Explainable Anomaly Detection Based on Operational Sequences in Industrial Control Systems

Explainable Anomaly Detection Based on Operational Sequences in Industrial Control Systems

Traditionally, industrial control systems (ICS) are closed structures that rely on specialized hardware and software with proprietary control protocols. However, with the advancement of technology and the digitalization of ICS, the attack space available to malicious actors has significantly expande...

Full description

Saved in:
Bibliographic Details
Main Authors: Ka-Kyung Kim, Joon-Seok Kim, Ieck-Chae Euom
Format: Article
Language:English
Published: IEEE 2025-01-01
Series:IEEE Access
Subjects:
Anomaly detection
cyber physical system
explainable artificial intelligence
industrial control system
operational sequence
time-series feature
Online Access:https://ieeexplore.ieee.org/document/10964214/
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Traditionally, industrial control systems (ICS) are closed structures that rely on specialized hardware and software with proprietary control protocols. However, with the advancement of technology and the digitalization of ICS, the attack space available to malicious actors has significantly expanded. Anomaly detection systems, initially implemented for detecting device faults or failures, have increasingly become the focus of research aimed at identifying attack patterns as cyberattack techniques become more sophisticated and intelligent. Many anomaly detection algorithms based on deep learning models have good performance but often involve complex neural network structures, creating a black-box issue where users cannot interpret the decisions made by the models. The black-box issue hinders the adoption of artificial intelligence (AI) systems that can ensure efficient and secure operation in ICS environments. Various attempts have been made to address the black box issue but limited to identifying the features that caused the anomaly. In detecting target anomalies in industrial control system operational data, it is important not only to identify feature importance, but also to consider correlations between variables, and to provide intuitive explanations to enhance the understanding of operators. To satisfy these major values, this paper proposes a method for explainable anomaly detection for ICS.
ISSN:2169-3536

Similar Items