Yanjie Li,Xiaoyu Ji,Chenggang Li,Xiaofeng Xu,Wei Yan,Xu Yan,Yanjiao Chen,Wenyuan Xu

DOI: https://doi.org/10.1109/iceiec49280.2020.9152334

2020-01-01

Abstract:In recent years, artificial intelligence has been widely used in the field of network security, which has significantly improved the effect of network security analysis and detection. However, because the power industrial control system is faced with the problem of shortage of attack data, the direct deployment of the network intrusion detection system based on artificial intelligence is faced with the problems of lack of data, low precision, and high false alarm rate. To solve this problem, we propose an anomaly traffic detection method based on cross-domain knowledge transferring. By using the TrAdaBoost algorithm, we achieve a lower error rate than using LSTM alone.

Yidong Li,Li Zhang,Zhuo Lv,Wei Wang

DOI: https://doi.org/10.1109/tits.2020.3018259

IF: 8.5

2021-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:Safe and reliable intelligent charging stations are imperative in an intelligent transportation infrastructure. Over the past few years, a big number of smart charging stations have been deployed, and most of them are online and connected, resulting in potential risks of threats. Although there exists related work on securing intelligent vehicles, very little work focused on the security of charging devices. Unlike traditional network systems, these power-related Industrial Control Systems (ICSs) use many different proprietary protocols and diverse interactions. Traditional anomaly detection methods based on network traffic are thus not suitable for these systems. In this work, we propose an anomaly detection method in real vehicle power supply systems based on a deep architecture model. In particular, we propose a novel traffic anomaly detection model based on Multi-Head Attentions (MHA) that take into account the inherent correlations of traffic generated by ICSs. The MHA model is employed to substitute the traditional feature extraction and rule making process with an acceptable computational cost for classifying traffic data. It is an attention-based model that employs Google Transformer encoder architecture to extract recessive features of traffic for anomaly detection. The effectiveness of the model is demonstrated by experiments on two real-world power ICS testbeds including a substation with a slave charging station and a power generation simulation platform based on a distributed control system. Comprehensive experimental results indicate that the MHA model outperforms the Convolutional Neural Networks (CNN)-based and classical machine learning detection models with an accuracy rate of 99.86%.

engineering, electrical & electronic,transportation science & technology, civil

Xi He,Li Zhang,Tao Liu,Wei Wang

DOI: https://doi.org/10.1109/compcomm.2018.8780699

2018-01-01

Abstract:Intrusion detection based on network traffic has been widely studied in traditional network systems. At the same time, the security threats faced by Industrial Control Systems (ICS) are becoming increasingly severe. The network communication environments of ICSs are very different from the traditional Internet in in terms of protocols, interaction modes and security considerations. How to detect anomalies effectively in power production control system is an important issue. In this work, we use a representative Distributed Control System (DCS) working in thermal power generation scenarios and conduct various attacks on this DCS to generate an original network traffic. We then consider the time correlation and interaction stability of the DCS and propose a dual window scheme (Dual-Win) to get more effective features based on basic features. We use several machine learning methods for the detection of anomalies based on the traffic data. The experimental results show that our method achieves the detection accuracy as 99.41% with only basic traffic features, and the detection accuracy can be as 99.77% with the basic and Dual-Win features.

Zhining Lv,Ziheng Hu,Baifeng Ning,Yu Sun,Gangfeng Yan,Xiasheng Shi

DOI: https://doi.org/10.1109/CAC48633.2019.8996440

2019-01-01

Abstract:Power industrial terminal is a complex system with high reliability and security. Traditional methods for detecting data anomalies of power industrial terminal fail to fully mine the data characteristics. And it has shortcomings such as complex calculation, poor flexibility and low accuracy. In order to solve the problem that it is difficult to predict the operational status of power industrial terminal accurately, a prediction method based on long-term memory (LSTM) neural network is proposed. Considering the variety of data reflecting the operating status of power industrial terminal, choose the ambient temperature system related to the operating status of power industrial terminal as a experiment object. Through experiments, the algorithm has higher prediction effect for the operating status of power industrial terminal.

