Causal Graph Profiling via Structural Divergence for Robust Anomaly Detection in Cyber-Physical Systems

• URL: http://arxiv.org/abs/2508.09504v1
• Date: Wed, 13 Aug 2025 05:26:43 GMT
• Title: Causal Graph Profiling via Structural Divergence for Robust Anomaly Detection in Cyber-Physical Systems
• Authors: Arun Vignesh Malarkkan, Haoyue Bai, Dongjie Wang, Yanjie Fu,
• Abstract summary: Causal Graph-based Anomaly Detection framework designed for reliable cyberattack detection in public infrastructure systems.<n>CGAD follows a two-phase supervised framework -- causal profiling and anomaly scoring.<n>By leveraging causal structures, CGAD achieves superior adaptability and accuracy in non-stationary and imbalanced time series environments.
• Score: 25.567981742631005
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: With the growing complexity of cyberattacks targeting critical infrastructures such as water treatment networks, there is a pressing need for robust anomaly detection strategies that account for both system vulnerabilities and evolving attack patterns. Traditional methods -- statistical, density-based, and graph-based models struggle with distribution shifts and class imbalance in multivariate time series, often leading to high false positive rates. To address these challenges, we propose CGAD, a Causal Graph-based Anomaly Detection framework designed for reliable cyberattack detection in public infrastructure systems. CGAD follows a two-phase supervised framework -- causal profiling and anomaly scoring. First, it learns causal invariant graph structures representing the system's behavior under "Normal" and "Attack" states using Dynamic Bayesian Networks. Second, it employs structural divergence to detect anomalies via causal graph comparison by evaluating topological deviations in causal graphs over time. By leveraging causal structures, CGAD achieves superior adaptability and accuracy in non-stationary and imbalanced time series environments compared to conventional machine learning approaches. By uncovering causal structures beneath volatile sensor data, our framework not only detects cyberattacks with markedly higher precision but also redefines robustness in anomaly detection, proving resilience where traditional models falter under imbalance and drift. Our framework achieves substantial gains in F1 and ROC-AUC scores over best-performing baselines across four industrial datasets, demonstrating robust detection of delayed and structurally complex anomalies.

