CPS-GUARD: Intrusion detection for cyber-physical systems and IoT devices using outlier-aware deep autoencoders

Detecting attacks to Cyber-Physical Systems (CPSs) is of utmost importance, due to their increasingly fre-quent use in many critical assets. Intrusion detection in CPSs and other domains, such as the Internet of Things, is often addressed through machine and deep learning. However, many existing proposals tend to favor the application of complex detection models over the usability in real-world operations. This paper presents CPS-GUARD, a novel intrusion detection approach based on a single semi-supervised au-toencoder and a technique to set the threshold used to discriminate normal operations from attacks. The technique is outlier-aware, in that it relies on outlier detection to mitigate inherent imperfections of the training data.CPS-GUARD is evaluated by means of direct experiments with normal and intrusion data points pertain-ing to individual sensing devices, an HTTP server and four full-fledged systems, including CPSs. Exper-iments are based on a wide spectrum of attacks available in six state-of-the-art datasets. The intrusion detection results of CPS-GUARD are within 0.949-1.0 0 0 recall, 0.961-0.999 precision and 0.006-0.027 false positive rate depending on the specific system. The results are competitive with other existing intrusion detection methods. The evaluation is complemented by a comparative study on alternative threshold se-lection and outlier detection techniques.(c) 2023 Elsevier Ltd. All rights reserved.