Browsing by Subject "Anomaly detection"
Now showing 1 - 6 of 6
Results Per Page
Sort Options
- PublicationOpen AccessAn interpretable semi‐supervised system for detecting cyberattacks using anomaly detection in industrial scenarios(Wiley Open Access, 2023-05-09) Perales Gómez, Ángel Luis; Fernández Maimó, Lorenzo; García Clemente, Félix J.; Huertas Celdrán, Alberto; Ingeniería y Tecnología de ComputadoresWhen detecting cyberattacks in Industrial settings, it is not sufficient to determine whether the system is suffering a cyberattack. It is also fundamental to explain why the system is under a cyberattack and which are the assets affected. In this context, the Anomaly Detection based on Machine Learning (ML) and Deep Learning (DL) techniques showed great performance when detecting cyberattacks in industrial scenarios. However, two main limitations hinder using them in a real environment. Firstly, most solutions are trained using a supervised approach, which is impractical in the real industrial world. Secondly, the use of black-box ML and DL techniques makes it impossible to interpret the decision made by the model. This article proposes an interpretable and semi-supervised system to detect cyberattacks in Industrial settings. Besides, our proposal was validated using data collected from the Tennessee Eastman Process. To the best of our knowledge, this system is the only one that offers interpretability together with a semi-supervised approach in an industrial setting. Our system discriminates between causes and effects of anomalies and also achieved the best performance for 11 types of anomalies out of 20 with an overall recall of 0.9577, a precision of 0.9977, and a F1-score of 0.9711.
- PublicationOpen AccessDistillation anomaly and fault detection based on clustering algorithms(Elsevier, 2025-11) Martínez García, F. M. ; Molina García, A. ; Gómez de León Hijes, Félix; Alarcón García, Mariano; Ingeniería de la Información y las Comunicaciones; Facultades de la UMU::Facultad de QuímicaAnomaly detection in production processes is essential for ensuring reliability and efficiency in the industrial sector. In this way, system optimization requires advanced monitoring strategies such as predictive maintenance and intelligent fault detection. Traditional diagnostic methods rely on retrospective data analysis and deterministic cause-effect models, while machine learning approaches enable real-time monitoring and data-driven modeling to detect deviations from normal operation. This study proposes a scalable anomaly detection framework based on clustering algorithms, specifically applied to batch distillation processes—critical operations in chemical manufacturing that remain underexplored in real-world applications, particularly in multiproduct plants. The methodology was validated through an industrial case study at a chemical facility in El Palmar, Murcia (Spain), operated by a multinational corporation. Over 300,000 data points were collected over three years, focusing on critical variables governing distillation unit performance. Clustering techniques including k- means, DBSCAN, and hierarchical clustering were applied to identify deviations from standard operating conditions. Results demonstrate the effectiveness, flexibility, and scalability of the proposed approach, detecting anomalies in real time due to equipment faults, unstable conditions, or operator error. Integration of this system reduces unplanned shutdowns, improves energy efficiency, safety, and product quality, and provides operators with a real-time dashboard for decision support. Statistical evaluation of algorithms ensures adaptability across product types, while the custom application enables graphical monitoring of process deviations. Future work includes integrating performance indicators and ERP/MES connectivity. This framework serves as a reference model for deploying scalable anomaly detection systems across diverse industrial environments.
- PublicationOpen AccessIoT for water management: towards Intelligent anomaly detection(IEEE, 2019-07-22) Cuenca-Jara, Jesús ; Antonio F. Skarmeta; González Vidal, Aurora; Skarmeta Gómez, Antonio; Ingeniería de la Información y las Comunicaciones; Facultad de InformáticaGiven that the global water system is deteriorating and the supply and demand are very dynamic, smart ways to improve the water management system are needed so that it becomes more efficient and to extend the services provided to the citizens leading to smart cities. One of many water related problems that can be addressed by the Internet of Things is anomaly detection in water consumption. The analysis of data collected by smart meters will help to personalize the feedback to customers, prevent water waste and detect alarming situations. Water consumption data can be considered as a time series. Time series anomaly detection is an old topic but in this work we attempt to examine which techniques suits better for water consumption. We examine two very well-known methods for time series anomaly detection: an ARIMA-based framework anomaly detection technique which selects as outliers those points no fitting an ARIMA process and also a technique named HOTSAX which represents windows of data in a discrete way and then discriminates them using a heuristic. They are both very different in nature but the true positive analysis is excellent. The challenge remains in removing the false positive from the picture.
