Anomaly Detection in Cyber-Physical Systems Using Machine Learning

  • Hossein Mohammadi RouzbahaniEmail author
  • Hadis Karimipour
  • Abolfazl Rahimnejad
  • Ali Dehghantanha
  • Gautam Srivastava


Cyber-Physical Systems (CPS) are characterized by a wide range of complex multi-tasking components with close interaction that leads to integrating cyber sections into the physical world. Considering the significant growth of cyber-physical systems and due to the widespread use of smart features and communication tools, new challenges have emerged. In this regard, a new generation of CPSs such as the smart grid are facing different vulnerabilities and many threats and attacks. Therefore, the most important challenges for these systems are security and privacy. Anomaly detection is an important data analysis task as one of the approaches for CPSs security. As different anomaly detection methods are presented, it is difficult to compare the advantages and disadvantages of these techniques. Finally, in this chapter Machine Learning (ML) methods for detection of anomalies are presented through a case study which demonstrates the effectiveness of machine learning techniques at classifying False Data Injection (FDI) attacks.


Cyber-physical system Anomaly detection Machine learning Smart grids 


  1. 1.
    V. Gunes, S. Peter, T. Givargis, et al., A Survey on Concepts, Applications, and Challenges in Cyber-Physical Systems. Citeseer (2014).
  2. 2.
    J. Goh, S. Adepu, M. Tan, et al., Anomaly Detection in Cyber Physical Systems Using Recurrent Neural Networks (2017). Ieeexplore.Ieee.Org.
  3. 3.
    A. Jones, Z. Kong, C. Belta, Anomaly detection in cyber-physical systems: a formal methods approach, in 53rd IEEE Conference on Decision and Control (2014). Ieeexplore.Ieee.Org.
  4. 4.
    M. Cintuglu, O. Mohammed, K. Akkaya, A.S. Uluagac, A Survey on Smart Grid Cyber-Physical System Testbeds (2016). Ieeexplore.Ieee.Org.
  5. 5.
    T. Agarwal, P. Niknejad, A. Rahimnejad, M.R. Barzegaran, L. Vanfretti, Cyber–physical microgrid components fault prognosis using electromagnetic sensors. IET Cyber-Phys Syst Theory Appl 4(2), 173–178 (2019). CrossRefGoogle Scholar
  6. 6.
    H.M. Ruzbahani, H. Karimipour, Optimal incentive-based demand response management of smart households, in 2018 IEEE/IAS 54th Industrial and Commercial Power Systems Technical Conference (I&CPS) (2018), pp. 1–7.
  7. 7.
    H.M. Ruzbahani, A. Rahimnejad, H. Karimipour, Smart households demand response management with micro grid, in 2019 IEEE Power & Energy Society Innovative Smart Grid Technologies Conference (ISGT) (2019), pp. 1–5.
  8. 8.
    C.K. Keerthi, M.A. Jabbar, B. Seetharamulu, Cyber Physical Systems (CPS): security issues, challenges and solutions, in 2017 IEEE International Conference on Computational Intelligence and Computing Research (ICCIC) (2017), pp. 1–4.
  9. 9.
    A. Rahimneiad, I. Al-Omari, R. Barzegaran, H. Karimipour, Hybrid harmonic estimation based on least square method and bacterial foraging optimization, in 2018 IEEE Electrical Power and Energy Conference (EPEC) (2018), pp. 1–6.
  10. 10.
    A. Azmoodeh, A. Dehghantanha, K.-K.R. Choo, Robust malware detection for internet of (battlefield) things devices using deep Eigenspace learning. IEEE Trans Sustain Comput 4(1), 88–95 (2019). CrossRefGoogle Scholar
  11. 11.
    A. Azmoodeh, A. Dehghantanha, R.M. Parizi, H. Karimipour, E. Modiri, D.E. Newton, Fuzzy pattern tree for edge malware detection and categorization in IoT zero trust distributed computing view project naive-Bayesian-based model for interoperability among heterogeneous Systems in Intelligent Buildings View project fuzzy pattern tree for edge malware detection and categorization in IoT. J. Syst. Archit. 97, 1–7 (2019). CrossRefGoogle Scholar
