cispa_all_3279.pdf (487.3 kB)

A Statistical Analysis Framework for ICS Process Datasets

Download (487.3 kB)
conference contribution
posted on 2023-11-29, 18:14 authored by Federico Turrin, Alessandro ErbaAlessandro Erba, Nils Ole TippenhauerNils Ole Tippenhauer, Mauro Conti
In recent years, several schemes have been proposed to detect anomalies and attacks on Cyber-Physical Systems (CPSs) such as Industrial Control Systems (ICSs). Based on the analysis of sensor data, unexpected or malicious behavior is detected. Those schemes often rely on (implicit) assumptions on temporally stable sensor data distributions and invariants between process values. Unfortunately, the proposed schemes often do not perform optimally, with Recall scores lower than 70% (e.g., missing 3 alarms every 10 anomalies) for some ICS datasets, with unclear root issues. In this work, we propose a general framework to analyze whether a given ICS dataset has specific properties (stable sensor distributions in normal operations, potentially state-dependent), which then allows to determine whether certain Anomaly Detection approaches can be expected to perform well. We apply our framework to three datasets showing that the behavior of actuators and sensors are very different between Training set and Test set. In addition, we present high-level guides to consider when designing an Anomaly Detection System.


Preferred Citation

Federico Turrin, Alessandro Erba, Nils Tippenhauer and Mauro Conti. A Statistical Analysis Framework for ICS Process Datasets. In: European Conference on Computer Vision (ECCV). 2020.

Primary Research Area

  • Threat Detection and Defenses

Name of Conference

European Conference on Computer Vision (ECCV)

Legacy Posted Date


Open Access Type

  • Unknown


@inproceedings{cispa_all_3279, title = "A Statistical Analysis Framework for ICS Process Datasets", author = "Turrin, Federico and Erba, Alessandro and Tippenhauer, Nils Ole and Conti, Mauro", booktitle="{European Conference on Computer Vision (ECCV)}", year="2020", }

Usage metrics


    No categories selected


    Ref. manager