Event-Triggered GAT-LSTM Framework for Attack Detection in Heating, Ventilation, and Air Conditioning Systems

TL;DR

This paper introduces an event-triggered GAT-LSTM framework for detecting cyber-physical attacks in HVAC systems, achieving high accuracy and reducing communication costs by combining local anomaly detection with cloud-based spatial-temporal analysis.

Contribution

It presents a novel integrated framework using event-triggered monitoring and graph attention with LSTM networks for efficient and accurate attack detection in HVAC systems.

Findings

Achieves 98.8% detection accuracy, outperforming GAT-only and LSTM-only models.

Reduces data transmission to 15% through event-triggered communication.

Demonstrates effectiveness on simulated attack datasets.

Abstract

Heating, Ventilation, and Air Conditioning (HVAC) systems are essential for maintaining indoor environmental quality, but their interconnected nature and reliance on sensor networks make them vulnerable to cyber-physical attacks. Such attacks can interrupt system operations and risk leaking sensitive personal information through measurement data. In this paper, we propose a novel attack detection framework for HVAC systems, integrating an Event-Triggering Unit (ETU) for local monitoring and a cloud-based classification system using the Graph Attention Network (GAT) and the Long Short-Term Memory (LSTM) network. The ETU performs a binary classification to identify potential anomalies and selectively triggers encrypted data transmission to the cloud, significantly reducing communication cost. The cloud-side GAT module models the spatial relationships among HVAC components, while the LSTM module captures temporal dependencies across encrypted state sequences to classify the attack type. Our approach is evaluated on datasets that simulate diverse attack scenarios. Compared to GAT-only (94.2% accuracy) and LSTM-only (91.5%) ablations, our full GAT-LSTM model achieves 98.8% overall detection accuracy and reduces data transmission to 15%. These results demonstrate that the proposed framework achieves high detection accuracy while preserving data privacy by using the spatial-temporal characteristics of HVAC systems and minimizing transmission costs through event-triggered communication.