Anomaly detection scenarios in cyber-physical systems

Abstract

Increasing complexity of the systems' management in the modern digital era has prompted the creation of cyber-physical systems. Physical and computerised components are put together in cyber-physical systems to monitor and actuate the physical environment. Cyber-physical systems acquire data, interpret it, and respond in real-time or asynchronously. Physical and digital elements are combined in cyber-physical systems, resulting in a dynamic environment that is vulnerable to a variety of hazards and disturbances. Various factors, including threats, attacks, system problems, environmental changes, and human mistake may cause anomalies in a cyber-physical system. The demand for managing cyber-physical systems brings out the importance of anomaly detection and decision-making processes. It is not feasible to show humans each data and possibility to find an irregular behaviour and control the cyber-physical systems. Henceforth, the necessary calculations for the human to decide is done by the anomaly detection process. After finding the abnormalities, it offers multiple choice options for the human to make the right choice. Herein, human interaction is added to the cyber-physical systems especially where the decision is critical for the system. Adding human interaction into the system brokes the autonomy of the cyber-physical systems. Anyhow, cyber-physical systems still have an infrastructure to perform the humans' decisions autonomously. And so forth, managing large and complex cyber-physical environment became easier. Therefore, in this study anomaly detection and reasoning processes are developed by including human-in-the-loop property in cyber-physical systems. A computer-based irregularity finding method is called as anomaly detection. Anomaly detection processes aid decision-makers in the analysis of complicated data and offers suggestions for action. In this study, anomaly detection mechanism is used to assist in different cyber-physical systems by evaluating data from both physical and cyber components to support decision-making processes and to control cyber-physical environment. This study allows humans to concentrate on only the detected anomaly and decision-making point by facilitating the computation steps while rest of the system works autonomously. Therefore, anomaly detection is used to aid in locating possible vulnerabilities of cyber-physical systems as well as making suggestions for reducing the risks involved. Thus, safety critical systems are aimed to made safer. Decision-makers can enhance their decision-making techniques and reduce potential hazards in the systems' environment by utilizing the irregularity detection process in cyber-physical systems. Therefore, anomaly detection is utilized in cyber-physical environments to anticipate and avoid from possible future predictive maintenance. An anomaly detection system utilizes a variety of strategies to reach an outcome or spot an abnormality. Varied architectures and types of decision support are emerged due to the numerous methods for carrying out the processes of abnormality detection and decision-making. A cyber-physical monitoring and control system may benefit from a rule based deterministic method. On the other hand, it may utilize a nondeterministic black-box method using machine learning or artificial intelligence. Additionally, it may apply clustering techniques, analytical methods or statistical interpretations/computations. In this study, two separate anomaly detection and reasoning prototypes are constructed for two distinct cyber-physical systems to find abnormalities and to help the decision-making process. In the first prototype, an anomaly detection method is proposed in a smart grid. Smart grids are modern electrical networks that employ cutting-edge technology to boost the effectiveness, dependability, and sustainability of electricity generation, transmission, and distribution. Bidirectional communication between energy suppliers and customers is made possible by these grids, enabling for more effective and efficient control of energy supply and demand. Digital technologies are used by smart grids to monitor and control the flow of power. These technologies include sensors, smart meters, and other gadgets that can interact to energy suppliers as well as to each other. Smart grids can decrease waste and improve energy use by continuously monitoring energy use. To monitor the smart grid, an anomaly detection process is proposed in this study. The developed solution detects concept drift in the monitoring data to prevent stealthy attacks in case of a line outage in the smart grid. Also, proposed solution uses machine learning-based supervised algorithms to estimate the behavior of a particular smart grid. The model suits the expected behaviors of the smart grid. Therefore, smart grid's expected behaviors can yield accurate results. As a consequence, historical smart grid data is used to run an anomaly detection system using machine learning techniques. At the network level of smart grid systems, forecasting harmful activity and discovering breaches have been investigated. These harmful actions include false data injection attacks that compromise the accuracy of the sensor network data that has been gathered. The models gives results with high accuracy to monitor the expected behaviours and detect consistencies in a previously known smart grid. The second prototype suggests an anomaly type detection and decision-making system for water quality management systems. A system for managing the quality of the water in a particular region is called a water quality management system. The system entails a number of operations, including monitoring water sources, identifying possible pollutant sources, setting up treatment procedures, and putting policies into place to maintain or enhance water quality. Water quality management systems monitor water quality, which entails routinely testing water from sources. In this step, any changes in water quality and probable pollution sources can be found with the use of the gathered data and a anomaly type detection mechanism. Therefore, the second prototype uses rule-based deterministic technique to operate on a network of rivers to observe the condition of the river. A generic model of a river network is developed to execute the suggested anomaly type detection solution on the gathered or measured data. The model is then updated with measurement values so that calculations can be done on them. The use of deterministic computing is suggested as a way to identify discrepancies between measurement values and anticipated results and gain insight into the behavior of rivers.