Project Update: Securing Cyber-Physical Systems With Two-Level Anomaly Detection Strategy

Friday 07th June 2024

Project Overview 

Last month, the work of our Cyber-Physical Systems team, Dr Andrei Petrovski and Cyber-Physical Systems Research Fellow, Dr Zeeshan Ahmad was presented at the 7th IEEE International Conference on Industrial Cyber-Physical Systems (ICPS) in St. Louis, USA. The paper, titled ‘Securing Cyber-Physical Systems With Two-Level Anomaly Detection Strategy’, introduces a two-level detection strategy to secure Cyber-Physical Systems (CPSs) from all types of anomalies. The proposed solution is evaluated using the network and physical data from the Water Distribution Testbed (WDT) dataset, showcasing its effectiveness through high evaluation metric scores achieved on both dataset types. 

What Are Cyber-Physical Systems?  

Cyber-Physical Systems form an important component of the Industrial Internet-of-Things (IIoT) and are believed to be a key element in the Industry 4.0 revolution. CPSs represent the integration of cyber components with physical ones. The cyber side handles computing, networking and control structures, ensuring that industrial systems can operate, connect and work efficiently, while the physical component includes the manufacturing and automation systems, using industrial devices to perform specific production and automation tasks. Due to technological advancements in the past decade, CPSs have become increasingly popular and are embraced by major industries such as smart grids, oil and natural gas pipelines and wastewater treatment plants. 

What Are CPS Threats? 

The complexity of CPSs and the widespread connectivity of interconnected devices to cyberspace make them more vulnerable to threats that can impact their reliability, safety and security. These threats can target both the cyber and physical components of CPSs. Cyber threats include cyber-attacks such as man-in-the-middle attacks, scanning attacks and denial-of-service attacks. Physical threats include system flaws and deliberate sabotage, such as broken valves or pumps, physical tampering and environmental interference. All these threats can lead to service disruptions, damage to equipment, environmental pollution and many other severe consequences. 

Project Aim 

To secure CPSs from all types of cyber and physical threats, this project aims to propose efficient and reliable intrusion detection systems (IDSs). IDSs detect anomalies by constant data monitoring for any abnormality and can be deployed as an added security shield to prevent CPSs from all types of anomalies. However, the rapid advancements in communication and internet technologies have not only increased the network size and the corresponding data but also increased the evolution of novel anomalies. As a result, the IDS observed a decline in its detection accuracy and an increase in false alarms. The researchers address these limitations by integrating machine learning (ML) and deep learning (DL) methodologies with IDS to propose effective security solutions. To this end, this project aims to improve the detection accuracy and at the same time, minimise the false alarms for the IDS utilising the ML/DL capabilities for the CPSs environment. 

Proposed Solution

The Cyber-Physical Systems team proposed an effective two-level anomaly detection strategy by integrating ML and DL methodologies for different detection levels. The first detection level utilises a hybrid DL model of Convolutional Neural Network (CNN) and Long Short-Term Memory (LSTM) to perform the initial data screening as either ‘normal’ or ‘anomaly’. For normal detected samples, no action will be taken and will be allowed to pass. However, for anomaly-detected samples, an alarm signal will be initiated immediately to notify the administrator. Additionally, these samples will be sent to the second detection level, which will utilise the ML model of the Gradient Boosting Machine (GBM) to identify the exact type of anomalies to help the administrator take necessary steps to mitigate them. The performance of this proposed two-level anomaly detection strategy is evaluated on the publicly available - Physical and Network hardware-in-the-loop dataset obtained from a Water Distribution Testbed (WDT). The evaluation results demonstrate the superiority of the proposed solution in predicting anomalies effectively by demonstrating high accuracy scores on network and physical data of the WDT dataset.  

Ongoing Work 

The current study involved a supervised ML/DL-based two-level anomaly detection strategy for the CPS and is intended to perform extremely well for the supervised CPS data only. Our next aim in this project is twofold; (1) To extend the idea of a multilevel anomaly detection approach for unsupervised CPS data by employing unsupervised ML/DL models for the IDS.  (2) To propose an optimised multilevel anomaly detection strategy for the CPS and evaluate its performance in the real-time CPS scenario. Furthermore, at the abovementioned conference, another paper from the Cyber-Physical Systems team, focused on machine learning-based fault detection in renewable energy applications and offshore wind turbines, was presented and will be covered in one of the next Project Update articles.