Deep Learning-Based Anomaly Detection in Cyber-Physical Systems: Progress and Opportunities

TL;DR

This paper reviews deep learning-based anomaly detection methods in cyber-physical systems, proposing a taxonomy, analyzing characteristics, limitations, and providing insights for practical application and future research directions.

Contribution

It introduces a comprehensive taxonomy for DLAD in CPSs, analyzes current methods, and offers experimental insights and future research directions.

Findings

Deep learning methods show promise but face limitations in CPS anomaly detection.

Taxonomy helps categorize and understand different DLAD approaches.

Experimental analysis reveals performance trade-offs among neural models.

Abstract

Anomaly detection is crucial to ensure the security of cyber-physical systems (CPS). However, due to the increasing complexity of CPSs and more sophisticated attacks, conventional anomaly detection methods, which face the growing volume of data and need domain-specific knowledge, cannot be directly applied to address these challenges. To this end, deep learning-based anomaly detection (DLAD) methods have been proposed. In this paper, we review state-of-the-art DLAD methods in CPSs. We propose a taxonomy in terms of the type of anomalies, strategies, implementation, and evaluation metrics to understand the essential properties of current methods. Further, we utilize this taxonomy to identify and highlight new characteristics and designs in each CPS domain. Also, we discuss the limitations and open problems of these methods. Moreover, to give users insights into choosing proper DLAD methods in practice, we experimentally explore the characteristics of typical neural models, the workflow of DLAD methods, and the running performance of DL models. Finally, we discuss the deficiencies of DL approaches, our findings, and possible directions to improve DLAD methods and motivate future research.