skip to main content
10.1145/3627673.3680096acmconferencesArticle/Chapter ViewAbstractPublication PagescikmConference Proceedingsconference-collections
research-article

Multi-view Causal Graph Fusion Based Anomaly Detection in Cyber-Physical Infrastructures

Published: 21 October 2024 Publication History

Abstract

The rise in cyber attacks on cyber-physical critical infrastructures, like water treatment networks, is evidenced by the growing frequency of breaches and the evolving sophistication of attack methods. Attack detection in such vulnerable critical infrastructures can be generalized into a task of anomaly detection with multivariate stream data. There are two essential challenges of this task: 1) Evolving and Shifting data streams; and 2) Robust Attack Pattern representation. Existing anomaly detection approaches, including statistical, distance, density, neural network, and graph-based methods, are not specialized in solving the spurious statistical relationships of evolving distribution shifts in sensing data streams. To address the two challenges, we propose a multi-view causal graph perspective, where 1) We build causal graphs to capture invariant anomaly patterns in varying streams; and 2) Introduce multi-view fusion for robust attack pattern representation. To implement this technical perspective, we develop a fused multi-view causal graph-aware anomaly detection framework. This framework includes two phases: 1) Multi-view Causal Graphs and Spectral Fusion, where we learn the dense view and sparse view causal graphs from sensory data streams and fuse the two causal graphs into a single weighted Laplacian matrix representation. 2) Graph Anomaly Detection, where we train a Deep Convolutional Graph Neural Network (DGCNN) on the Laplacian representation of the "Attack" and "Normal" status graphs to detect attack statuses on sensory data streams per time interval. Our framework achieves a ROC-Score of 82.4% and 93.2% on the SWaT and WADI Water Treatment Network Datasets with an improvement of 9.03% and 16.5% on the f1-score respectively when compared with the best-performing baseline methods on both the datasets.

