Multivariate Abnormal Detection for Industrial Control Systems Using 1D CNN and GRU

Currently, most anomaly detection approaches in industrial control systems (ICSs) use network event logs to build models, and current unsupervised machine learning methods rarely use spatiotemporal correlations and other dependencies between multiple variables (sensors/actuators) in a system to detect anomalies. Most of the existing anomaly detection technologies simply compare the current states with the predicted normal range. Due to the highly dynamic characteristic of industrial control systems, it is insufficient to simply compare the current states with the predicted normal range. As a result, these approaches have low detection rates for unknown or new types of attacks. In view of these shortcomings, this paper presents a network model for predicting sensor/controller parameters in industrial control systems. To predict the parameter values of the sensors and controllers more accurately, the 1D convolutional neural network (1D & x005F;CNN) and gated recurrent unit (GRU) are combined to fully learn the spatiotemporal correlation and other dependencies between the parameter values of the sensors and controllers at each moment. An abnormal state detection method based on the calculation of the statistical deviation is proposed to realize the anomaly detection of industrial control systems. The model is validated on the Secure Water Treatment (SWaT) dataset. The precision, recall and F1 scores are used to evaluate the effectiveness of this method in anomaly detection on the SWaT dataset. The experimental results show that the average precision and recall of this method are 0.99 and 0.85, respectively, and that the average F1 score is 0.91. The experimental results show that the proposed method can be successfully applied to anomaly detection systems in industrial control systems with lower false positive rates.