Weijie Hao,Tao Yang,Qiang Yang

DOI: https://doi.org/10.1109/tase.2021.3073396

IF: 6.636

2023-01-01

IEEE Transactions on Automation Science and Engineering

Abstract:Critical industrial infrastructures are currently facing increasing cyberspace threats in their underlying information and communication systems. The advanced monitoring, control, and management functionalities of the industrial systems firmly rely on the reliable and secure operations of the industrial control system (ICS) network. This article characterizes the ICS network traffic and presents a scalable and efficient solution for real-time ICS network traffic anomaly detection, considering various forms of ICS anomaly events. The events due to the cyberattacks, malicious operating behaviors, and network anomalies can be effectively detected without sophisticated computational requirements and retrieval of communication protocols. The proposed hybrid statistical-machine learning model integrates a seasonal autoregressive integration moving average (SARIMA)-based dynamic threshold model and a long short-term memory (LSTM) model to jointly identify the abnormal traffic patterns with low false omission rates. The proposed solution is extensively evaluated at a realistic ICS cyber–physical system (CPS) testbed, and the numerical results confirm its high detection accuracy and low computational complexity. Note to Practitioners—This article was motivated by the challenge of real-time anomaly detection in industrial cyber–physical systems (CPSs). The existing industrial control system (ICS) network anomaly detection solutions are generally carried out based on a single model based on the historian database and cannot dynamically classify the abnormal conditions in a real-time fashion. A novel hybrid statistical-machine learning model is developed that integrates a seasonal autoregressive integration moving average (SARIMA)-based dynamic threshold model and a long short-term memory (LSTM) model to jointly identify the anomalous events through traffic pattern analysis. The proposed anomaly detection solution can efficiently provide accurate detection for cyberattacks, malicious operating behaviors, and network anomalies while meeting the real-time requirements of ICS networks. The proposed solution can be deployed in the realistic ICS CPSs, e.g., the power generation system, gas pipeline systems, and urban railway transportation systems. The preliminary numerical results obtained from the ICS-CPS testbed suggested that it can provide high detection accuracy with low computational complexity and, hence, can be adopted with minimal deployment hurdles.

Tao Yang,Weijie Hao,Qiang Yang,Wenhai Wang

DOI: https://doi.org/10.1016/j.eswa.2023.120668

IF: 8.5

2023-01-01

Expert Systems with Applications

Abstract:Industrial cyber-physical systems (ICPSs) are facing increasing cyber threats that can cause catastrophes in the physical systems. Efficient network traffic anomaly detection is essential for guaranteeing the system's security and reliability. However, existing research on network traffic anomaly detection for ICPS has several limitations. First, most traffic anomaly detection models focus on centralized detection. Thus, all traffic packets have to be uploaded to the control center for detection, which leads to a heavy traffic load. However, real-time and reliable communication is crucial to ICPSs. The heavy traffic load may cause communication delays or packets lost by corruption. Second, Seasonal AutoRegressive Integrated Moving Average (SARIMA) is popular in ICPS network traffic anomaly detection. However, most SARIMA-based detection models can only detect anomalous traffic once. Thus, they are unable to detect anomalies continuously and are not suitable for actual ICPS. Third, the features extracted from network traffic affect the classification performance. However, most existing feature extraction models cannot sufficiently extract traffic features, leading to poor detection performance. To address the limitations above, this paper proposes a cloud-edge coordinated network traffic anomaly detection approach. The proposed approach consists of a set of anomalous traffic alarm models deployed in the edge areas and an anomalous traffic analysis model deployed in the cloud. The former is implemented based on Improved Online SARIMA (IOSARIMA) algorithm that can detect anomalous traffic continuously and upload it to the cloud for further analysis, filtering massive normal traffic packets and making traffic load smaller. The anomalous traffic analysis model consists of a feature extraction algorithm and a Convolutional Neural Network (CNN) classifier, which can sufficiently extract traffic features and identify the attack types precisely. The proposed anomaly detection approach is extensively evaluated on a realistic ICPS testbed, including 3 edges (i.e., power generation, power transmission and power distribution) and a cloud consisting of an engineering workstation and a Supervisory Control And Data Acquisition (SCADA) workstation. The experimental results confirm the smaller traffic load and better detection performance, compared with the existing detection models.

