Unsupervised Learning Based Robust Multivariate Intrusion Detection System for Cyber-Physical Systems using Low Rank Matrix

TL;DR

This paper introduces RAD, an unsupervised, robust multivariate intrusion detection system for cyber-physical systems that efficiently detects attacks even with corrupted training data, outperforming existing methods.

Contribution

It presents a novel unsupervised IDS using low-rank matrix techniques that is robust to outliers and operates efficiently in high-dimensional settings.

Findings

Outperforms existing anomaly detection techniques on real-world datasets

Operates in O(d) space and time complexity, scalable to high-dimensional data

Handles corrupted training data effectively

Abstract

Regular and uninterrupted operation of critical infrastructures such as power, transport, communication etc. are essential for proper functioning of a country. Cyber-attacks causing disruption in critical infrastructure service in the past, are considered as a significant threat. With the advancement in technology and the progress of the critical infrastructures towards IP based communication, cyber-physical systems are lucrative targets of the attackers. In this paper, we propose a robust multivariate intrusion detection system called RAD for detecting attacks in the cyber-physical systems in O(d) space and time complexity, where d is the number parameters in the system state vector. The proposed Intrusion Detection System(IDS) is developed in an unsupervised learning setting without using labelled data denoting attacks. It allows a fraction of the training data to be corrupted by outliers or under attack, by subscribing to robust training procedure. The proposed IDS outperforms existing anomaly detection techniques in several real-world datasets and attack scenarios.