Deepnoise: Learning sensor and process noise to detect data integrity attacks in CPS

Abstract

Cyber-physical systems (CPS) have been widely deployed in critical infrastructures and are vulnerable to various attacks. Data integrity attacks manipulate sensor measurements and cause control systems to fail, which are one of the prominent threats to CPS. Anomaly detection methods are proposed to secure CPS. However, existing anomaly detection studies usually require expert knowledge (e.g., system model-based) or are lack of interpretability (e.g., deep learning-based). In this paper, we present Deepnoise, a deep learning-based anomaly detection method for CPS with interpretability. Specifically, we utilize the sensor and process noise to detect data integrity attacks. Such noise represents the intrinsic characteristics of physical devices and the production process in CPS. One key enabler is that we use a robust deep autoencoder to automatically extract the noise from measurement data. Further, an LSTM-based detector is designed to inspect the obtained noise and detect anomalies. Data integrity attacks change noise patterns and thus are identified as the root cause of anomalies by Deepnoise. Evaluated on the SWaT testbed, Deep-noise achieves higher accuracy and recall compared with state-of-the-art model-based and deep learning-based methods. On average, when detecting direct attacks, the precision is 95.47%, the recall is 96.58%, and F is 95.98%. When detecting stealthy attacks, precision, recall, and F scores are between 96% and 99.5%.