  12. 12.
    H. Karimipour, A. Dehghantanha, R.M. Parizi, K.-K.R. Choo, H. Leung, A deep and scalable unsupervised machine learning system for cyber-attack detection in large-scale smart grids. IEEE Access 7, 80778 (2019). CrossRefGoogle Scholar
  13. 13.
    R. Altawy, A.M. Youssef, Security tradeoffs in cyber physical systems: a case study survey on implantable medical devices. IEEE Access 4, 959–979 (2016). CrossRefGoogle Scholar
  14. 14.
    C.-W. Tsai, C.-F. Lai, M.-C. Chiang, L.T. Yang, Data mining for internet of things: a survey. IEEE Commun. Surv. Tutorials 16(1), 77–97 (2014). CrossRefGoogle Scholar
  15. 15.
    J. Sakhnini, H. Karimipour, A. Dehghantanha, Smart Grid Cyber Attacks Detection Using Supervised Learning and Heuristic Feature Selection (2019).
  16. 16.
    O.M.K. Alhawi, J. Baldwin, A. Dehghantanha, Leveraging machine learning techniques for windows ransomware network traffic detection, in Cyber Threat Intelligence, (Springer, Cham, 2018), p. 70. CrossRefGoogle Scholar
  17. 17.
    N. Milosevic, A. Dehghantanha, K.-K.R. Choo, Machine learning aided android malware classification. Comput. Elect. Eng. 61, 266–274 (2017). CrossRefGoogle Scholar
  18. 18.
    A. Shalaginov, S. Banin, et al., Machine Learning Aided Static Malware Analysis: A Survey and Tutorial (Springer, Berlin, 2018). Google Scholar
  19. 19.
    A. Shalaginov, S. Banin, A. Dehghantanha, K. Franke, Machine Learning Aided Static Malware Analysis: A Survey and Tutorial (2018). CrossRefGoogle Scholar
  20. 20.
    V. Chandola, A. Banerjee, V. Kumar, Anomaly detection. ACM Comput. Surv. 41(3), 1–58 (2009). CrossRefGoogle Scholar
  21. 21.
    S. Mohammadi, H. Mirvaziri, M. Ghazizadeh-Ahsaee, H. Karimipour, Cyber intrusion detection by combined feature selection algorithm. J. Inform. Secur. Appl. 44, 80–88 (2019). CrossRefGoogle Scholar
  22. 22.
    M. Conti, S. Das, C. Bisdikian, M. Kumar, et al., Looking ahead in pervasive computing: challenges and opportunities in the era of cyber–physical convergence. Pervasive Mob. Comput. 8, 2–21 (2012). CrossRefGoogle Scholar
  23. 23.
    I. Horvath, B.H. Gerritsen, Cyber-Physical Systems: Concepts, Technologies and Implementation Principles (2012). Researchgate.Net. INCIPLES/links/0912f500e60008cd01000000.pdf
  24. 24.
    L. Miclea, et al., About Dependability in Cyber-Physical Systems (2011). Ieeexplore.Ieee.Org.
  25. 25.
    J. Shi, J. Wan, H. Yan, H. Suo, A survey of cyber-physical systems, in 2011 International Conference on Wireless Communications and Signal Processing (WCSP) (2011), pp. 1–6.
  26. 26.
    F. Ghalavand, B. Alizade, H. Gaber, H. Karimipour, Microgrid islanding detection based on mathematical morphology. Energies 11(10), 2696 (2018). CrossRefGoogle Scholar
  27. 27.
    F. Ghalavand, B. Alizade, H. Gaber, H. Karimipour, F. Ghalavand, B.A.M. Alizade, et al., Microgrid islanding detection based on mathematical morphology. Energies 11(10), 2696 (2018). CrossRefGoogle Scholar
  28. 28.
    H. Karimipour, V. Dinavahi, On false data injection attack against dynamic state estimation on smart power grids, in 2017 IEEE International Conference on Smart Energy Grid Engineering (SEGE) (2017), pp. 388–393.
  29. 29.
    H. Karimipour, V. Dinavahi, Robust massively parallel dynamic state estimation of power systems against cyber-attack. IEEE Access 6, 2984–2995 (2018). CrossRefGoogle Scholar
  30. 30.
    S. Geris, H. Karimipour, A feature selection-based approach for joint cyber-attack detection and state estimation, in IEEE International Conference on Smart Energy Grid Engineering (SEGE) (2019), pp. 1–5.
  31. 31.
    S. Mohammadi, V. Desai, H. Karimipour, Multivariate mutual information feature selection for intrusion detection, in IEEE Canada Electrical Power and Energy Conference (EPEC) (2018), pp. 1–6.
