Anomaly detection for a water treatment system using unsupervised machine learning
In this paper, we propose and evaluate the application of unsupervised machine learning to anomaly detection for a Cyber-Physical System (CPS). We compare two methods: Deep Neural Networks (DNN) adapted to time series data generated by a CPS, and one-class Support Vector Machines (SVM). These method...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2017
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/4704 https://ink.library.smu.edu.sg/context/sis_research/article/5707/viewcontent/Anomaly_detection_water_treatment_ICDMW17_av.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-5707 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-57072020-03-30T03:46:15Z Anomaly detection for a water treatment system using unsupervised machine learning INOUE, Jun YAMAGATA, Yoriyuki CHEN, Yuqi POSKITT, Christopher M. SUN, Jun In this paper, we propose and evaluate the application of unsupervised machine learning to anomaly detection for a Cyber-Physical System (CPS). We compare two methods: Deep Neural Networks (DNN) adapted to time series data generated by a CPS, and one-class Support Vector Machines (SVM). These methods are evaluated against data from the Secure Water Treatment (SWaT) testbed, a scaled-down but fully operational raw water purification plant. For both methods, we first train detectors using a log generated by SWaT operating under normal conditions. Then, we evaluate the performance of both methods using a log generated by SWaT operating under 36 different attack scenarios. We find that our DNN generates fewer false positives than our one-class SVM while our SVM detects slightly more anomalies. Overall, our DNN has a slightly better F measure than our SVM. We discuss the characteristics of the DNN and one-class SVM used in this experiment, and compare the advantages and disadvantages of the two methods. 2017-11-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/4704 info:doi/10.1109/ICDMW.2017.149 https://ink.library.smu.edu.sg/context/sis_research/article/5707/viewcontent/Anomaly_detection_water_treatment_ICDMW17_av.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Anomaly detection Deep neural network Machine learning Support vector machine Water treatment system Software Engineering |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Anomaly detection Deep neural network Machine learning Support vector machine Water treatment system Software Engineering |
| spellingShingle |
Anomaly detection Deep neural network Machine learning Support vector machine Water treatment system Software Engineering INOUE, Jun YAMAGATA, Yoriyuki CHEN, Yuqi POSKITT, Christopher M. SUN, Jun Anomaly detection for a water treatment system using unsupervised machine learning |
| description |
In this paper, we propose and evaluate the application of unsupervised machine learning to anomaly detection for a Cyber-Physical System (CPS). We compare two methods: Deep Neural Networks (DNN) adapted to time series data generated by a CPS, and one-class Support Vector Machines (SVM). These methods are evaluated against data from the Secure Water Treatment (SWaT) testbed, a scaled-down but fully operational raw water purification plant. For both methods, we first train detectors using a log generated by SWaT operating under normal conditions. Then, we evaluate the performance of both methods using a log generated by SWaT operating under 36 different attack scenarios. We find that our DNN generates fewer false positives than our one-class SVM while our SVM detects slightly more anomalies. Overall, our DNN has a slightly better F measure than our SVM. We discuss the characteristics of the DNN and one-class SVM used in this experiment, and compare the advantages and disadvantages of the two methods. |
| format |
text |
| author |
INOUE, Jun YAMAGATA, Yoriyuki CHEN, Yuqi POSKITT, Christopher M. SUN, Jun |
| author_facet |
INOUE, Jun YAMAGATA, Yoriyuki CHEN, Yuqi POSKITT, Christopher M. SUN, Jun |
| author_sort |
INOUE, Jun |
| title |
Anomaly detection for a water treatment system using unsupervised machine learning |
| title_short |
Anomaly detection for a water treatment system using unsupervised machine learning |
| title_full |
Anomaly detection for a water treatment system using unsupervised machine learning |
| title_fullStr |
Anomaly detection for a water treatment system using unsupervised machine learning |
| title_full_unstemmed |
Anomaly detection for a water treatment system using unsupervised machine learning |
| title_sort |
anomaly detection for a water treatment system using unsupervised machine learning |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2017 |
| url |
https://ink.library.smu.edu.sg/sis_research/4704 https://ink.library.smu.edu.sg/context/sis_research/article/5707/viewcontent/Anomaly_detection_water_treatment_ICDMW17_av.pdf |
| _version_ |
1770574966764339200 |