Detecting cyberattacks based on deep neural network approaches in industrial control systems

Historical cases demonstrate the growing cybersecurity threats associated with water distribution and treatment systems, which are essential components of infrastructure. Detecting anomalies in time series data from industrial control systems has become an important issue due to its significance. This paper proposes an anomaly detection approach that utilizes statistical measurements and the relationship between observed and predicted values of deep neural network (DNN) models. To achieve this goal, we compared several convolutional and recurrent DNN architectures, including convolutional neural network (CNN), long short-term memory (LSTM), recurrent neural network (RNN), and gated recurrent unit (GRU) models. Our aim was to automatically learn the relationships between sensors from time series data, improve detection performance, and quickly extract long-term and short-term dependencies to help detect possible anomalies. The performances of the DNN models on two real water system datasets, Secure Water Treatment (SWaT) and Water Distribution (WADI) datasets, were analyzed. The results indicate that the GRU model is more efficient than the other models in reducing the absolute error between the predicted and observed values, when evaluated in terms of prediction performance for both datasets. Additionally, the RNN model demonstrated successful anomaly detection with high F1-score values of 0.9848 and 0.7651 for SWaT and WADI datasets. The study provides valuable information on how to secure water networks against online attacks through extensive testing and comparative evaluation.