Integrating physical and cyber realms, Cyber–Physical Systems (CPSs) expand the potential attack surface for intruders. Given their deployment in critical infrastructures like Industrial Control Systems (ICSs), ensuring robust security is imperative. Current research has developed various Intrusion Detection techniques to identify and counter malicious activities. However, traditional methods often encounter challenges in detecting several attack types due to reliance on a single data source such as time series data from sensors and actuators. In this study, we meticulously design advanced Deep Learning (DL) anomaly-based techniques trained on either sensor/actuator data or network traffic statistics in an unsupervised setting. We evaluate these techniques on network and physical data collected concurrently from a real-world CPS. Through meticulous hyperparameter tuning, we identify the optimal parameters for each model and compare their efficiency and effectiveness in detecting different types of attacks. In addition to demonstrating superior performance compared to various baselines, we showcase the best model for each data source. Eventually, we show how utilizing diverse data sources can enhance cyber-threat detection, recognizing different kinds of attacks.
An anomaly-based approach for cyber–physical threat detection using network and sensor data / Canonico, Roberto; Esposito, Giovanni; Navarro, Annalisa; Romano, Simon Pietro; Sperli, Giancarlo; Vignali, Andrea. - In: COMPUTER COMMUNICATIONS. - ISSN 0140-3664. - 234:(2025). [10.1016/j.comcom.2025.108087]
An anomaly-based approach for cyber–physical threat detection using network and sensor data
Canonico, Roberto;Navarro, Annalisa;Romano, Simon Pietro;Sperli, Giancarlo;Vignali, Andrea
2025
Abstract
Integrating physical and cyber realms, Cyber–Physical Systems (CPSs) expand the potential attack surface for intruders. Given their deployment in critical infrastructures like Industrial Control Systems (ICSs), ensuring robust security is imperative. Current research has developed various Intrusion Detection techniques to identify and counter malicious activities. However, traditional methods often encounter challenges in detecting several attack types due to reliance on a single data source such as time series data from sensors and actuators. In this study, we meticulously design advanced Deep Learning (DL) anomaly-based techniques trained on either sensor/actuator data or network traffic statistics in an unsupervised setting. We evaluate these techniques on network and physical data collected concurrently from a real-world CPS. Through meticulous hyperparameter tuning, we identify the optimal parameters for each model and compare their efficiency and effectiveness in detecting different types of attacks. In addition to demonstrating superior performance compared to various baselines, we showcase the best model for each data source. Eventually, we show how utilizing diverse data sources can enhance cyber-threat detection, recognizing different kinds of attacks.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