Zhi-Yang,Xiao-jun

2020-01-01

Abstract:Intrusion Detection Algorithm of Power Grid Industrial Control System Based on CNN ZHAO Zhi-Yang, XIA Xiao-Jun (University of Chinese Academy of Sciences, Beijing 100049, China) (Shenyang Institute of Computing Technology, Chinese Academy of Sciences, Shenyang 110168, China) Abstract: Traditional power grid industrial control systems are mainly isolated from external networks through tools such as firewalls, but with the application of new technologies such as cloud computing and the Internet of Things, the degree of interconnection between networks has continued to deepen, and the difficulty of security protection has greatly increased. How to effectively detect network intrusion behavior has become very important. Compared with traditional intrusion detection technology, convolutional neural networks have a better ability to extract intrusion features. This study proposes a power grid industrial control system intrusion detection algorithm based on convolutional neural networks. The KDD99 dataset is processed for model training, and a cascade convolution layer is added to optimize the network structure. Under the premise of small parameter scale, the real-time requirements of the model are guaranteed. Compared with the traditional SVM algorithm and the k-means algorithm, the intrusion detection accuracy of the proposed algorithm in this study is improved, the false detection rate is reduced, and the intrusion behavior to the power grid industrial control system can be effectively detected.

Basem AL-Madani,Ahmad Shawahna,Mohammad Qureshi

DOI: https://doi.org/10.48550/arXiv.1911.05692

2019-11-02

Abstract:Industrial Control Networks (ICN) such as Supervisory Control and Data Acquisition (SCADA) systems are widely used in industries for monitoring and controlling physical processes. These industries include power generation and supply, gas and oil production and delivery, water and waste management, telecommunication and transport facilities. The integration of internet exposes these systems to cyber threats. The consequences of compromised ICN are determine for a country economic and functional sustainability. Therefore, enforcing security and ensuring correctness operation became one of the biggest concerns for Industrial Control Systems (ICS), and need to be addressed. In this paper, we propose an anomaly detection approach for ICN using the physical properties of the system. We have developed operational baseline of electricity generation process and reduced the feature set using greedy and genetic feature selection algorithms. The classification is done based on Support Vector Machine (SVM), k-Nearest Neighbor (k-NN), and C4.5 decision tree with the help from the inter-arrival curves. The results show that the proposed approach successfully detects anomalies with a high degree of accuracy. In addition, they proved that SVM and C4.5 produces accurate results even for high sensitivity attacks when they used with the inter-arrival curves. As compared to this, k-NN is unable to produce good results for low and medium sensitivity attacks test cases.

Cryptography and Security,Distributed, Parallel, and Cluster Computing,Systems and Control

Yu-jun Xiao,Wen-yuan Xu,Zhen-hua Jia,Zhuo-ran Ma,Dong-lian Qi

DOI: https://doi.org/10.1631/fitee.1601540

2017-01-01

Abstract:Industrial control systems (ICSs) are widely used in critical infrastructures, making them popular targets for attacks to cause catastrophic physical damage. As one of the most critical components in ICSs, the programmable logic controller (PLC) controls the actuators directly. A PLC executing a malicious program can cause significant property loss or even casualties. The number of attacks targeted at PLCs has increased noticeably over the last few years, exposing the vulnerability of the PLC and the importance of PLC protection. Unfortunately, PLCs cannot be protected by traditional intrusion detection systems or antivirus software. Thus, an effective method for PLC protection is yet to be designed. Motivated by these concerns, we propose a non-invasive powerbased anomaly detection scheme for PLCs. The basic idea is to detect malicious software execution in a PLC through analyzing its power consumption, which is measured by inserting a shunt resistor in series with the CPU in a PLC while it is executing instructions. To analyze the power measurements, we extract a discriminative feature set from the power trace, and then train a long short-term memory (LSTM) neural network with the features of normal samples to predict the next time step of a normal sample. Finally, an abnormal sample is identified through comparing the predicted sample and the actual sample. The advantages of our method are that it requires no software modification on the original system and is able to detect unknown attacks effectively. The method is evaluated on a lab testbed, and for a trojan attack whose difference from the normal program is around 0.63%, the detection accuracy reaches 99.83%.

