This highly technical session shows how long short-term memory (LSTM) RNN can be used to detect anomalies and cyber attacks on ICS. LSTM deep neural network learns under normal operation condition signals from sensors and controls and then detect anomalies in those signals that are caused by cyber attacks and other reasons. The proposed method calculates mean-square-error threshold of detection and allows anomaly interpretation.
The RNN detection approach will be demonstrated and explained using the well-known Tennessee Eastman Process under a cyber-attack simulation. The demonstration includes a realistic mathematical model of plant, 3D-plant visualization and actual PLC’s. The results of proposed method comparison with other machine learning approaches presented on workshops of scientific conferences NIPS2016 and ICML2017.