approach;Heliyon;2024-02

2. Time Series Prediction in Industry 4.0: A Comprehensive Review and Prospects for Future Advancements;Applied Sciences;2023-11-15

3. Anomaly Detection for IOT Systems Using Active Learning;Applied Sciences;2023-11-04

4. TCF-Trans: Temporal Context Fusion Transformer for Anomaly Detection in Time Series;Sensors;2023-10-17

5. Digital Twins Temporal Dependencies-Based on Time Series Using Multivariate Long Short-Term Memory;Electronics;2023-10-09