International Journal of Critical Infrastructure Protection, Volume 31, December 2020,
Early and accurate anomaly detection in critical infrastructure (CI), such as water treatment plants and electric power grid, is necessary to avoid plant damage and service disruption. Several machine learning techniques have been employed for the design of an effective anomaly detector in such systems. However, threats such as from insiders and state actors, introduce challenges in the design of an effective anomaly detector. This work presents a multi-layer perceptron (MLP) based anomaly detector that uses an unsupervised approach to safeguard CI from the adverse impacts of cyber-attacks. The proposed detector was trained using the data collected under the normal operation of the plant. The model captures the temporal dependencies between the samples and predicts the plant behavior. Further, the well-known CUmulative SUM (CUSUM) approach was used to detect the abnormal deviations between the observed and predicted sensor values for the identification and reporting of anomalies. Experimental validation of the proposed method was carried out using a dataset obtained from Secure Water Treatment (SWaT) an operational water treatment testbed under normal operation as well as under direct and stealthy attacks. The performance of MLP-CUSUM was compared against the state-of-the-art machine learning models in terms of its classification accuracy, precision, recall, F1 score, and the false alarm rate.