SAD-GAN: A Novel Secure Anomaly Detection Framework for Enhancing the Resilience of Cyber-Physical Systems

Abstract

Cyber-physical systems occupy a significant portion of the critical infrastructure market, but their prominence has raised concerns due to their susceptibility to certain anomalies. The typical approaches tend to be ineffective to flexible and complex conditions of CPS environments. To address these issues, this paper presents SAD-GAN—self-adaptive deep generative adversarial network—framework that aimed at improving real-time detection of anomalies. SAD-GAN follows a GAN framework with generator (G), which is trained to generate normal behavior of the system, and discriminator (D) which is trained to distinguish normal and artificial data patterns. The anomalies are detected based on a dual-scoring mechanism which consists of reconstruction error and discriminator confidence and are multiplied by the two adjustable constants, 2 and 3. These coefficients determine the relative adjustment of action of each of the scores of the final anomaly detection process and are pumped dynamically with the verification turnover to guarantee credible detection with the changes in the progress of the system. This mechanism enables SAD-GAN to learn and adjust at run time with no need of manual reconfiguration. It was tested against benchmark CPS datasets (SWaT and WADI) and proved to be better performing than conventional models, e.g., Isolation Forest and static GANs. SAD-GAN has an accuracy of 97.2, and the false positive was under 2% and identified significant changes in the time of detection and flexibility. These findings validate the efficiency of SAD-GAN to find minute and changing anomalies without a high number of false alarms. The suggested method, in general, provides a flexible, smart, and adaptable algorithm of robust anomaly detection in contemporary CPS systems.