Aggregation of Heterogeneous Anomaly Detectors for Cyber-Physical Systems

Abstract

Distributed, life-critical systems that bridge the gap between software and hardware are becoming an integral part of our everyday lives. From autonomous cars to smart electrical grids, such cyber-physical systems will soon be omnipresent. With this comes a corresponding increase in our vulnerability to cyber-attacks. Monitoring such systems to detect malicious actions is of critical importance.

One method of monitoring cyber-physical systems is anomaly detection: the process of detecting when the target system is deviating from expected normal behavior. Anomaly detection is a vibrant research area with many different viable approaches. The literature suggests many different anomaly detection methods for the diversity and volume of data from cyber-physical systems. We focus on aggregating the result of multiple anomaly detection methods into a final anomalous or non-anomalous verdict.

In this thesis, we present Palisade, a distributed data collection, anomaly detection, and aggregation framework for cyber-physical systems. We discuss various methods of anomaly detection and aggregation and include a case study of anomaly aggregation on a cyber-physical treadmill driving demonstrator. We conclude with a discussion of lessons learned from the construction of Palisade, and recommendations for future research.