- PublicationOpen AccessSafeMan: a unified framework to manage cybersecurity and safety in manufacturing industry(Wiley, 2020-08-06) Perales Gómez, Ángel Luis; Fernández Maimó, Lorenzo; García Clemente, Félix Jesús; Gil Pérez, Manuel; Martínez Pérez, Gregorio; Huertas Celdrán, Alberto; Ingeniería y Tecnología de ComputadoresIndustrial control systems (ICS) are considered cyber-physical systems that join both cyber and physical worlds. Due to their tight interaction, where humans and robots co-work and co-inhabit in the same workspaces and production lines, cyber-attacks targeting ICS can alter production processes and even bypass safety procedures. As an example, these cyber-attacks could interrupt physical industrial processes and cause potential injuries to workers. In this article, we present SafeMan, a unified management framework based on the Edge Computing paradigm that provides high-performance applications for the detection and mitigation of both cyber-attacks and safety threats in industrial scenarios. Three use cases show specific threats in manufacturing as well as the SafeMan actions carried out to detect and mitigate them. In order to validate our proposal, a pool of experiments was performed with Electra, an industrial dataset with normal network traffic and different cyber-attacks by using a given number of Modbus TCP and S7Comm devices. The experiments measured the runtime performance of anomaly detection techniques based on machine learning and deep learning to detect cyber-attacks in control networks. The experimental results show that Neural Networks report the best performance, being able to examine 217 feature vectors per second over Electra, and therefore demonstrating that it can be used as detection model for SafeMan in real scenarios.
- PublicationOpen AccessSUSAN: a deep learning based anomaly detection framework for sustainable industry(2023-01-05) Perales Gómez, Ángel Luis; Fernández Maimó, Lorenzo; García Clemente, Félix J.; Huertas Celdrán, Alberto; Ingeniería y Tecnología de Computadores; ElsevierNowadays, sustainability is the core of green technologies, being a critical aspect in many industries concerned with reducing carbon emissions and energy consumption optimization. While this concern increases, the number of cyberattacks causing sustainability issues in industries also grows. These cyberattacks impact industrial systems that control and monitor the right functioning of processes and systems. Furthermore, they are very specialized, requiring knowledge about the target industrial processes, and being undetectable for traditional cybersecurity solutions. To overcome this challenge, we present SUSAN, a Deep Learning-based framework, to build anomaly detectors that expose cyberattacks affecting the sustainability of industrial systems. SUSAN follows a modular and flexible design that allows the ensembling of several detectors to achieve more precise detections. To demonstrate the feasibility of SUSAN, we implemented the framework in a water treatment plant using the SWaT testbed. The experiments performed achieved the best recall rate (0.910) and acceptable precision (0.633), resulting in an F1-score of 0.747. Regarding individual cyberattacks that impact the system’s sustainability, our implementation detected all of them, and, concerning the related work, it achieved the most balanced results, with 0.64 as the worst recall rate. Finally, a false-positive rate of 0.000388 makes our solution feasible in real scenarios.
- PublicationOpen AccessVAASI: Crafting valid and abnormal adversarial samples for anomaly detection systems in industrial scenarios(Elsevier, 2023-12) Perales Gómez, Ángel Luis; Fernández Maimó, Lorenzo; García Clemente, Félix J.; Huertas Celdrán, Alberto; Ingeniería y Tecnología de ComputadoresIn the realm of industrial anomaly detection, machine and deep learning models face a critical vulnerability to adversarial attacks. In this context, existing attack methodologies primarily target continuous features, often in the context of images, making them unsuitable for the categorical or discrete features prevalent in industrial systems. To fortify the cybersecurity of industrial environments, this paper introduces a groundbreaking adversarial attack approach tailored to the unique demands of these settings. Our novel technique enables the creation of targeted adversarial samples that are valid within the framework of supervised cyberattack detection models in industrial scenarios, preserving the consistency of discrete values and correcting cases where an adversarial sample transitions into a normal one. Our approach leverages the SHAP interpretability method to identify the most salient features for each sample. Subsequently, the Projected Gradient Descent technique is employed to perturb continuous features, ensuring adversarial sample generation. To handle categorical features for a specific adversarial sample, our method scrutinizes the closest sample within the normal training dataset and replicates its categorical feature values. Additionally, Decision Trees trained within a Random Forest are utilized to ensure that the resulting adversarial samples maintain the essential abnormal behavior required for detection. The validation of our proposal was conducted using the WADI dataset obtained from a water distribution plant, providing a realistic industrial context. During validation, we assessed the mean error and the total number of adversarial samples generated by our approach, comparing it with the original Projected Gradient Descent method and the Carlini & Wagner attack across various parameter configurations. Remarkably, our proposal consistently achieved the best trade-off between mean error and the number of generated adversarial samples, showcasing its superiority in safeguarding industrial systems.