Federated Learning-Based Explainable Anomaly Detection for Industrial Control Systems

We are now witnessing the rapid growth of advanced technologies and their application, leading to Smart Manufacturing (SM). The Internet of Things (IoT) is one of the main technologies used to enable smart factories, which is connecting all industrial assets, including machines and control systems, with the information systems and the business processes. Industrial Control Systems of smart IoT-based factories are one of the top industries attacked by numerous threats, especially unknown and novel attacks. As a result, with the distributed structure of plenty of IoT front-end sensing devices in SM, an effectively distributed anomaly detection (AD) architecture for IoT-based ICSs should: achieve high detection performance, train and learn new data patterns in a fast time scale, and have lightweight to be deployed on resource-constrained edge devices. To date, most solutions for anomaly detection have not fulfilled all of these requirements. In addition, the interpretability of why an instance is predicted to be abnormal is hardly concerned. In this paper, we propose the so- called FedeX architecture to address those challenges. The experiments show that FedeX outperforms 14 other existing anomaly detection solutions on all detection metrics with the liquid storage data set. And with Recall of 1 and F1-score of 0.9857, it also outperforms those solutions on the SWAT data set. FedeX is also proven to be fast in terms of training time of about 7.5 minutes and lightweight in terms of hardware requirement with memory consumption of 14%, allowing us to deploy anomaly detection tasks on top of edge computing infrastructure and in real-time. Besides, FedeX is considered as one of the frameworks at the forefront of interpreting the predicted anomalies by using XAI, which enables experts to make quick decisions and trust the model more.