Abstract
Many real-world cyber-physical systems (CPSs) are engineered for mission-critical tasks and usually are prime targets for cyber-attacks. The rich sensor data in CPSs can be continuously monitored for intrusion events through anomaly detection. On one hand, conventional supervised anomaly detection methods are unable to exploit the large amounts of data due to the lack of labelled data. On the other hand, current unsupervised machine learning approaches have not fully exploited the spatial-temporal correlation and other dependencies amongst the multiple variables (sensors/actuators) in the system when detecting anomalies. In this work, we propose an unsupervised multivariate anomaly detection method based on Generative Adversarial Networks (GANs), using the Long-Short-Term-Memory Recurrent Neural Networks (LSTM-RNN) as the base models (namely, the generator and discriminator) in the GAN framework to capture the temporal correlation of time series distributions. Instead of treating each data stream independently, our proposed Multivariate Anomaly Detection with GAN (MAD-GAN) framework considers the entire variable set concurrently to capture the latent interactions amongst the variables. We also fully exploit both the generator and discriminator produced by the GAN, using a novel anomaly score called DR-score to detect anomalies through discrimination and reconstruction. We have tested our proposed MAD-GAN using two recent datasets collected from real-world CPSs: the Secure Water Treatment (SWaT) and the Water Distribution (WADI) datasets. Our experimental results show that the proposed MAD-GAN is effective in reporting anomalies caused by various cyber-attacks inserted in these complex real-world systems.
This work was supported by the Singapore National Research Foundation and the Cyber-security R&D Consortium Grant Office under Seed Grant Award No. CRDCG2017-S05.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
Note that codes of OCSVM, KNN, FB and AE are taken from PyOD [24].
- 4.
The best F_1 for the SWaT dataset is obtained with sub-sequence length equals to 150 at the \(9^{th}\) iteration (100 iterations in total). Also, the best F_1 for the WADI dataset is obtained with \(s_w=240\) at the \(43^{th}\) iteration (100 iterations in total).
- 5.
For SWaT, With a GeForce GTX 1080 Ti, the 100-epoch training-testing round took 6.15 h when \(s_w=60\), while it took 23.34 h when \(s_w=300\). For WADI, the 100-epoch training-testing round took 1.79 h when \(s_w=30\), while it took 6.68 h when \(s_w=300\). Note that WADI took less computation burden since most of its variables are actuator signals (ON/OFF).
References
Ahmed Chuadhry Mujeeb, V.R.P., Mathur, A.P.: Wadi: a water distribution testbed for research in the design of secure cyber physical systems. In: In Proceedings of the 3rd International Workshop on Cyber-Physical Systems for Smart Water Networks, pp. 25–28. ACM (2017). https://doi.org/10.1145/3055366.3055375
Alec, R., Metz, L., Chintala, S.: Unsupervised representation learning with deep convolutional generative adversarial networks. arXiv preprint arXiv 1511(06434) (2015)
Budhraja, K.K., Oates, T.: Adversarial feature selection. In: IEEE International Conference on Data Mining Workshop (ICDMW), pp. 288–294. IEEE (2015). https://doi.org/10.1109/icdmw.2015.59
Chun-Liang, L., Chang, W.C., Cheng, Y., Yang, Y., Póczos, B.: MMD GAN: towards deeper understanding of moment matching network. In: In Advances in Neural Information Processing Systems, pp. 2203–2213 (2017)
Donghwoon, K., Kim, H., Kim, J., Suh, S.C., Kim, I., Kim, K.J.: A survey of deep learning-based network anomaly detection. Cluster Comput. 1–139 (2017). https://doi.org/10.1007/s10586-017-1117-8
Fei, Z., Chan, P.P., Biggio, B., Yeung, D.S., Roli, F.: Adversarial feature selection against evasion attacks. IEEE Trans. Cybern. 46(3), 766–777 (2016). https://doi.org/10.1109/tcyb.2015.2415032
Harrou, F., Nounou, M.N., Nounou, H.N., Madakyaru, M.: Pls-based EWMA fault detection strategy for process monitoring. J. Loss Prev. Process Ind. 36, 108–119 (2015). https://doi.org/10.1016/j.jlp.2015.05.017
Houssam, Z., Foo, C.S., Lecouat, B., Manek, G., Chandrasekhar, V.R.: Efficient GAN-based anomaly detection. arXiv preprint arXiv 1802(06222) (2018)
