Open AccessAnomaly Detection of ICS based on EB-OCSVM
Author(s) -
R B Zhang,
Lirong Xia,
Yirong Lu
Publication year - 2019
Publication title -
journal of physics. conference series
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.21
H-Index - 85
eISSN - 1742-6596
pISSN - 1742-6588
DOI - 10.1088/1742-6596/1267/1/012054
Subject(s) - anomaly detection , computer science , data mining , process (computing) , causality (physics) , anomaly (physics) , boundary (topology) , support vector machine , tracing , graph , artificial intelligence , multivariate statistics , pattern recognition (psychology) , machine learning , mathematics , theoretical computer science , mathematical analysis , physics , quantum mechanics , condensed matter physics , operating system
Industrial process anomaly detection mechanisms have been proposed to protect industrial control system to minimize the risk of damage or loss of resources. In this paper, an one-class Support Vector Machine based extended boundary (EB-OSCVM) is used to detect anomalies in industrial multivariate time series data from a simulated Tennessee Eastman Process (TEP) with many cyber attacks. In detail, determine the change points of each process variable and capture the causality relationship between the variables based on the location and time delay of the change points. Then, by monitoring the leaf nodes in the causality graph, we can know whether the system is abnormal, it can effectively reduce the dimension of process data. The EB-OSCVM extend classification boundary of OCSVM in order to reduce the error of noise, if data is outside the boundary of EB-OCSVM, there is an anomaly. Finally, tracing the anomaly source according to causal direction. An experiment is used to verify the effectiveness of the proposed approach, the results demonstrate that the approach presents a high-accuracy solution and traces the source of anomaly correctly.