References

[1]
Sridhar Adepu and Aditya Mathur. 2021. Distributed Attack Detection in aWater Treatment Plant: Method and Case Study. IEEE Transactions on Dependable and Secure Computing 18, 1 (2021), 86--99. https://doi.org/10.1109/TDSC.2018.2875008
[2]
Chuadhry Ahmed, Venkata Palleti, and Aditya Mathur. 2017. WADI: a water distribution testbed for research in the design of secure cyber physical systems. 25--28. https://doi.org/10.1145/3055366.3055375
[3]
Wahid Salman Al Farizi, Indriana Hidayah, and Muhammad Nur Rizal. 2021. Isolation Forest Based Anomaly Detection: A Systematic Literature Review. In 2021 8th International Conference on Information Technology, Computer and Electrical Engineering (ICITACEE). 118--122. https://doi.org/10.1109/ICITACEE53184.2021. 9617498
[4]
Oliver Atkinson, Akanksha Bhardwaj, Christoph Englert, Vishal S. Ngairangbam, and Michael Spannowsky. 2021. Anomaly detection with convolutional Graph Neural Networks. Journal of High Energy Physics 2021, 8 (Aug. 2021). https: //doi.org/10.1007/jhep08(2021)080
[5]
Ehtesamul Azim, Dongjie Wang, and Yanjie Fu. 2023. Deep Graph Stream SVDD: Anomaly Detection in Cyber-Physical Systems. In Advances in Knowledge Discovery and Data Mining: 27th Pacific-Asia Conference on Knowledge Discovery and Data Mining, PAKDD 2023, Osaka, Japan, May 25--28, 2023, Proceedings, Part IV (Osaka, Japan). Springer-Verlag, Berlin, Heidelberg, 83--95. https://doi.org/10.1007/978--3-031--33383--5_7
[6]
Tharindu R. Bandaragoda, Kai Ming Ting, David Albrecht, Fei Tony Liu, and Jonathan R. Wells. 2014. Efficient Anomaly Detection by Isolation Using Nearest Neighbour Ensemble. In 2014 IEEE International Conference on Data Mining Workshop. 698--705. https://doi.org/10.1109/ICDMW.2014.70
[7]
Paul Beaumont, Ben Horsburgh, Philip Pilgerstorfer, Angel Droth, Richard Oentaryo, Steven Ler, Hiep Nguyen, Gabriel Azevedo Ferreira, Zain Patel, andWesley Leong. 2021. CausalNex. https://github.com/quantumblacklabs/causalnex
[8]
Qingyu Deng and Jian Sun. 2018. False Data Injection Attack Detection in a Power Grid Using RNN. IECON 2018 - 44th Annual Conference of the IEEE Industrial Electronics Society (2018), 5983--5988. https://api.semanticscholar.org/CorpusID: 57366517
[9]
Hilmi E. Egilmez and Antonio Ortega. 2014. Spectral anomaly detection using graph-based filtering for wireless sensor networks. In 2014 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). 1085--1089. https: //doi.org/10.1109/ICASSP.2014.6853764
[10]
Doris Entner and Patrik O Hoyer. 2010. On causal discovery from time series data using FCI. Probabilistic graphical models (2010), 121--128.
[11]
Cheng Feng, Tingting Li, and Deeph Chana. 2017. Multi-level Anomaly Detection in Industrial Control Systems via Package Signatures and LSTM Networks. In 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). 261--272. https://doi.org/10.1109/DSN.2017.34
[12]
Jonathan Goh, Sridhar Adepu, Khurum Nazir Junejo, and Aditya P. Mathur. 2016. A Dataset to Support Research in the Design of SecureWater Treatment Systems. In Critical Information Infrastructures Security. https://api.semanticscholar.org/ CorpusID:3075307
[13]
Jonathan Goh, Sridhar Adepu, Marcus Tan, and Zi Shan Lee. 2017. Anomaly Detection in Cyber Physical Systems Using Recurrent Neural Networks. In 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE). 140--145. https://doi.org/10.1109/HASE.2017.36
[14]
Enbo He, Yitong Hao, Yue Zhang, Guisheng Yin, and Lina Yao. 2024. SCALA: Sparsification-based Contrastive Learning for Anomaly Detection on Attributed Networks. arXiv:2401.01625 [cs.SI]
[15]
Maryamsadat Hejazi and Yashwant Prasad Singh. 2013. ONE-CLASS SUPPORT VECTOR MACHINES APPROACH TO ANOMALY DETECTION. Applied Artificial Intelligence 27, 5 (2013), 351--366. https://doi.org/10.1080/08839514.2013. 785791 arXiv:https://doi.org/10.1080/08839514.2013.785791