Weijie Hao,Qiang Yang,Zhiyi Li,Shiyan Hu,Bo Liu,Wei Ruan

DOI: https://doi.org/10.1109/jiot.2022.3210946

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Substation communication network (SCN) provides real-time, high-speed, and reliable data transmissions for the advanced monitoring and control functionalities, which are facing increasing cyberspace threats and attacks. Efficient threat perception and cyber situational awareness are essential to enhance secure and reliable SCN operations. This article explores multiscale SCN traffic pattern characteristics with holistic network traffic, separated network traffic for included devices (especially IoT devices) and separated network traffic of certain types of protocol. The proposed online traffic-oriented SCN traffic anomaly detection and cyber situational awareness models are designed for the network anomalies and cyber-attacks that could cause network traffic pattern variations. We leverage a fractional autoregressive integration moving average (FARIMA)-based dynamic threshold model to detect abnormal traffic patterns without sophisticated computations or deep packet inspection. The SCN real-time operation conditions are timely quantified through the statistical methods with the alliance of SCN topology and protocols. The cyber situational awareness model is further carried out to evaluate the most affected protocol and security risks of various devices in SCN using Grubbs' test. The experiment results are carried out based on a real 110-kV intelligent power substation. The numerical results confirm the comparative low mean square error (MSE) and low complexity of the online traffic characterization when forecasting holistic network traffic and separated network traffics. Furthermore, the timely and quantified cybersecurity risk analysis is conducted based on the SCN traffic with varying scales to detect cyberspace threats and identify the high-risk SCN devices and the most affected protocol.

Wen Si,Jianghai Li,Ronghong Qu,Xiaojin Huang

DOI: https://doi.org/10.1115/1.0000463v

2020-01-01

Abstract:Anomaly detection is significant for the cybersecurity of the I&C systems at nuclear power plants. There are a large number of network packets generated in the network traffic of the I&C systems. There are many attributes of the network traffic can used for anomaly detection. The structure of the network packets is analyzed in detail with examples. Then, Features are extracted from network packets. An unsupervised neural network called autoencoder is applied for anomaly detection. Training and testing database are captured from a physical PLC system which simulates a water level control system. The result of the test results shows that the neural network can detect anomaly successfully.

Ting Liu,Yanan Sun,Yang Liu,Yuhong Gui,Yucheng Zhao,Dai Wang,Chao Shen

DOI: https://doi.org/10.1016/j.future.2014.10.002

IF: 7.307

2014-01-01

Future Generation Computer Systems

Abstract:Integration with information network not only facilitates Smart Grid with many unprecedented features, but also introduces many new security issues, such as false data injection and system intrusion. One of the biggest challenges in Smart Grid attack detection is how to fuse the heterogeneous data from the power system and information network. In this paper, a novel cyber–physical fusion approach is proposed to detect a Smart Grid attack Bad Data Injection (BDI), by merging both the features of the traffic flow in information network and the inherent physical laws in the power system into a unified model, named as Abnormal Traffic-indexed State Estimation (ATSE). The cyber security incidents, monitored by intrusion detection system (IDS), are quantized to serve as the impact factors that are incorporated into the bad data detection system based on state estimation model in power grid. Hundreds of attack cases are simulated on each transmission line of three IEEE standard systems to compare ATSE with current cyber, physical abnormal detection methods and cyber–physical fusion method, including IDS (Snort), bad data detection algorithm (Chi-square test) and SCPSE. The results indicate that ATSE can improve the detection rate 20% than the Chi-square Test on average, filter most false alarms generated by Snort, and solve the observability problem of SCPSE.

M. P Sujatha,S. Niresh Kumar

DOI: https://doi.org/10.53730/ijhs.v6ns4.9413

2022-06-21

International Journal of Health Sciences

Abstract:Industrial Control Systems (ICSs) are the lifeline of a country. Therefore, the anomaly detection of ICS traffic is an important endeavor. This paper proposes a model based on a deep residual Convolution Neural Network (CNN) to prevent gradient explosion or gradient disappearance and guarantee accuracy. The developed methodology addresses two limitations: most traditional machine learning methods can only detect known network attacks and deep learning algorithms require a long time to train. The utilization of transfer learning under the modification of the existing residual CNN structure guarantees the detection of unknown attacks. One-dimensional ICS flow data are converted into two-dimensional grayscale images to take full advantage of the features of CNN. Results show that the proposed method achieves a high score and solves the time problem associated with deep learning model training. The model can give reliable predictions for unknown or differently distributed abnormal data through short-term training. Thus, the proposed model ensures the safety of ICSs and verifies the feasibility of transfer learning for ICS anomaly detection.

