Anomaly detection with high accuracy, recall, and low error rate is critical for the safe and uninterrupted operation of cyber-physical systems. However, detecting anomalies in multimodal time series with different modalities obtained from cyber-physical systems is challenging. Although deep learning methods show very good results in anomaly detection, they fail to detect anomalies according to the requirements of cyber-physical systems. In the use of graph-based methods, data loss occurs during the conversion of time series into graphs. The fixed window size used to transform time series into graphs causes a loss of spatio-temporal correlations. In this study, we propose an Event Aware Graph Attention Network (EA-GAT), which can detect anomalies by event-based cyber-physical system analysis. EA-GAT detects and tracks the sensors in cyber-physical systems and the correlations between them. The system analyzes and models the relationship between the components during the marked periods as a graph. Anomalies in the system are found through the created graph models. Experiments show that the EA-GAT technique is more effective than other deep learning methods on SWaT, WADI, MSL datasets used in various studies. The event-based dynamic approach is significantly superior to the fixed-size sliding window technique, which uses the same learning structure. In addition, anomaly analysis is used to identify the attack target and the affected components. At the same time, with the slip subsequence module, the data is divided into subgroups and processed simultaneously.
Read full abstract