  32. 32.
    H. Karimipour, S. Geris, A. Dehghantanha, Anomaly detection for large-scale smart grids (2019), pp. 1–4.
  33. 33.
    M.R. Begli, F. Derakhshan, H. Karimipour, A layered intrusion detection system for critical infrastructure using machine learning, in A Layered Intrusion Detection System for Critical Infrastructure Using Machine Learning (2019), pp. 1–5.
  34. 34.
    H. Pajouh, R. Javidan, et al., A Two-Layer Dimension Reduction and Two-Tier Classification Model for Anomaly-Based Intrusion Detection in IoT Backbone Networks (2016). Ieeexplore.Ieee.Org.
  35. 35.
    G. Sebestyen, A. Hangan, et al., A Taxonomy and Platform for Anomaly Detection (2018). Ieeexplore.Ieee.Org.
  36. 36.
    A. Patcha, J.-M. Park, An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput. Netw. 51(12), 3448–3470 (2007). CrossRefGoogle Scholar
  37. 37.
    N. Ye, Q. Chen, An anomaly detection technique based on a chi-square statistic for detecting intrusions into information systems. Qual. Reliab. Eng. Int. 17(2), 105–112 (2001). CrossRefGoogle Scholar
  38. 38.
    P. García-Teodoro, J. Díaz-Verdejo, G. Maciá-Fernández, E. Vázquez, Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. 28(1–2), 18–28 (2009). CrossRefGoogle Scholar
  39. 39.
    C.-I. Chang, S.-S. Chiang, Anomaly detection and classification for hyperspectral imagery. IEEE Trans. Geosci. Remote Sens. 40(6), 1314–1325 (2002). CrossRefGoogle Scholar
  40. 40.
    M. Ahmed, A. Mahmood, J. Hu, A survey of network anomaly detection techniques. J. Network Comput. Appl. 60, 19–31 (2016). CrossRefGoogle Scholar
  41. 41.
    W. Lee, X. Dong, Information-theoretic measures for anomaly detection, in Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001 (2000), pp. 130–143.
  42. 42.
    I. Steinwart, D. Hush, C. Scovel, A classification framework for anomaly detection. J. Mach. Learn. Res. 6(Feb), 211–232 (2005). MathSciNetzbMATHGoogle Scholar
  43. 43.
    V. Estivil-Castro, ACM Digital Library, Proceedings of the twenty-eighth australasian conference on computer science, Newcastle, Australia, in Proceedings of the Twenty-eighth Australasian Conference on Computer Science, vol 38 (2005).
  44. 44.
    L. Portnoy, Intrusion Detection with Unlabeled Data Using Clustering (2000).
  45. 45.
    F. Zhouyu, W. Hu, T. Tan, Similarity based vehicle trajectory clustering and anomaly detection, in IEEE International Conference on Image Processing 2005 (2005), pp. II–602.
  46. 46.
    M. Ahmed, A. N. Mahmood, & M. J. Maher (2015). Heart Disease Diagnosis Using Co-clustering.
  47. 47.
    S. Agrawal, J. Agrawal, Survey on anomaly detection using data mining techniques. Proc. Comput. Sci. 60, 708–713 (2015). CrossRefGoogle Scholar
  48. 48.
    M. Gupta, J. Gao, et al., Outlier Detection for Temporal Data: A Survey (2013). Ieeexplore.Ieee.Org.
  49. 49.
    N. Laptev, S. Amizadeh, et al., Generic and Scalable Framework for Automated Time-Series Anomaly Detection (2015). Dl.Acm.Org.
  50. 50.
    S.-W. Joo, R. Chellappa, Attribute grammar-based event recognition and anomaly detection, in 2006 Conference on Computer Vision and Pattern Recognition Workshop (CVPRW’06) (2016), p. 107.
  51. 51.
    L. Lankewicz, M. Benard, Real-time anomaly detection using a nonparametric pattern recognition approach, in Proceedings Seventh Annual Computer Security Applications Conference (n.d.), pp. 80–89.
  52. 52.

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.School of Engineering, University of GuelphGuelphCanada
  2. 2.Cyber Science Lab, School of Computer ScienceUniversity of GuelphGuelphCanada
  3. 3.Department of Mathematics and Computer ScienceBrandon UniversityBrandonCanada

Personalised recommendations