Wenli Shang,Jiawei Qiu,Haotian Shi,Shuang Wang,Lei Ding,Yanjun Xiao

DOI: https://doi.org/10.1155/2024/5459452

IF: 8.993

2024-06-04

International Journal of Intelligent Systems

Abstract:Industrial control systems (ICSs), as critical national infrastructures, are increasingly susceptible to sophisticated security threats. To address this challenge, our study introduces the CAE‐T, a deep convolutional autoencoding transformer network designed for efficient anomaly detection and real‐time fault monitoring in ICS. The CAE‐T utilizes unsupervised deep learning, employing a convolutional autoencoder for spatial feature extraction from multidimensional time‐series data, and combines this with a transformer architecture to capture long‐term temporal dependencies. The design of the model facilitates rapid training and inference, while its dual‐component approach, utilizing an optimization function based on support vector data description (SVDD), enhances detection accuracy. This integration synergistically combines spatiotemporal feature extraction, significantly improving the robustness and precision of anomaly detection in ICS environments. The CAE‐T model demonstrated notable performance enhancements across three industrial control system datasets. Notably, the CAE‐T model achieved approximately a 70.8% increase in F1 score and a 9.2% rise in AUC on the WADI dataset. On the SWaT dataset, the model showed improvements of approximately 2.8% in F1 score and 5% in AUC. The power system dataset saw more modest gains, with an approximately 0.1% uptick in F1 score and a 1% increase in AUC. These improvements validate the CAE‐T model's efficacy and robustness in anomaly detection across various scenarios.

computer science, artificial intelligence

Qiang Yang,Weijie Hao,Leijiao Ge,Wei Ruan,Fujian Chi

DOI: https://doi.org/10.1049/iet-cps.2018.5052

2018-01-01

Abstract:The technological advances of intelligent electric substations have significantly improved the operational performance of power utilities by incorporating advanced monitoring and control functionalities. The data traffic patterns in substation communication network (SCN) need to be better understood to improve the SCN performance against different forms of cyber-attacks. To this end, this study presents a fractional auto-regressive integrated moving average (FARIMA)-based threshold model to characterise the SCN traffic flow based on the IEC 61850 protocol and carry out anomaly detection. The performance of the proposed anomaly detection solution is assessed and validated through numerical analysis under the condition of the cyber storm based on the collected SCN data traffic from a real 110kV substation, and the numerical results clearly confirmed its effectiveness.

Kai Jin,Lei Zhang,Yujie Zhang,Duo Sun,Xiaoyuan Zheng

DOI: https://doi.org/10.3390/electronics12204329

IF: 2.9

2023-10-19

Electronics

Abstract:The current mainstream intrusion detection models often have a high false negative rate, significantly affecting intrusion detection systems' (IDSs) practicability. To address this issue, we propose an intrusion detection model based on a multi-scale one-dimensional convolutional neural network module (MS1DCNN), an efficient channel attention module (ECA), and two bidirectional long short-term memory modules (BiLSTMs). The proposed hybrid MS1DCNN-ECA-BiLSTM model uses the MS1DCNN module to extract features with a different granularity from the input data and uses the ECA module to enhance the weight of important features. Finally, the model carries out sequence learning through two BiLSTM layers. We use the dung beetle optimizer (DBO) to optimize the hyperparameters in the model to obtain better classification results. Additionally, we use the synthetic minority oversampling technique (SMOTE) to fill several samples to reduce the local false negative rate. In this paper, we train and test the model using accurate network data from a water storage industrial control system. In the multi-classification experiment, the model's accuracy was 97.04%, the precision was 97.17%, and the false negative rate was 2.95%; in the binary classification experiment, the accuracy and false negative rate were 99.30% and 0.7%. Compared with other mainstream methods, our model has a higher score. This study provides a new algorithm for the intrusion detection of industrial control systems.

engineering, electrical & electronic,computer science, information systems,physics, applied

Bin Wang,Jianye Zhang,Cheng Luo,Ling Yang,Jia Chen,Haibo Ma

DOI: https://doi.org/10.1109/itoec53115.2022.9734439

2022-03-04

Abstract:With the continuous and in-depth development of smart grid construction, the degree of automation of the power system is rapidly increasing, and the number of grid sensors, the scale of information network and the number of decision-making units have greatly increased. The network security of the power industry control system is facing severe challenges. This paper studies the in-depth analysis technology of real-time interactive protocols of power industrial control systems, captures data packets and analyzes the data packets layer by layer to obtain application layer field data streams, and realizes in-depth analysis of power industrial control system protocols such as IEC104 protocol and IEC61850 protocol. Research on anomaly detection technology of power industrial control system real-time interaction process based on feature matching, and realize the detection of abnormal behaviors of terminals, networks, and host devices through syntactic and semantic analysis and business command analysis, as well as the detection of regular network attack behaviors such as malicious code and virus Trojan horses.

