WaXAI: Explainable Anomaly Detection in Industrial Control Systems and Water Systems
Pages 3 - 15
Abstract
An Industrial Control System (ICS) plays a vital role in controlling and managing industrial processes. ICS predominantly operates without human supervision. This (mostly) autonomous role makes them an attractive target for adversaries. In recent years, machine learning (ML) algorithms have demonstrated their feasibility in detecting anomalies in sensor and actuator data, in an ICS. However, the ML algorithms demand extensive training time and lacks the ability to pinpoint the component(s) that are in an anomalous state. In this work, we employed two of the latest anomaly detection algorithms (ECOD and DeepSVDD) with a shorter training time, faster anomaly detection time, and a comparable efficiency rate in detecting anomalies. The algorithms were trained and tested using a dataset generated from the SWaT water treatment testbed. With the ubiquity of ML algorithms in decision making and forecasting, it is important for humans to perceive and understand its output decisions instead of viewing it as a black box oracle. In subsequent experiments, we employed eXplainable ML/AI (XML/XAI) models to explain the model's output decision, thus, increasing model transparency and trust. We also measure the effectiveness of the XAI models deployed thereby providing an indicator to which XAI models worked better in our experiments.
References
[1]
Abdulrahman Al-Abassi, Hadis Karimipour, Ali Dehghantanha, and Reza M. Parizi. 2020. An Ensemble Deep Learning-Based Cyber-Attack Detection in Industrial Control System. IEEE Access 8 (2020), 83965--83973. https://doi.org/10.1109/ACCESS.2020.2992249
[2]
Sajid Ali, Tamer Abuhmed, Shaker El-Sappagh, Khan Muhammad, Jose M. Alonso-Moral, Roberto Confalonieri, Riccardo Guidotti, Javier Del Ser, Natalia Díaz-Rodríguez, and Francisco Herrera. 2023. Explainable Artificial Intelligence (XAI): What we know and what is left to attain Trustworthy Artificial Intelligence. Information Fusion 99(2023), 101805. https://doi.org/10.1016/j.inffus.2023.101805
[3]
Mina Ameli, Viktor Pfanschiling, Anar Amirli, Wolfgang Maaß, and Kristian Kersting. 2022. Unsupervised Multi-Sensor Anomaly Localization with Explainable AI. In Artificial Intelligence Applications and Innovations. Springer International Publishing, Cham, 507--519.
[4]
Daniel W. Apley and Jingyu Zhu. 2016. Visualizing the Effects of Predictor Variables in Black Box Supervised Learning Models. https://doi.org/10.48550/ARXIV.1612.08468
[5]
Emmanuel Aboah Boateng and Jerry Bruce. 2023. Two-phase Dual COPOD Method for Anomaly Detection in Industrial Control System. arXiv:2305.00982 [cs.LG]
[6]
Carmen Esposito, Gregory Landrum, Nadine Schneider, Nikolaus Stiefl, and Sereina Riniker. 2021. GHOST: Adjusting the Decision Threshold to Handle Imbalanced Data in Machine Learning. Journal of Chemical Information and Modeling (06 2021). https://doi.org/10.1021/acs.jcim.1c00160
[7]
Daniel Fährmann, Naser Damer, Florian Kirchbuchner, and Arjan Kuijper. 2022. Lightweight Long Short-Term Memory Variational Auto-Encoder for Multivariate Time Series Anomaly Detection in Industrial Control Systems. Sensors 22, 8 (2022). https://doi.org/10.3390/s22082886
[8]
Jonathan Goh, Sridhar Adepu, Khurum Nazir Junejo, and Aditya P. Mathur. 2017. A Dataset to Support Research in the Design of Secure Water Treatment Systems. In Critical Information Infrastructures Security. Springer International Publishing, Cham, 88--99.
[9]
Ángel Luis Perales Gómez, Lorenzo Fernández Maimó, Alberto Huertas Celdrán, and Félix J. García Clemente. 2020. MADICS: A Methodology for Anomaly Detection in Industrial Control Systems. Symmetry 12 (2020), 1583.
[10]
Do Thu Ha, Nguyen Xuan Hoang, Nguyen Viet Hoang, Nguyen Huu Du, Truong Thu Huong, and Kim Phuc Tran. 2022. Explainable Anomaly Detection for Industrial Control System Cybersecurity. arXiv preprint arXiv:2205.01930 (2022).
