An Integrated Framework for Privacy-Preserving based Anomaly Detection for Cyber-Physical Systems

Protecting Cyber-physical Systems (CPSs) is highly important for preserving sensitive information and detecting cyber threats. Developing a robust privacy-preserving anomaly detection method requires physical and network data about the systems, such as Supervisory Control and Data Acquisition (SCADA), for protecting original data and recognising cyber-attacks. In this paper, a new privacy-preserving anomaly detection framework, so-called PPAD-CPS, is proposed for protecting confidential information and discovering malicious observations in power systems and their network traffic. The framework involves two main modules. Firstly, a data pre-processing module is suggested for filtering and transforming original data into a new format that achieves the target of privacy preservation. Secondly, an anomaly detection module is suggested using a Gaussian Mixture Model (GMM) and Kalman Filter (KF) for precisely estimating the posterior probabilities of legitimate and anomalous events. The performance of the PPAD-CPS framework is assessed using two public datasets, namely the Power System and UNSW-NB15 dataset. The experimental results show that the framework is more effective than four recent techniques for obtaining high privacy levels. Moreover, the framework outperforms seven peer anomaly detection techniques in terms of detection rate, false positive rate and computational time.