Industrial Control System Anomaly Detection Using Convolutional Neural Network Consensus

Industrial control systems provide transportation, essential utilities, and the manufacturing of goods to the masses. It is critical that controlled processes are executed correctly and according to schedule. Monitoring the system's performance during its operation is an important approach for maintaining high levels of reliability and availability. We present a system monitoring capability that implements parallel multi-view neural networks to detect anomalous behavior in an industrial control system by predicting operational states. By deploying the prediction capability within the system, system operation can be monitored in a semi-supervised manner to ensure the actual system state lies within an appropriate region of the state space that was previously predicted by the neural networks. Furthermore, if the two predictive models diverge in their classification of state (breaking consensus), it is likely that system operation has been compromised due to faulty equipment, communication errors, or some other source of malfunction. To achieve different "views" of the system, one predictive model is trained to analyze the data flow of system control packets and the other model is trained to analyze gyrometric signals obtained from physical sensors in the control system. We demonstrate that this methodology can detect anomalous behavior of an example industrial control system by emulating its operation in the presence of injected anomalies. Results indicate highly accurate anomaly detection during system operation.