[11]
Truong Thu Huong, Ta Phuong Bac, Kieu Ngan Ha, Nguyen Viet Hoang, Nguyen Xuan Hoang, Nguyen Tai Hung, and Kim Phuc Tran. 2022. Federated Learning-Based Explainable Anomaly Detection for Industrial Control Systems. IEEE Access 10 (2022), 53854--53872. https://doi.org/10.1109/ACCESS.2022.3173288
[12]
Jun Inoue, Yoriyuki Yamagata, Yuqi Chen, Christopher M Poskitt, and Jun Sun. 2017. Anomaly Detection for a Water Treatment System Using Unsupervised Machine Learning. In 2017 IEEE international conference on data mining workshops (ICDMW). IEEE, 1058--1065.
[13]
Jonguk Kim, Jeong-Han Yun, and Hyoung Chun Kim. 2019. Anomaly detection for industrial control systems using sequence-to-sequence neural networks. In Computer Security. Springer, 3--18.
[14]
Janis Klaise, Arnaud Van Looveren, Giovanni Vacanti, and Alexandru Coca. 2021. Alibi Explain: Algorithms for Explaining Machine Learning Models. Journal of Machine Learning Research 22, 181 (2021), 1--7. http://jmlr.org/papers/v22/21-0017.html
[15]
Moshe Kravchik and Asaf Shabtai. 2018. Detecting cyber attacks in industrial control systems using convolutional neural networks. In Proceedings of the 2018 workshop on cyber-physical systems security and privacy. 72--83.
[16]
Jaykumar Lachure and Rajesh Doriya. 2023. Anomaly Detection in Industrial Control System using FSODCONV Method. In Proceedings of the 2023 6th International Conference on Information Science and Systems (Edinburgh, United Kingdom) (ICISS '23). Association for Computing Machinery, New York, NY, USA, 238--244. https://doi.org/10.1145/3625156.3625191
[17]
Dan Li, Dacheng Chen, Baihong Jin, Lei Shi, Jonathan Goh, and See-Kiong Ng. 2019. MAD-GAN: Multivariate anomaly detection for time series data with generative adversarial networks. In International conference on artificial neural networks. Springer, 703--716.
[18]
Zhihan Li, Youjian Zhao, Jiaqi Han, Ya Su, Rui Jiao, Xidao Wen, and Dan Pei. 2021. Multivariate Time Series Anomaly Detection and Interpretation Using Hierarchical Inter-Metric and Temporal Embedding. In Proceedings of the 27th ACM SIGKDD Conference on Knowledge Discovery & Data Mining (Virtual Event, Singapore). Association for Computing Machinery, New York, NY, USA, 3220--3230. https://doi.org/10.1145/3447548.3467075
[19]
Zheng Li, Yue Zhao, Xiyang Hu, Nicola Botta, Cezar Ionescu, and George Chen. 2022. ECOD: Unsupervised Outlier Detection Using Empirical Cumulative Distribution Functions. IEEE Transactions on Knowledge and Data Engineering (2022), 1--1. https://doi.org/10.1109/TKDE.2022.3159580
[20]
Scott M. Lundberg and Su-In Lee. 2017. A Unified Approach to Interpreting Model Predictions. In Proceedings of the 31st International Conference on Neural Information Processing Systems. Curran Associates Inc., Red Hook, NY, USA, 4768--4777.
[21]
Scott M Lundberg, Bala Nair, Monica S Vavilala, Mayumi Horibe, Michael J Eisses, Trevor Adams, David E Liston, Daniel King-Wai Low, Shu-Fang Newman, Jerry Kim, et al. 2018. Explainable machine-learning predictions for the prevention of hypoxaemia during surgery. Nature Biomedical Engineering 2, 10 (2018), 749.
[22]
Mayra Macas and Chunming Wu. 2019. An unsupervised framework for anomaly detection in a water treatment system. In 2019 18th IEEE International Conference On Machine Learning And Applications (ICMLA). IEEE, 1298--1305.
