Abstract
Today's Cyber-Physical Systems (CPSs) are large, complex, and affixed withnetworked sensors and actuators that are targets for cyber-attacks.Conventional detection techniques are unable to deal with the increasinglydynamic and complex nature of the CPSs. On the other hand, the networkedsensors and actuators generate large amounts of data streams that can becontinuously monitored for intrusion events. Unsupervised machine learningtechniques can be used to model the system behaviour and classify deviantbehaviours as possible attacks. In this work, we proposed a novel GenerativeAdversarial Networks-based Anomaly Detection (GAN-AD) method for such complexnetworked CPSs. We used LSTM-RNN in our GAN to capture the distribution of themultivariate time series of the sensors and actuators under normal workingconditions of a CPS. Instead of treating each sensor's and actuator's timeseries independently, we model the time series of multiple sensors andactuators in the CPS concurrently to take into account of potential latentinteractions between them. To exploit both the generator and the discriminatorof our GAN, we deployed the GAN-trained discriminator together with theresiduals between generator-reconstructed data and the actual samples to detectpossible anomalies in the complex CPS. We used our GAN-AD to distinguishabnormal attacked situations from normal working conditions for a complexsix-stage Secure Water Treatment (SWaT) system. Experimental results showedthat the proposed strategy is effective in identifying anomalies caused byvarious attacks with high detection rate and low false positive rate ascompared to existing methods.