RNN-based Early Cyber-Attack Detection for the Tennessee Eastman Process

Pavel Filonov; Fedor Kitashov; Andrey Lavrentyev

arXiv:1709.02232·cs.CR·September 8, 2017·57 cites

RNN-based Early Cyber-Attack Detection for the Tennessee Eastman Process

Pavel Filonov, Fedor Kitashov, Andrey Lavrentyev

PDF

Open Access

TL;DR

This paper presents an RNN-based method for early detection of cyber-attacks in industrial processes, improving upon previous LSTM approaches by handling complex data and focusing on early anomaly detection using the NAB metric.

Contribution

It adapts RNN networks for complex industrial data and emphasizes early detection, providing a comparison with DPCA and releasing a new dataset.

Findings

01

Effective early detection of cyber-attacks demonstrated

02

RNN approach outperforms DPCA in early anomaly detection

03

Publicly available dataset facilitates future research

Abstract

An RNN-based forecasting approach is used to early detect anomalies in industrial multivariate time series data from a simulated Tennessee Eastman Process (TEP) with many cyber-attacks. This work continues a previously proposed LSTM-based approach to the fault detection in simpler data. It is considered necessary to adapt the RNN network to deal with data containing stochastic, stationary, transitive and a rich variety of anomalous behaviours. There is particular focus on early detection with special NAB-metric. A comparison with the DPCA approach is provided. The generated data set is made publicly available.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsFault Detection and Control Systems · Anomaly Detection Techniques and Applications · Advanced Statistical Process Monitoring