{"title":"Prediction of Industrial Cyber Attacks Using Normalizing Flows","authors":"V. P. Stepashkina, M. I. Hushchyn","doi":"10.1134/S1064562424602269","DOIUrl":null,"url":null,"abstract":"<p>This paper presents the development and evaluation of methods for detecting cyberattacks on industrial systems using neural network approaches. The focus is on the task of detecting anomalies in multivariate time series, where the diversity and complexity of potential attack scenarios require the use of advanced models. To address these challenges, a transformer-based autoencoder architecture was used, which was further enhanced by transitioning to a variational autoencoder (VAE) and integrating normalizing flows. These modifications allowed the model to better capture the data distribution, enabling effective anomaly detection, including those not present in the training set. As a result, high performance was achieved, with an F1 score of 0.93 and a ROC-AUC of 0.87. The results underscore the effectiveness of the proposed methodology and provide valuable contributions to the field of anomaly detection and cybersecurity in industrial systems.</p>","PeriodicalId":531,"journal":{"name":"Doklady Mathematics","volume":"110 1 supplement","pages":"S95 - S102"},"PeriodicalIF":0.5000,"publicationDate":"2025-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Doklady Mathematics","FirstCategoryId":"100","ListUrlMain":"https://link.springer.com/article/10.1134/S1064562424602269","RegionNum":4,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"MATHEMATICS","Score":null,"Total":0}
引用次数: 0
Abstract
This paper presents the development and evaluation of methods for detecting cyberattacks on industrial systems using neural network approaches. The focus is on the task of detecting anomalies in multivariate time series, where the diversity and complexity of potential attack scenarios require the use of advanced models. To address these challenges, a transformer-based autoencoder architecture was used, which was further enhanced by transitioning to a variational autoencoder (VAE) and integrating normalizing flows. These modifications allowed the model to better capture the data distribution, enabling effective anomaly detection, including those not present in the training set. As a result, high performance was achieved, with an F1 score of 0.93 and a ROC-AUC of 0.87. The results underscore the effectiveness of the proposed methodology and provide valuable contributions to the field of anomaly detection and cybersecurity in industrial systems.
期刊介绍:
Doklady Mathematics is a journal of the Presidium of the Russian Academy of Sciences. It contains English translations of papers published in Doklady Akademii Nauk (Proceedings of the Russian Academy of Sciences), which was founded in 1933 and is published 36 times a year. Doklady Mathematics includes the materials from the following areas: mathematics, mathematical physics, computer science, control theory, and computers. It publishes brief scientific reports on previously unpublished significant new research in mathematics and its applications. The main contributors to the journal are Members of the RAS, Corresponding Members of the RAS, and scientists from the former Soviet Union and other foreign countries. Among the contributors are the outstanding Russian mathematicians.