Related papers

• RPG-AE: Neuro-Symbolic Graph Autoencoders with Rare Pattern Mining for Provenance-Based Anomaly Detection [0.8373057326694192]
  This paper presents a neuro-symbolic anomaly detection framework that combines a Graph Autoencoder with rare pattern mining.<n>Anomaly candidates are identified through deviations between observed and reconstructed graph structure.<n>We evaluate the proposed method on the DARPA Transparent Computing datasets and show that rare-pattern boosting yields substantial gains in anomaly ranking quality.
  arXiv  Detail & Related papers  (2026-02-03T00:02:37Z)
• Incremental Causal Graph Learning for Online Cyberattack Detection in Cyber-Physical Infrastructures [25.567981742631005]
  The escalating threat of cyberattacks on real-time critical infrastructures poses serious risks to public safety.<n>Traditional real-time anomaly detection techniques often suffer from excessive false positives due to their statistical sensitivity to high data variance and class imbalance.<n>We propose INCADET, a novel framework for incremental causal graph learning tailored to real-time cyberattack detection.
  arXiv  Detail & Related papers  (2025-07-18T22:27:13Z)
• Anomaly Detection in Complex Dynamical Systems: A Systematic Framework Using Embedding Theory and Physics-Inspired Consistency [0.0]
  Anomaly detection in complex dynamical systems is essential for ensuring reliability, safety, and efficiency in industrial and cyber-physical infrastructures.<n>We propose a system-theoretic approach to anomaly detection, grounded in classical embedding theory and physics-inspired consistency principles.<n>Our findings support the hypothesis that anomalies disrupt stable system dynamics, providing a robust signal for anomaly detection.
  arXiv  Detail & Related papers  (2025-02-26T17:06:13Z)
• FaultGuard: A Generative Approach to Resilient Fault Prediction in Smart Electrical Grids [53.2306792009435]
  FaultGuard is the first framework for fault type and zone classification resilient to adversarial attacks. We propose a low-complexity fault prediction model and an online adversarial training technique to enhance robustness. Our model outclasses the state-of-the-art for resilient fault prediction benchmarking, with an accuracy of up to 0.958.
  arXiv  Detail & Related papers  (2024-03-26T08:51:23Z)
• Detecting Anomalies in Dynamic Graphs via Memory enhanced Normality [39.476378833827184]
  Anomaly detection in dynamic graphs presents a significant challenge due to the temporal evolution of graph structures and attributes. We introduce a novel spatial- temporal memories-enhanced graph autoencoder (STRIPE) STRIPE significantly outperforms existing methods with 5.8% improvement in AUC scores and 4.62X faster in training time.
  arXiv  Detail & Related papers  (2024-03-14T02:26:10Z)
• DyEdgeGAT: Dynamic Edge via Graph Attention for Early Fault Detection in IIoT Systems [12.641578474466646]
  DyEdgeGAT is a novel approach for early-stage fault detection in IIoT systems. It incorporates operating condition contexts into node dynamics modeling, enhancing its accuracy and robustness. We rigorously evaluated DyEdgeGAT using both a synthetic dataset and a real-world industrial-scale flow facility benchmark.
  arXiv  Detail & Related papers  (2023-07-07T12:22:16Z)
• Energy-based Out-of-Distribution Detection for Graph Neural Networks [76.0242218180483]
  We propose a simple, powerful and efficient OOD detection model for GNN-based learning on graphs, which we call GNNSafe. GNNSafe achieves up to $17.0%$ AUROC improvement over state-of-the-arts and it could serve as simple yet strong baselines in such an under-developed area.
  arXiv  Detail & Related papers  (2023-02-06T16:38:43Z)
• Ranking-Based Physics-Informed Line Failure Detection in Power Grids [66.0797334582536]
  Real-time and accurate detecting of potential line failures is the first step to mitigating the extreme weather impact and activating emergency controls. Power balance equations nonlinearity, increased uncertainty in generation during extreme events, and lack of grid observability compromise the efficiency of traditional data-driven failure detection methods. This paper proposes a Physics-InformEd Line failure Detector (FIELD) that leverages grid topology information to reduce sample and time complexities and improve localization accuracy.
  arXiv  Detail & Related papers  (2022-08-31T18:19:25Z)
• From Environmental Sound Representation to Robustness of 2D CNN Models Against Adversarial Attacks [82.21746840893658]
  This paper investigates the impact of different standard environmental sound representations (spectrograms) on the recognition performance and adversarial attack robustness of a victim residual convolutional neural network. We show that while the ResNet-18 model trained on DWT spectrograms achieves a high recognition accuracy, attacking this model is relatively more costly for the adversary.
  arXiv  Detail & Related papers  (2022-04-14T15:14:08Z)
• Self-Supervised and Interpretable Anomaly Detection using Network Transformers [1.0705399532413615]
  This paper introduces the Network Transformer (NeT) model for anomaly detection. NeT incorporates the graph structure of the communication network in order to improve interpretability. The presented approach was tested by evaluating the successful detection of anomalies in an Industrial Control System.
  arXiv  Detail & Related papers  (2022-02-25T22:05:59Z)
• Unveiling the potential of Graph Neural Networks for robust Intrusion Detection [2.21481607673149]
  We propose a novel Graph Neural Network (GNN) model to learn flow patterns of attacks structured as graphs. Our model is able to maintain the same level of accuracy as in previous experiments, while state-of-the-art ML techniques degrade up to 50% their accuracy (F1-score) under adversarial attacks.
  arXiv  Detail & Related papers  (2021-07-30T16:56:39Z)
• Bayesian Optimization with Machine Learning Algorithms Towards Anomaly Detection [66.05992706105224]
  In this paper, an effective anomaly detection framework is proposed utilizing Bayesian Optimization technique. The performance of the considered algorithms is evaluated using the ISCX 2012 dataset. Experimental results show the effectiveness of the proposed framework in term of accuracy rate, precision, low-false alarm rate, and recall.
  arXiv  Detail & Related papers  (2020-08-05T19:29:35Z)
• Graph Backdoor [53.70971502299977]
  We present GTA, the first backdoor attack on graph neural networks (GNNs) GTA departs in significant ways: it defines triggers as specific subgraphs, including both topological structures and descriptive features. It can be instantiated for both transductive (e.g., node classification) and inductive (e.g., graph classification) tasks.
  arXiv  Detail & Related papers  (2020-06-21T19:45:30Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.