Explainable Anomaly Detection Based on Operational Sequences in Industrial Control Systems
Traditionally, industrial control systems (ICS) are closed structures that rely on specialized hardware and software with proprietary control protocols. However, with the advancement of technology and the digitalization of ICS, the attack space available to malicious actors has significantly expande...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10964214/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849699996380692480 |
|---|---|
| author | Ka-Kyung Kim Joon-Seok Kim Ieck-Chae Euom |
| author_facet | Ka-Kyung Kim Joon-Seok Kim Ieck-Chae Euom |
| author_sort | Ka-Kyung Kim |
| collection | DOAJ |
| description | Traditionally, industrial control systems (ICS) are closed structures that rely on specialized hardware and software with proprietary control protocols. However, with the advancement of technology and the digitalization of ICS, the attack space available to malicious actors has significantly expanded. Anomaly detection systems, initially implemented for detecting device faults or failures, have increasingly become the focus of research aimed at identifying attack patterns as cyberattack techniques become more sophisticated and intelligent. Many anomaly detection algorithms based on deep learning models have good performance but often involve complex neural network structures, creating a black-box issue where users cannot interpret the decisions made by the models. The black-box issue hinders the adoption of artificial intelligence (AI) systems that can ensure efficient and secure operation in ICS environments. Various attempts have been made to address the black box issue but limited to identifying the features that caused the anomaly. In detecting target anomalies in industrial control system operational data, it is important not only to identify feature importance, but also to consider correlations between variables, and to provide intuitive explanations to enhance the understanding of operators. To satisfy these major values, this paper proposes a method for explainable anomaly detection for ICS. |
| format | Article |
| id | doaj-art-ac409286311e4c80ad461a2e7e7efdd2 |
| institution | DOAJ |
| issn | 2169-3536 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-ac409286311e4c80ad461a2e7e7efdd22025-08-20T03:18:24ZengIEEEIEEE Access2169-35362025-01-0113661706618710.1109/ACCESS.2025.356026010964214Explainable Anomaly Detection Based on Operational Sequences in Industrial Control SystemsKa-Kyung Kim0https://orcid.org/0009-0000-8750-1606Joon-Seok Kim1Ieck-Chae Euom2https://orcid.org/0000-0002-8224-1996System Security Research Center, Chonnam National University, Gwangju, South KoreaSystem Security Research Center, Chonnam National University, Gwangju, South KoreaSystem Security Research Center, Chonnam National University, Gwangju, South KoreaTraditionally, industrial control systems (ICS) are closed structures that rely on specialized hardware and software with proprietary control protocols. However, with the advancement of technology and the digitalization of ICS, the attack space available to malicious actors has significantly expanded. Anomaly detection systems, initially implemented for detecting device faults or failures, have increasingly become the focus of research aimed at identifying attack patterns as cyberattack techniques become more sophisticated and intelligent. Many anomaly detection algorithms based on deep learning models have good performance but often involve complex neural network structures, creating a black-box issue where users cannot interpret the decisions made by the models. The black-box issue hinders the adoption of artificial intelligence (AI) systems that can ensure efficient and secure operation in ICS environments. Various attempts have been made to address the black box issue but limited to identifying the features that caused the anomaly. In detecting target anomalies in industrial control system operational data, it is important not only to identify feature importance, but also to consider correlations between variables, and to provide intuitive explanations to enhance the understanding of operators. To satisfy these major values, this paper proposes a method for explainable anomaly detection for ICS.https://ieeexplore.ieee.org/document/10964214/Anomaly detectioncyber physical systemexplainable artificial intelligenceindustrial control systemoperational sequencetime-series feature |
| spellingShingle | Ka-Kyung Kim Joon-Seok Kim Ieck-Chae Euom Explainable Anomaly Detection Based on Operational Sequences in Industrial Control Systems IEEE Access Anomaly detection cyber physical system explainable artificial intelligence industrial control system operational sequence time-series feature |
| title | Explainable Anomaly Detection Based on Operational Sequences in Industrial Control Systems |
| title_full | Explainable Anomaly Detection Based on Operational Sequences in Industrial Control Systems |
| title_fullStr | Explainable Anomaly Detection Based on Operational Sequences in Industrial Control Systems |
| title_full_unstemmed | Explainable Anomaly Detection Based on Operational Sequences in Industrial Control Systems |
| title_short | Explainable Anomaly Detection Based on Operational Sequences in Industrial Control Systems |
| title_sort | explainable anomaly detection based on operational sequences in industrial control systems |
| topic | Anomaly detection cyber physical system explainable artificial intelligence industrial control system operational sequence time-series feature |
| url | https://ieeexplore.ieee.org/document/10964214/ |
| work_keys_str_mv | AT kakyungkim explainableanomalydetectionbasedonoperationalsequencesinindustrialcontrolsystems AT joonseokkim explainableanomalydetectionbasedonoperationalsequencesinindustrialcontrolsystems AT ieckchaeeuom explainableanomalydetectionbasedonoperationalsequencesinindustrialcontrolsystems |