Robustness Testing of Data and Knowledge Driven Anomaly Detection in Cyber-Physical Systems

TL;DR

This paper evaluates the robustness of ML-based anomaly detection in cyber-physical systems, specifically in safety-critical applications like artificial pancreas systems, under various input perturbations, and explores how integrating domain knowledge enhances robustness.

Contribution

It introduces a robustness testing framework for ML anomaly detection in CPS and demonstrates that incorporating domain knowledge improves robustness without losing accuracy.

Findings

ML models with domain knowledge reduce robustness error by up to 54.2%.

Domain knowledge integration maintains high F1 scores.

Robustness against Gaussian noise and FGSM perturbations is improved.

Abstract

The growing complexity of Cyber-Physical Systems (CPS) and challenges in ensuring safety and security have led to the increasing use of deep learning methods for accurate and scalable anomaly detection. However, machine learning (ML) models often suffer from low performance in predicting unexpected data and are vulnerable to accidental or malicious perturbations. Although robustness testing of deep learning models has been extensively explored in applications such as image classification and speech recognition, less attention has been paid to ML-driven safety monitoring in CPS. This paper presents the preliminary results on evaluating the robustness of ML-based anomaly detection methods in safety-critical CPS against two types of accidental and malicious input perturbations, generated using a Gaussian-based noise model and the Fast Gradient Sign Method (FGSM). We test the hypothesis of whether integrating the domain knowledge (e.g., on unsafe system behavior) with the ML models can improve the robustness of anomaly detection without sacrificing accuracy and transparency. Experimental results with two case studies of Artificial Pancreas Systems (APS) for diabetes management show that ML-based safety monitors trained with domain knowledge can reduce on average up to 54.2% of robustness error and keep the average F1 scores high while improving transparency.