[16]
Antti Hyttinen, Sergey Plis, Matti Järvisalo, Frederick Eberhardt, and David Danks. 2016. Causal Discovery from Subsampled Time Series Data by Constraint Optimization. In Proceedings of the Eighth International Conference on Probabilistic Graphical Models (Proceedings of Machine Learning Research, Vol. 52), Alessandro Antonucci, Giorgio Corani, and Campos (Eds.). PMLR, Lugano, Switzerland, 216--227. https://proceedings.mlr.press/v52/hyttinen16.html
[17]
Hans-Peter Kriegel, Matthias Schubert, and Arthur Zimek. 2008. Angle-Based Outlier Detection in High-Dimensional Data. In Proceedings of the 14th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (Las Vegas, Nevada, USA) (KDD '08). Association for Computing Machinery, New York, NY, USA, 444--452. https://doi.org/10.1145/1401890.1401946
[18]
Yuni Lai, Marcin Waniek, Liying Li, Jingwen Wu, Yulin Zhu, Tomasz P. Michalak, Talal Rahwan, and Kai Zhou. 2023. Coupled-Space Attacks against Random- Walk-based Anomaly Detection. arXiv:2307.14387 [cs.CR]
[19]
Zheng Li, Yue Zhao, Nicola Botta, Cezar Ionescu, and Xiyang Hu. 2020. COPOD: Copula-Based Outlier Detection. In 2020 IEEE International Conference on Data Mining (ICDM). 1118--1123. https://doi.org/10.1109/ICDM50108.2020.00135
[20]
Zheng Li, Yue Zhao, Xiyang Hu, Nicola Botta, Cezar Ionescu, and George H. Chen. 2023. ECOD: Unsupervised Outlier Detection Using Empirical Cumulative Distribution Functions. IEEE Transactions on Knowledge and Data Engineering 35, 12 (2023), 12181--12193. https://doi.org/10.1109/TKDE.2022.3159580 [21] Yixin Liu, Shirui Pan, Yu Guang Wang, Fei Xiong, Liang Wang, and Vincent C. S. Lee. 2021. Anomaly Detection in Dynamic Graphs via Transformer. CoRR abs/2106.09876 (2021). arXiv:2106.09876 https://arxiv.org/abs/2106.09876
[21]
Aditya P. Mathur and Nils Ole Tippenhauer. 2016. SWaT: a water treatment testbed for research and training on ICS security. In 2016 International Workshop on Cyber-physical Systems for Smart Water Networks (CySWater). 31--36. https: //doi.org/10.1109/CySWater.2016.7469060
[22]
Russell Merris. 1994. Laplacian matrices of graphs: a survey. Linear Algebra Appl. 197--198 (1994), 143--176. https://doi.org/10.1016/0024--3795(94)90486--3
[23]
Roxana Pamfil, Nisara Sriwattanaworachai, Shaan Desai, Philip Pilgerstorfer, Paul Beaumont, Konstantinos Georgatzis, and Bryon Aragam. 2020. DYNOTEARS: Structure Learning from Time-Series Data. arXiv:2002.00498 [stat.ML]
[24]
Armin Danesh Pazho, Ghazal Alinezhad Noghre, Arnab A Purkayastha, Jagannadh Vempati, Otto Martin, and Hamed Tabkhi. 2024. A Survey of Graph- Based Deep Learning for Anomaly Detection in Distributed Systems. IEEE Transactions on Knowledge and Data Engineering 36, 1 (2024), 1--20. https: //doi.org/10.1109/TKDE.2023.3282898
[25]
[26]
y. 2016. Loda: Lightweight on-line detector of anomalies. Machine Learning 102 (2016), 275--304.
[27]
Ali Kivanc Sahin, Bora Cavdar, Ramazan Ozgur Dogan, Selen Ayas, Busra Ozgenc, and Mustafa Sinasi Ayas. 2023. A Hybrid CNN-LSTM Framework for Unsupervised Anomaly Detection in Water Distribution Plant. In 2023 Innovations in Intelligent Systems and Applications Conference (ASYU). 1--6. https: //doi.org/10.1109/ASYU58738.2023.10296546
[28]
Haili Sun, Yan Huang, Lansheng Han, Cai Fu, Hongle Liu, and Xiang Long. 2024. MTS-DVGAN: Anomaly detection in cyber-physical systems using a dual variational generative adversarial network. Computers & Security 139 (2024), 103570. https://doi.org/10.1016/j.cose.2023.103570
[29]
Vecteezy. [n. d.]. Virus Vectors. https://www.vecteezy.com/free-vector/virus
[30]
Dongjie Wang, Zhengzhang Chen, Yanjie Fu, Yanchi Liu, and Haifeng Chen. 2023. Incremental Causal Graph Learning for Online Root Cause Analysis. In Proceedings of the 29th ACM SIGKDD Conference on Knowledge Discovery and Data Mining (Long Beach, CA, USA) (KDD '23). Association for Computing Machinery, New York, NY, USA, 2269--2278. https://doi.org/10.1145/3580305.3599392
