查看文章

There exist several process-based anomaly detectors for Industrial Control Systems (ICS). Often such detectors are built using Machine learning (ML) algorithms that do not take explicit advantage of the design knowledge of the plant under control. Such detectors are considered as physics unaware. In this paper, we present the outcome of a series of experiments designed to explore the significance of design knowledge in improving the detection effectiveness of ML-based anomaly detectors. The experiments were conducted on an operational Secure Water Treatment (SWaT) plant by launching several coordinated attacks. Based on the observations we argue that detectors that use physics-informed ML algorithms can detect, and explain to plant operators, a wider range of anomalies when compared against their physics-unaware counterparts.