Cyberattack Detection Using Deep Generative Models with Variational Inference

作     者：Chandy, Sarin E. Rasekh, Amin Barker, Zachary A. Shafiee, M. Ehsan 

作者机构：Xylem Inc Adv Infrastruct Analyt 817 West Peachtree St Atlanta GA 30308 USA Xylem Inc Adv Infrastruct Analyt 639 Davis Dr Morrisville NC 27560 USA 

出 版 物：《JOURNAL OF WATER RESOURCES PLANNING AND MANAGEMENT》 (水资源规划与管理杂志)

年 卷 期：2019年第145卷第2期

页      面：4018093.1-4018093.10页

核心收录：

学科分类：08[工学] 0815[工学-水利工程] 0813[工学-建筑学] 0814[工学-土木工程] 

基　　金：Author contributions: S.E.C. formulated the methodology, performed analysis, and assisted with manuscript writing A.R. orchestrated the work, wrote the manuscript, and assisted with analysis Z.A.B formulated the comparison method and assisted with analysis M.E.S. designed the attack generator and assisted with analysis 

主　　题：Cybersecurity Water distribution system Variational autoencoder Deep learning Anomaly detection 

摘      要：Recent years have witnessed a rise in the frequency and intensity of cyberattacks targeted at critical infrastructure systems. This study designs a versatile, data-driven cyberattack detection platform for infrastructure systems cybersecurity, with a special demonstration in the water sector. A deep generative model with variational inference autonomously learns normal system behavior and detects attacks as they occur. The model can process the natural data in its raw form and automatically discover and learn its representations, hence augmenting system knowledge discovery and reducing the need for laborious human engineering and domain expertise. The proposed model is applied to a simulated cyberattack detection problem involving a drinking water distribution system subject to programmable logic controller hacks, malicious actuator activation, and deception attacks. The model is only provided with observations of the system, such as pump pressure and tank water level reads, and is blind to the internal structures and workings of the water distribution system. The simulated attacks are manifested in the model s generated reproduction probability plot, indicating its ability to discern the attacks. There is, however, need for improvements in reducing false alarms, especially by optimizing detection thresholds. Altogether, the results indicate ability of the model in distinguishing attacks and their repercussions from normal system operation in water distribution systems, and the promise it holds for cyberattack detection in other domains.