Early and accurate anomaly detection in critical infrastructure (CI), such as water treatment plants and electric power grid, is necessary to avoid plant damage and service disruption. Several machine learning techniques have been employed for the design of an effective anomaly detector in such systems. However, threats such as from insiders and state actors, introduce challenges in the design of an effective anomaly detector. This work presents a multi-layer perceptron (MLP) based anomaly detector that uses an unsupervised approach to safeguard CI from the adverse impacts of cyber-attacks. The proposed detector was trained using the data collected under the normal operation of the plant. The model captures the temporal dependencies between the samples and predicts the plant behavior. Further, the well-known CUmulative SUM (CUSUM) approach was used to detect the abnormal deviations between the observed and predicted sensor values for the identification and reporting of anomalies. Experimental validation of the proposed method was carried out using a dataset obtained from Secure Water Treatment (SWaT) an operational water treatment testbed under normal operation as well as under direct and stealthy attacks. The performance of MLP-CUSUM was compared against the state-of-the-art machine learning models in terms of its classification accuracy, precision, recall, F1 score, and the false alarm rate.

为了避免工厂损坏和服务中断，必须对关键基础设施（CI）（如水处理厂和电网）进行早期准确的异常检测。在这种系统中，已经采用了几种机器学习技术来设计有效的异常检测器。但是，来自内部人员和国家行为者的威胁给有效异常检测器的设计带来了挑战。这项工作提出了一种基于多层感知器（MLP）的异常检测器，该检测器使用了无监督方法来保护CI免受网络攻击的不利影响。使用在工厂正常运行下收集的数据对建议的检测器进行了培训。该模型捕获样本之间的时间相关性，并预测植物行为。进一步，众所周知的累积总和（CUSUM）方法用于检测观测值和预测值之间的异常偏差，以识别和报告异常。使用从安全水处理（SWaT）获得的数据集对提出的方法进行实验验证，该数据集是在正常运行以及直接和隐身攻击下的运行水处理试验床。在分类准确度，准确性，召回率，F1得分和误报率方面，将MLP-CUSUM的性能与最新的机器学习模型进行了比较。使用从安全水处理（SWaT）获得的数据集对提出的方法进行实验验证，该数据集是在正常运行以及直接和隐身攻击下的运行水处理试验床。在分类准确度，准确性，召回率，F1得分和误报率方面，将MLP-CUSUM的性能与最新的机器学习模型进行了比较。使用从安全水处理（SWaT）获得的数据集对提出的方法进行实验验证，该数据集是在正常运行以及直接和隐身攻击下的运行水处理试验床。在分类精度，精度，召回率，F1得分和误报率方面，将MLP-CUSUM的性能与最新的机器学习模型进行了比较。