Tao Yang,Jinming Wang,Weijie Hao,Qiang Yang,Wenhai Wang

DOI: https://doi.org/10.48550/arXiv.2204.09942

2022-04-21

Cryptography and Security

Abstract:Industrial control systems (ICSs) are facing increasing cyber-physical attacks that can cause catastrophes in the physical system. Efficient anomaly detection models in the industrial sensor networks are essential for enhancing ICS reliability and security, due to the sensor data is related to the operational state of the ICS. Considering the limited availability of computing resources, this paper proposes a hybrid anomaly detection approach in cloud-edge collaboration industrial sensor networks. The hybrid approach consists of sensor data detection models deployed at the edges and a sensor data analysis model deployed in the cloud. The sensor data detection model based on Gaussian and Bayesian algorithms can detect the anomalous sensor data in real-time and upload them to the cloud for further analysis, filtering the normal sensor data and reducing traffic load. The sensor data analysis model based on Graph convolutional network, Residual algorithm and Long short-term memory network (GCRL) can effectively extract the spatial and temporal features and then identify the attack precisely. The proposed hybrid anomaly detection approach is evaluated using a benchmark dataset and baseline anomaly detection models. The experimental results show that the proposed approach can achieve an overall 11.19% increase in Recall and an impressive 14.29% improvement in F1-score, compared with the existing models.

Tohid Behdadnia,Geert Deconinck

DOI: https://doi.org/10.48550/arXiv.2209.08099

IF: 5.414

2022-09-16

Machine Learning

Abstract:In modern highly interconnected power grids, automatic generation control (AGC) is crucial in maintaining the stability of the power grid. The dependence of the AGC system on the information and communications technology (ICT) system makes it vulnerable to various types of cyber-attacks. Thus, information flow (IF) analysis and anomaly detection became paramount for preventing cyber attackers from driving the cyber-physical power system (CPPS) to instability. In this paper, the ICT network traffic rules in CPPSs are explored and the frequency domain features of the ICT network traffic are extracted, basically for developing a robust learning algorithm that can learn the normal traffic pattern based on the ResNeSt convolutional neural network (CNN). Furthermore, to overcome the problem of insufficient abnormal traffic labeled samples, transfer learning approach is used. In the proposed data-driven-based method the deep learning model is trained by traffic frequency features, which makes our model robust against AGC's parameters uncertainties and modeling nonlinearities.

Yue Wang,Hao Peng,Gang Wang,Xianghong Tang,Xuejian Wang,Chunyang Liu

DOI: https://doi.org/10.1016/j.engappai.2023.106144

IF: 8

2023-03-24

Engineering Applications of Artificial Intelligence

Abstract:Massive amounts of industrial data, which are often gathered by industrial control systems (ICS), have been generated by the fast growth of industrial intelligence. One of the hottest topics in ICS is how to extract the most useful information from industrial "Big Data" and provide a more comprehensive service for monitoring the condition of industrial production processes. As the industrial environment gets increasingly complicated, production tasks change often and malicious attacks are on the rise. It remains a grand challenge to perform fine-grained anomaly detection in high-dimensional, noisy industrial data. In response to this problem, we propose a spatio-temporal graph neural network-based anomaly detection framework for fine-grained state monitoring of ICSs. First, based on prior knowledge, we propose a method for feature dimensionality reduction and dynamic graph modeling. After that, the variational mode decomposition (VMD) module is then utilized to remove noise from industrial data. Finally, we propose a spatio-temporal feature extraction module for fine-grained anomaly detection. Numerical experiments are conducted on a real-world ICS dataset called HAI. The results demonstrate that the proposed framework can effectively deal with high-dimensional, high-noise, and imbalanced industrial data. The framework's concepts are interconnected and extensible to various industrial scenarios, including metallurgy, smart shop floors, etc. In terms of recall, precision, and F1 -Score, a comparison between the proposed framework and eight representative methods reveals the merits of the proposed framework.

automation & control systems,computer science, artificial intelligence,engineering, electrical & electronic, multidisciplinary