September, 1 2017
David Steinberg
Industrial processes today increasingly merge physical parts with the internet-of-things. This exposure of processes makes them potentially vulnerable to cyber attack. Hence cyber security is essential to protect the processes. Such security systems typically involve analysis of the data streams that typify normal conditions, with the goal of developing algorithms that detect anomalies in these streams. The authors of this article adopted an approach based on a long short-term memory (LSTM) neural network to monitor and detect faults in industrial multivariate time series data. They test their approach on a Modelica model of part of a real gasoil plant. Attacks were simulated by introducing hacks into the logic of the Modelica model. The screening algorithms were able to generate both the roots and causes of fault behavior in the plant. Having a self-consistent data set with labeled faults, they used an LSTM architecture with a forecasting error threshold to obtain performance metrics such as precision and recall for detecting attacks. They studied how performance depends on the threshold level for diagnosing an attack and propose some useful directions for extending the ideas.
Read the Paper:
Multivariate Industrial Time Series with Cyber-Attack Simulation: Fault Detection Using an LSTM-based Predictive Data Model
Filonov, P., Lavrentyev, A. and Vorontsov, A.