Anomalies in cyber-physical systems may arise due to malicious cyber attacks or operational faults in the physical devices. Accurately detecting the anomalies and isolating their root-causes is important for identifying appropriate reactive and preventive measures and building resilient cyber-physical systems. Anomaly detection and isolation in cyber-physical systems is challenging, because the impact of a cyber attack on the operation of a physical system may manifest itself only after some time. In this paper, we present a Bayesian network approach for learning the causal relations between cyber and physical variables as well as their temporal correlations from unlabeled data. We describe the data transformations that we performed to deal with the heterogeneous characteristics of the cyber and physical data, so that the integrated dataset can be used to learn the Bayesian network structure and parameters. We then present scalable algorithms to detect different anomalies and isolate their respective root-cause using a Bayesian network. We also present results from evaluating our algorithms on an unlabeled dataset consisting of anomalies due to cyber attacks and physical faults in a commercial building system.

This content is only available via PDF.
You do not currently have access to this content.