Jonathan, G., Adepu, S., Junejo, K.N., Mathur, A.: A dataset to support research in the design of secure water treatment systems. In: International Conference on Critical Information Infrastructures Security, pp. 88–99 (2016). https://doi.org/10.1007/978-3-319-71368-7_8
Jonathan, G., Adepu, S., Tan, M., Lee, Z.S.: Anomaly detection in cyber physical systems using recurrent neural networks. In: In IEEE 18th International Symposium on High Assurance Systems Engineering (HASE), pp. 140–145. IEEE (2017). https://doi.org/10.1109/HASE.2017.36
Li, D., Hu, G., Spanos, C.J.: A data-driven strategy for detection and diagnosis of building chiller faults using linear discriminant analysis. Energy Build. 128, 519–529 (2016). https://doi.org/10.1016/j.enbuild.2016.07.014
Li, S., Wen, J.: A model-based fault detection and diagnostic methodology based on pca method and wavelet transform. Energy Build. 68, 63–71 (2014). https://doi.org/10.1016/j.enbuild.2013.08.044
Lipton Zachary C., J.B., Elkan, C.: A critical review of recurrent neural networks for sequence learning. In: arXiv preprint arXiv:1506.00019 (2015)
Martin, P.D.: Evaluation: from precision, recall and f-measure to roc, informedness, markedness and correlation. J. Mach. Learn. Technol. 2(1) (2011)
Mathur, A.P., Tippenhauer, N.O.: Swat: a water treatment testbed for research and training on ICS security. In: International Workshop on Cyber-physical Systems for Smart Water Networks (CySWater), pp. 31–36. IEEE (2016). https://doi.org/10.1109/cyswater.2016.7469060
Raymond, Y., Chen, C., Lim, T.Y., Hasegawa-Johnson, M., Do, M.N.: Semantic image inpainting with perceptual and contextual losses. arXiv preprint arXiv 1607(07539) (2016)
Sun, B., Luh, P.B., Jia, Q.S., O’Neill, Z., Song, F.: Building energy doctors: an SPC and Kalman filter-based method for system-level fault detection in HVAC systems. IEEE Trans. Autom. Sci. Eng. 11(1), 215–229 (2014). https://doi.org/10.1109/tase.2012.2226155
Thomas, S., Seeböck, P., Waldstein, S.M., Schmidt-Erfurth, U., Langs, G.: Unsupervised anomaly detection with generative adversarial networks to guide marker discovery, pp. 146–157 (2017). https://doi.org/10.1007/978-3-319-59050-9_12
Tim, S., Goodfellow, I., Zaremba, W., Cheung, V., Radford, A., Chen, X.: Improved techniques for training GANS. In: Advances in Neural Information Processing Systems, pp. 2234–2242 (2016)
Xuewu, D., Gao, Z.: From model, signal to knowledge: a data-driven perspective of fault detection and diagnosis. IEEE Trans. Industr. Inf. 9(4), 2226–2238 (2013). https://doi.org/10.1109/tii.2013.2243743
Yongjie, L., Wang, Q., Gu, Y., Kamijo, S.: A latent space understandable generative adversarial network: selfexgan. In: International Conference on Digital Image Computing: Techniques and Applications (DICTA), pp. 1–8. IEEE (2017). https://doi.org/10.1109/dicta.2017.8227390
Yu, W., Cheng, W., Aggarwal, C.C., Zhang, K., Chen, H., Wang, W. : Netwalk: a flexible deep embedding approach for anomaly detection in dynamic networks. In: Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, pp. 2672–2681. ACM (2018). https://doi.org/10.1145/3219819.3220024
Yuan, X., Xu, T., Zhang, H., Long, R., Huang, X.: SEGAN: adversarial networkwith multi-scale l1 loss for medical image segmentation. arXiv preprint arXiv 1706(01805) (2017). https://doi.org/10.1007/s12021-018-9377-x
Zhao, Y., Nasrullah, Z., Li, Z.: Pyod: a python toolbox for scalable outlier detection. J. Mach. Learn. Res. 20, 1–7 (2019). http://jmlr.org/papers/v20/19-011.html
Zhou, Y., Arghandeh, R., Konstantakopoulos, I., Abdullah, S., Spanos, C.J.: Data-driven event detection with partial knowledge: a hidden structure semi-supervised learning method. In: In American Control Conference (ACC), pp. 5962–5968. IEEE (2016). https://doi.org/10.1109/acc.2016.7526605
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Li, D., Chen, D., Jin, B., Shi, L., Goh, J., Ng, SK. (2019). MAD-GAN: Multivariate Anomaly Detection for Time Series Data with Generative Adversarial Networks. In: Tetko, I., Kůrková, V., Karpov, P., Theis, F. (eds) Artificial Neural Networks and Machine Learning – ICANN 2019: Text and Time Series. ICANN 2019. Lecture Notes in Computer Science(), vol 11730. Springer, Cham. https://doi.org/10.1007/978-3-030-30490-4_56
Download citation
DOI: https://doi.org/10.1007/978-3-030-30490-4_56
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-30489-8
Online ISBN: 978-3-030-30490-4
eBook Packages: Computer ScienceComputer Science (R0)