Threat detection in reconfigurable Cyber–Physical Systems through Spatio-Temporal Anomaly Detection using graph attention network

Chronicles of the last few years show that industrial Cyber–Physical Systems are the target of dangerous cyber-attacks and face multiple threats. It is important to react as promptly as possible to such attacks and take proper countermeasures. Anomaly detection is a key activity in a Cyber–Physical System's defense strategy. It involves analyzing sensor data, modeled as a Multivariate Time Series, to identify deviations from expected behavior, that may indicate potential cyber threats or attacks. In this paper, we design a novel framework integrating spatial and temporal modules to unveil spatio-temporal dependencies within sensor data in Cyber–Physical Systems to detect possible intrusions. We propose a novel strategy based on time series correlation to build a graph minimizing the number of sensors’ connections to unveil spatial dependencies between multimodal time series. The prediction and reconstruction losses are then leveraged to detect anomalies. The proposed framework has been evaluated on a real-world Cyber–Physical System, on which we evaluated both the efficacy and efficiency with respect to different competing approaches. The experimental analysis shows that the proposed framework outperforms eight state-of-the-art ones by increasing the precision of 0.59% while reducing both the training time (21.05%) for each epoch and memory occupation (77.8%) with respect to the best competitor in the literature. These characteristics make it particularly suitable for industrial environments that need periodic reconfigurations.