A New Metric to Compare Anomaly Detection Algorithms In Cyber-Physical Systems

ABSTRACT

The performance of different anomaly detection algorithms is typically compared using metrics that depend on the true positive rate (TPR) and the false positive rate (FPR). However, to obtain the TPR it is necessary to generate attacks that will be detected, which is useless to evaluate detection strategies against more realistic adversaries that can adapt their attacks to remain undetected. On the other hand, the FPR can be misleading and hard to interpret in practical applications since the amount of time a process is observed is not fixed. In this poster, we present a novel metric that is based on the maximum impact an adversary can cause while remaining stealthy, and on the expected time between false alarms. Our metric is useful for the evaluation and comparison of anomaly detection strategies in CPS.

BIO

Jairo Giraldo received his B.S. in Electronic Engineering from the National University of Colombia in 2010 and his M.S. and Ph.D degrees from the University of the Andes, Colombia in 2012 and 2015, respectively. Jairo is currently a Postdoctoral Scholar at the University of Texas at Dallas under the advise of professor Alvaro Cardenas and his research interests include security and privacy of cyber-physical systems with emphasis in control, attack detection, identification, and mitigation to make systems more resilient and robust to cyber-threats. He is very interested in several applications such as industrial control systems, smart grids, and autonomous vehicles, and also in optimization, advanced control theory, and machine learning.

Tags:
License: CC-2.5
Submitted by Katie Dey on