Go to OpenReview Public Article ORCID homepageRDSAD: Robust Threat Detection in Evolving Data Streams via Adaptive Latent Dynamics
Abstract: Cyber-Physical Systems (CPSs) are the backbone of Industry 4.0, seamlessly integrating physical and software components for advanced automation in diverse sectors. Recent cyber incidents have shown that these systems are increasingly vulnerable to targeted attacks. Undetected attacks on CPSs can disrupt operations, compromise safety, and cause significant economic losses. Thus, anomaly-based Intrusion Detection Systems (IDSs) are essential to ensure their safety and security, especially in an unsupervised setting where manual labelling is cost-prohibitive. However, current methods encounter significant challenges with complex and evolving characteristics of data streams generated from CPSs, like high dimensionality, uncertainty, and changing patterns, often resulting in high false alarms and missed attacks. This article introduces RDSAD, an unsupervised, robust and adaptive anomaly-based intrusion detection method tailored to effectively monitor evolving complex CPS data streams. RDSAD integrates two innovative components: Dynamic Deviation Recognition (DDR) for capturing the underlying system dynamics, and Shift-aware Model Adaptation (SMA) for adaptive model updates in response to changing patterns. Through extensive evaluations, the experimental results demonstrate the superior performance of RDSAD compared with static and streaming state-of-the-art methods. It achieved the best AUC of 0.90 and 0.88 on SWaT and WADI datasets, respectively, and it obtained efficient runtime with large data streams.
External IDs:doi:10.1109/tdsc.2025.3614294
Loading