Explainable Anomaly Detection for Industrial Control System Cybersecurity

In this study, the authors aim to build an XAI module for a method of anomaly detection in the context of ICSs. In particular, they applied a hybrid model which is a combination of the LSTM Autoencoder and one-class support vector machine (OCSVM) to predict abnormal on SCADA - Gas Pipeline dataset.

Authors: Do Thu Ha, Nguyen Xuan Hoang, Nguyen Viet Hoang, Nguyen Huu Du, Truong Thu Huong, Kim Phuc Tran



Industrial Control Systems (ICSs) are becoming more and more important in managing the operation of many important systems in smart manufacturing, such as power stations, water supply systems, and manufacturing sites. While massive digital data can be a driving force for system performance, data security has raised serious concerns. Anomaly detection, therefore, is essential for preventing network security intrusions and system attacks. Many AI-based anomaly detection methods have been proposed and achieved high detection performance, however, are still a "black box" that is hard to be interpreted. In this study, we suggest using Explainable Artificial Intelligence to enhance the perspective and reliable results of an LSTM-based Autoencoder-OCSVM learning model for anomaly detection in ICS. We demonstrate the performance of our proposed method based on a well-known SCADA dataset.

Keywords: XAI, LSTM Autoencoder, Anomaly Detection, ICS, Gradient SHAP

Figure 1: An XAI-based module is proposed for interpreting the black-box anomaly detection model

Figure 2: Gas pipeline system diagram

Figure 3: The global interpretation for one sequence including abnormal patterns