[31]
Dongjie Wang, Zhengzhang Chen, Jingchao Ni, Liang Tong, Zheng Wang, Yanjie Fu, and Haifeng Chen. 2023. Interdependent Causal Networks for Root Cause Localization. In Proceedings of the 29th ACM SIGKDD Conference on Knowledge Discovery and Data Mining (Long Beach, CA, USA) (KDD '23). Association for Computing Machinery, New York, NY, USA, 5051--5060. https://doi.org/10.1145/ 3580305.3599849
[32]
Dongjie Wang, Pengyang Wang, Jinbo Zhou, Leilei Sun, Bowen Du, and Yanjie Fu. 2020. Defending Water Treatment Networks: Exploiting Spatio-Temporal Effects for Cyber Attack Detection. In 2020 IEEE International Conference on Data Mining (ICDM). 32--41. https://doi.org/10.1109/ICDM50108.2020.00012
[33]
Mingxi Wu and Christopher Jermaine. 2006. Outlier Detection by Sampling with Accuracy Guarantees. In Proceedings of the 12th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (Philadelphia, PA, USA) (KDD '06). Association for Computing Machinery, New York, NY, USA, 767--772. https://doi.org/10.1145/1150402.1150501
[34]
Tianhao Wu, Xingyu Wu, Xin Wang, Shikang Liu, and Huanhuan Chen. 2022. Nonlinear Causal Discovery in Time Series. In Proceedings of the 31st ACM International Conference on Information & Knowledge Management (Atlanta, GA, USA) (CIKM '22). Association for Computing Machinery, New York, NY, USA, 4575--4579. https://doi.org/10.1145/3511808.3557660
[35]
Guandong Xu, Tri Dung Duong, Qian Li, Shaowu Liu, and Xianzhi Wang. 2020. Causality Learning: A New Perspective for Interpretable Machine Learning. arXiv:2006.16789 [cs.LG]
[36]
Muhan Zhang, Zhicheng Cui, Marion Neumann, and Yixin Chen. 2018. An endto- end deep learning architecture for graph classification. In Proceedings of the Thirty-Second AAAI Conference on Artificial Intelligence and Thirtieth Innovative Applications of Artificial Intelligence Conference and Eighth AAAI Symposium on Educational Advances in Artificial Intelligence (New Orleans, Louisiana, USA) (AAAI'18/IAAI'18/EAAI'18). AAAI Press, Article 544, 8 pages.
[37]
Zheng Zhang and Xiaogang Deng. 2021. Anomaly detection using improved deep SVDD model with data structure preservation. Pattern Recognition Letters 148 (2021), 1--6. https://doi.org/10.1016/j.patrec.2021.04.020
[38]
Yue Zhao, Zain Nasrullah, and Zheng Li. 2019. PyOD: A Python Toolbox for Scalable Outlier Detection. Journal of Machine Learning Research 20, 96 (2019), 1--7. http://jmlr.org/papers/v20/19-011.html
[39]
Qinghai Zheng, Jihua Zhu, Zhongyu Li, Zhiqiang Tian, and Chen Li. 2023. Comprehensive Multi-view Representation Learning. Information Fusion 89 (2023), 198--209. https://doi.org/10.1016/j.inffus.2022.08.014
[40]
Xun Zheng, Bryon Aragam, Pradeep Ravikumar, and Eric P. Xing. 2018. DAGs with NO TEARS: Continuous Optimization for Structure Learning. arXiv:1803.01422 [stat.ML]

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
CIKM '24: Proceedings of the 33rd ACM International Conference on Information and Knowledge Management
October 2024
5705 pages
ISBN:9798400704369
DOI:10.1145/3627673
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 October 2024

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. anomaly detection
  2. causal graph learning
  3. critical infrastructures
  4. deep graph convolutional neural network
  5. sparsification

Qualifiers

  • Research-article

Funding Sources

Conference

CIKM '24
Sponsor:

Acceptance Rates

Overall Acceptance Rate 1,861 of 8,427 submissions, 22%

Upcoming Conference

CIKM '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • 0
    Total Citations
  • 158
    Total Downloads
  • Downloads (Last 12 months)158
  • Downloads (Last 6 weeks)40
Reflects downloads up to 15 Feb 2025

Other Metrics

Citations

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media