Ti-iLSTM: A TinyDL Approach for Logic-Level Anomaly Detection in Industrial Water Treatment Systems

TL;DR

This paper introduces Ti-iLSTM, a lightweight TinyDL-based framework that effectively detects logic-level anomalies in industrial water treatment systems using optimized LSTM models suitable for resource-constrained PLCs.

Contribution

The paper presents a novel TinyDL-based incremental LSTM framework that reduces memory footprint and accurately detects logic-layer anomalies in industrial control systems.

Findings

Achieved high detection performance with F1-score=0.983 and ROC-AUC=0.998 on SWaT dataset.

Validated the framework's applicability on the WADI dataset beyond a single case.

Demonstrated the effectiveness of TinyDL in resource-constrained industrial environments.

Abstract

Industrial Water Treatment Systems (IWTS) are safety critical cyber-physical infrastructures and due to increased connectivity, these systems are exposed to cyber threats that can manipulate process behaviour without creating obvious devices outliers. In particular, logic-layer deception anomalies can preserve numerically plausible measurements while breaking expected cause-and-effect relationships in the control process. These attacks are difficult to detect using threshold-based monitoring or require heavy server-oriented anomaly detection models. This paper explores the potential of Tiny Deep Learning (TinyDL) to provide lightweight on-device logic-level anomaly detection for resource constrained Programmable Logic Controllers (PLCs). We propose a novel framework, TinyDL-based incremental LSTM (Ti-iLSTM) which optimises the memory and space foot print of Long Short-Term Memory (LSTM), to detect logic-layer inconsistencies in Programmable Logic Controller (PLC) based Industrial Water Treatment Systems (IWTS). Experiments on the publicly available SWaT dataset show that the optimised model achieves high detection performance (F1-score=0.983 and ROC-AUC=0.998). A deployment-style validation on the WADI dataset confirms that the proposed light-weight framework remains applicable beyond a single dataset. The research demonstrates that combining logic-aware supervision with Tiny Deep Learning (TinyDL) sequence learning creates an efficient and accurate anomaly detection suitable for resource constrained Programmable Logic Controllers (PLCs) in industrial environments.