With the recent proliferation of cyber physical systems (CPSs), there is a growing demand for reliable anomaly detection systems. In this paper, we propose a new ensemble learning approach for anomaly detection that utilizes the extraction of specific features tailored to anomaly detection problems. Whereas typical principal component analysis (PCA) selects principal components (PCs) associated with high variances, our proposed method also leverages PCs with low variances to account for unexpressed variations in the training data. The extracted features are then fed into conventional learning models such as support vector machines or recurrent neural networks. Since each PC can be particularly good at detecting certain types of attacks, classifiers based on different combinations of selected PCs are further combined as an ensemble. Our results show that the ensemble approach improves the overall accuracy and helps detect diverse types of unknown attacks as well. Furthermore, our simple yet effective and flexible approach can easily be deployed to various CPS environments of increasing complexity.
This research was supported by the MSIT (Ministry of Science and ICT), Korea , under the ITRC (Information Technology Research Center) support program ( IITP-2021-2018-0-01431 ) and under Grant 2021-0-02068 (Artificial Intelligence Innovation Hub), supervised by the IITP (Institute for Information & Communications Technology Planning & Evaluation) . Approval of the version of the manuscript to be published.
