{"title":"Finding Component Relationships: A Deep-Learning-Based Anomaly Detection Interpreter","authors":"Lijuan Xu;Ziyu Han;Zhen Wang;Dawei Zhao","doi":"10.1109/TCSS.2024.3360435","DOIUrl":null,"url":null,"abstract":"While the interpretability of deep learning (DL)-based models has been extensively explored in academia, applying existing interpretation methods to anomaly detection in industrial control systems (ICSs) poses challenges for two primary reasons. First, security experts in ICS have distinct interpretive priorities, emphasizing the need for stability and readability. Second, there are various types of device components in ICS, and the potential interactions between sensors and actuators are yet to be explored. To tackle the above challenges, we propose DeepINT, an interpreter for anomaly detection in ICS. In DeepINT, we adopt a search optimization algorithm to find the reference and capture feature importance by the backpropagation gradient to improve interpretation performance and reliability. In addition, we construct a finite difference-based interaction detection, which tests the interaction of different device components, in order to address the problem that actuators in ICS are not easily interpreted, meanwhile improving the comprehensiveness and accuracy of the interpretation results. In comprehensive experiments on two real water treatment datasets [secure water treatment (SWaT) and water distribution (WADI)], DeepINT shows excellent interpretation performance compared to the six state-of-the-art baseline methods, especially on the SWaT dataset, with a 60% improvement in interpretation accuracy. In addition, our method significantly improves the efficiency of interaction detection, which balances interpretation performance and time efficiency.","PeriodicalId":13044,"journal":{"name":"IEEE Transactions on Computational Social Systems","volume":null,"pages":null},"PeriodicalIF":4.5000,"publicationDate":"2024-02-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Computational Social Systems","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10443463/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, CYBERNETICS","Score":null,"Total":0}
引用次数: 0
Abstract
While the interpretability of deep learning (DL)-based models has been extensively explored in academia, applying existing interpretation methods to anomaly detection in industrial control systems (ICSs) poses challenges for two primary reasons. First, security experts in ICS have distinct interpretive priorities, emphasizing the need for stability and readability. Second, there are various types of device components in ICS, and the potential interactions between sensors and actuators are yet to be explored. To tackle the above challenges, we propose DeepINT, an interpreter for anomaly detection in ICS. In DeepINT, we adopt a search optimization algorithm to find the reference and capture feature importance by the backpropagation gradient to improve interpretation performance and reliability. In addition, we construct a finite difference-based interaction detection, which tests the interaction of different device components, in order to address the problem that actuators in ICS are not easily interpreted, meanwhile improving the comprehensiveness and accuracy of the interpretation results. In comprehensive experiments on two real water treatment datasets [secure water treatment (SWaT) and water distribution (WADI)], DeepINT shows excellent interpretation performance compared to the six state-of-the-art baseline methods, especially on the SWaT dataset, with a 60% improvement in interpretation accuracy. In addition, our method significantly improves the efficiency of interaction detection, which balances interpretation performance and time efficiency.
期刊介绍:
IEEE Transactions on Computational Social Systems focuses on such topics as modeling, simulation, analysis and understanding of social systems from the quantitative and/or computational perspective. "Systems" include man-man, man-machine and machine-machine organizations and adversarial situations as well as social media structures and their dynamics. More specifically, the proposed transactions publishes articles on modeling the dynamics of social systems, methodologies for incorporating and representing socio-cultural and behavioral aspects in computational modeling, analysis of social system behavior and structure, and paradigms for social systems modeling and simulation. The journal also features articles on social network dynamics, social intelligence and cognition, social systems design and architectures, socio-cultural modeling and representation, and computational behavior modeling, and their applications.