Deep Learning for Real-Time Anomaly Detection in Distributed Cyber-Physical Systems
Abstract
The emergence of intricate cyberattacks and faults is threatening Cyber-Physical Systems (CPS) more than ever before and requires adaptive, scalable, and robust time series anomaly detection on high-volume, multi-variate TS data. In this regard, a new deep learning (DL) architecture is adopted that primarily relies on unsupervised algorithms, including Autoencoders (AEs) and Long Short-Term Memory (LSTMs), to capture complex time-varying data and address data imbalance. Most importantly, the methodology will also use Cyber-Physical Feature Fusion, which combines physical sensor data with cyber network traffic to ensure that the threat is thoroughly covered. Moreover, another significant innovation is the use of an agent-based Dynamic Thresholding (ADT) mechanism, driven by Deep Reinforcement Learning (DRL), that treats the decision to set the anomaly score as a Markov Decision Process (MDP) to dynamically optimize the threshold. The benefits of such an integrated, adaptive approach have been experimentally validated, with very high detection performance and high F1 scores, thereby vastly improving the safety, security, and resiliency of critical distributed CPS infrastructure.