[23]
Christoph Molnar. 2022. Interpretable Machine Learning (2 ed.). Molnar. https://christophm.github.io/interpretable-ml-book
[24]
Daniel Olszewski, Allison Lu, Carson Stillman, Kevin Warren, Cole Kitroser, Alejandro Pascual, Divyajyoti Ukirde, Kevin Butler, and Patrick Traynor. 2023. "Get in Researchers; We're Measuring Reproducibility": A Reproducibility Study of Machine Learning Papers in Tier 1 Security Conferences. In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security (Copenhagen, Denmark) (CCS '23). Association for Computing Machinery, New York, NY, USA, 3433--3459. https://doi.org/10.1145/3576915.3623130
[25]
Marco Túlio Ribeiro, Sameer Singh, and Carlos Guestrin. 2016. "Why Should I Trust You?": Explaining the Predictions of Any Classifier. CoRR abs/1602.04938 (2016). arXiv:1602.04938 http://arxiv.org/abs/1602.04938
[26]
Khushnaseeb Roshan and Aasim Zafar. 2021. Utilizing XAI technique to improve autoencoder based model for computer network anomaly detection with shapley additive explanation(SHAP). CoRR abs/2112.08442 (2021). arXiv:2112.08442 https://arxiv.org/abs/2112.08442
[27]
Lukas Ruff, Nico Görnitz, Lucas Deecke, Shoaib Ahmed Siddiqui, Robert A. Vandermeulen, Alexander Binder, Emmanuel Müller, and Marius Kloft. 2018. Deep One-Class Classification. In ICML. 4390--4399. http://proceedings.mlr.press/v80/ruff18a.html
[28]
Keith Stouffer, Joe Falco, Karen Scarfone, et al. 2011. Guide to industrial control systems (ICS) security. NIST special publication 800, 82 (2011), 16--16.
[29]
Mukund Sundararajan, Ankur Taly, and Qiqi Yan. 2017. Axiomatic Attribution for Deep Networks. CoRR abs/1703.01365 (2017). arXiv:1703.01365 http://arxiv.org/abs/1703.01365
[30]
Alp Ustundag, Emre Cevikcan, Beyzanur Cayir Ervural, and Bilal Ervural. 2018. Overview of cyber security in the industry 4.0 era. Industry 4.0: managing the digital transformation (2018), 267--284.
[31]
Chao Wang, Hongri Liu, Chao Li, Yunxiao Sun, Wenting Wang, and Bailing Wang. 2023. Robust Intrusion Detection for Industrial Control Systems Using Improved Autoencoder and Bayesian Gaussian Mixture Model. Mathematics 11, 9 (2023). https://doi.org/10.3390/math11092048
[32]
Hongzuo Xu, Yijie Wang, Songlei Jian, Qing Liao, Yongjun Wang, and Guansong Pang. 2022. Calibrated One-class Classification for Unsupervised Time Series Anomaly Detection. arXiv preprint arXiv:2207.12201 (2022).
[33]
Xiwang Yang, Harald Steck, Yang Guo, and Yong Liu. 2012. On Top-k Recommendation Using Social Networks. In Proceedings of the Sixth ACM Conference on Recommender Systems (Dublin, Ireland) (RecSys '12). Association for Computing Machinery, New York, NY, USA, 67--74. https://doi.org/10.1145/2365952.2365969
[34]
Yue Zhao, Zain Nasrullah, and Zheng Li. 2019. PyOD: A Python Toolbox for Scalable Outlier Detection. Journal of Machine Learning Research 20, 96 (2019), 1--7. http://jmlr.org/papers/v20/19-011.html
Index Terms
- WaXAI: Explainable Anomaly Detection in Industrial Control Systems and Water Systems
Recommendations
State-aware anomaly detection for industrial control systems
SAC '18: Proceedings of the 33rd Annual ACM Symposium on Applied ComputingAnomaly detection for industrial control systems (ICS) can leverage process data to detect malicious derivations from expected process behavior. We propose state-aware anomaly detection that uses state dependent detection thresholds, which provide ...
Super Detector: An Ensemble Approach for Anomaly Detection in Industrial Control Systems
Critical Information Infrastructures SecurityAbstractIndustrial Control Systems encompass supervisory systems (SCADA) and cyber-physical components (sensors/actuators), which are typically deployed in critical infrastructure to control physical processes. Their interconnectedness and controllability ...
Autoencoding Binary Classifiers for Supervised Anomaly Detection
PRICAI 2019: Trends in Artificial IntelligenceAbstractWe propose the Autoencoding Binary Classifiers (ABC), a novel supervised anomaly detector based on the Autoencoder (AE). There are two main approaches in anomaly detection: supervised and unsupervised. The supervised approach accurately detects ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
July 2024
116 pages
Copyright © 2024 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 01 July 2024
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
ASIA CCS '24
Sponsor:
ASIA CCS '24: ACM Asia Conference on Computer and Communications Security
July 2, 2024
Singapore, Singapore
Acceptance Rates
CPSS '24 Paper Acceptance Rate 10 of 22 submissions, 45%;
Overall Acceptance Rate 43 of 135 submissions, 32%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 299Total Downloads
- Downloads (Last 12 months)299
- Downloads (Last 6 weeks)66
Reflects downloads up to 19 Nov 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in