ABATe: Automatic Behavioral AbstractionTechnique to Detect Anomalies in SmartCyber-Physical Systems

Date

2020-10-28

Department

Program

Citation of Original Publication

Narayanan, Sandeep Nair; Joshi, Anupam; Bose, Ranjan; ABATe: Automatic Behavioral AbstractionTechnique to Detect Anomalies in SmartCyber-Physical Systems; IEEE Transactions on Dependable and Secure Computing ( Early Access ), pages 1-1, 28 October, 2020; https://doi.org/10.1109/TDSC.2020.3034331

Rights

This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
© 2020 IEEE.  Personal use of this material is permitted.  Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Subjects

Abstract

Detecting anomalies and attacks in smart cyber-physical systems are of paramount importance owing to their growing prominence in controlling critical systems. However, this is a challenging task due to the heterogeneity and variety of components of a CPS, and the complex relationships between sensed values and potential attacks or anomalies. Such complex relationships are results of physical constraints and domain norms which exist in many CPS domains. In this paper, we propose ABATe, an Automatic Behavioral Abstraction Technique based on Neural Networks for detecting anomalies in smart cyber-physical systems. Unlike traditional techniques which abstract the statistical properties of different sensor values, ABATe learns complex relationships between event vectors from normal operational data available in abundance with smart CPS and uses this abstracted model to detect anomalies. ABATe detected more than 88% of attacks in the publicly available SWaT dataset featuring data from a scaled down Sewage Water Treatment plant with a very low false positive rate of 1%. We also evaluated our technique's ability to capture domain semantics and multi-domain adaptability using a real-world automotive dataset, as well as a synthetic dataset.