Deep autoencoders as anomaly detectors: Method and case study in a distributed water treatment plant

Abstract Industrial Control Systems (ICS) are found in critical infrastructure, such as, water treatment plants and oil refineries. ICS are often the target of cyber-attacks leading to undesirable consequences. It is essential to detect process anomalies resulting from such attacks before appropriate defensive actions are considered. In this work, a deep autoencoder-based anomaly detector (DAE) is proposed. DAE is trained using data collected during normal operation of a plant. The detection effectiveness of three variants of DAE was experimentally evaluated on an operational Secure Water Treatment (SWaT) plant. Further, the amount of plant design knowledge needed to design DAE was compared with that needed to create design-centric approaches for anomaly detection. Experimental results indicate that the proposed DAE, constructed with minimal design knowledge, is effective in detecting process anomalies resulting due to single and multi-point coordinated attacks with high detection rate and few false alarms.