Related papers: Information-Theoretic Digital Twins for Stealthy Attack Detection in Industrial Control Systems: A Closed-Form KL Divergence Approach

Information-Theoretic Digital Twins for Stealthy Attack Detection in Industrial Control Systems: A Closed-Form KL Divergence Approach

URL: http://arxiv.org/abs/2603.01621v1
Date: Mon, 02 Mar 2026 08:56:11 GMT
Title: Information-Theoretic Digital Twins for Stealthy Attack Detection in Industrial Control Systems: A Closed-Form KL Divergence Approach
Authors: Inda Kreso, Mehran Tarif, Fatemeh Moradi, Iman Khazrak, Mostafa M Rezaee, Mohammadhossein Homaei,
Abstract summary: Digital twins (DTs) are increasingly used to monitor and secure Industrial Control Systems (ICS)<n>But detecting stealthy False Data Injection Attacks (FDIAs) that manipulate system states within normal physical bounds remains challenging.<n>We propose a closed-loop Information-Theoretic Digital Twin (IT-DT) framework for real-time anomaly detection.
Score: 0.0
License: http://creativecommons.org/licenses/by-sa/4.0/
Abstract: Digital twins (DTs) are increasingly used to monitor and secure Industrial Control Systems (ICS), yet detecting stealthy False Data Injection Attacks (FDIAs) that manipulate system states within normal physical bounds remains challenging. Deep learning anomaly detectors often over-generalize such subtle manipulations, while classical fault detection methods do not scale well in highly correlated multivariate systems. We propose a closed-loop Information-Theoretic Digital Twin (IT-DT) framework for real-time anomaly detection. N4SID identification is combined with steady-state Kalman filtering to quantify residual distribution shifts via closed-form KL divergence, capturing both mean deviations and malicious cross-covariance shifts. Evaluations on the SWaT and WADI datasets show that IT-DT achieves F1-scores of 0.832 and 0.615, respectively, with better precision than deep learning baselines such as TranAD. Computational profiling indicates that the analytical approach requires minimal memory and provides approximately a 600x inference speedup over transformer-based methods on CPU hardware. This makes the framework suitable for resource-constrained industrial edge controllers without GPU acceleration.

Related papers

Universal Transformation of One-Class Classifiers for Unsupervised Anomaly Detection [51.73001988341294]
Anomaly detection is typically formulated as a one-class classification problem.<n>We present a dataset folding method that transforms an arbitrary one-class classifier-based anomaly detector into a fully unsupervised method.
arXiv Detail & Related papers (2026-02-13T16:54:12Z)
Digital Twin-Driven Zero-Shot Fault Diagnosis of Axial Piston Pumps Using Fluid-Borne Noise Signals [4.11115562060457]
Axial piston pumps are crucial components in fluid power systems.<n>Traditional data-driven methods require extensive labeled fault data.<n>This paper proposes a digital twin (DT)-driven zero-shot fault diagnosis framework.
arXiv Detail & Related papers (2025-12-22T11:24:42Z)
Diffuse to Detect: A Generalizable Framework for Anomaly Detection with Diffusion Models Applications to UAVs and Beyond [2.4449457537548036]
Anomaly detection in complex, high-dimensional data, such as UAV sensor readings, is essential for operational safety.<n>We propose the Diffuse to Detect (DTD) framework, a novel approach that adapts diffusion models for anomaly detection.<n>DTD employs a single-step diffusion process to predict noise patterns, enabling rapid and precise identification of anomalies without reconstruction errors.
arXiv Detail & Related papers (2025-10-27T02:08:08Z)
Hybrid Cryptographic Monitoring System for Side-Channel Attack Detection on PYNQ SoCs [0.0]
AES-128 encryption is theoretically secure but vulnerable in practical deployments due to timing and fault injection attacks on embedded systems.<n>This work presents a lightweight dual-detection framework combining statistical thresholding and machine learning (ML) for real-time anomaly detection.
arXiv Detail & Related papers (2025-08-29T13:13:43Z)
DTAAD: Dual Tcn-Attention Networks for Anomaly Detection in Multivariate Time Series Data [0.0]
We propose an anomaly detection and diagnosis model, DTAAD, based on Transformer and Dual Temporal Convolutional Network (TCN) scaling methods and feedback mechanisms are introduced to improve prediction accuracy and expand correlation differences. Our experiments on seven public datasets validate that DTAAD exceeds the majority of currently advanced baseline methods in both detection and diagnostic performance.
arXiv Detail & Related papers (2023-02-17T06:59:45Z)
A Robust and Explainable Data-Driven Anomaly Detection Approach For Power Electronics [56.86150790999639]
We present two anomaly detection and classification approaches, namely the Matrix Profile algorithm and anomaly transformer. The Matrix Profile algorithm is shown to be well suited as a generalizable approach for detecting real-time anomalies in streaming time-series data. A series of custom filters is created and added to the detector to tune its sensitivity, recall, and detection accuracy.
arXiv Detail & Related papers (2022-09-23T06:09:35Z)
The KFIoU Loss for Rotated Object Detection [115.334070064346]
In this paper, we argue that one effective alternative is to devise an approximate loss who can achieve trend-level alignment with SkewIoU loss. Specifically, we model the objects as Gaussian distribution and adopt Kalman filter to inherently mimic the mechanism of SkewIoU. The resulting new loss called KFIoU is easier to implement and works better compared with exact SkewIoU.
arXiv Detail & Related papers (2022-01-29T10:54:57Z)
Mitigating the Mutual Error Amplification for Semi-Supervised Object Detection [92.52505195585925]
We propose a Cross Teaching (CT) method, aiming to mitigate the mutual error amplification by introducing a rectification mechanism of pseudo labels. In contrast to existing mutual teaching methods that directly treat predictions from other detectors as pseudo labels, we propose the Label Rectification Module (LRM)
arXiv Detail & Related papers (2022-01-26T03:34:57Z)
Zero-bias Deep Learning Enabled Quick and Reliable Abnormality Detection in IoT [18.474662677341012]
This paper integrates zero-bias DNN and Quickest Event Detection algorithms. It provides a holistic framework for quick and reliable detection of both abnormalities and time-dependent abnormal events. We demonstrate the effectiveness of the framework using both massive signal records from real-world aviation communication systems and simulated data.
arXiv Detail & Related papers (2021-04-08T03:31:50Z)
TELESTO: A Graph Neural Network Model for Anomaly Classification in Cloud Services [77.454688257702]
Machine learning (ML) and artificial intelligence (AI) are applied on IT system operation and maintenance. One direction aims at the recognition of re-occurring anomaly types to enable remediation automation. We propose a method that is invariant to dimensionality changes of given data.
arXiv Detail & Related papers (2021-02-25T14:24:49Z)
SUOD: Accelerating Large-Scale Unsupervised Heterogeneous Outlier Detection [63.253850875265115]
Outlier detection (OD) is a key machine learning (ML) task for identifying abnormal objects from general samples. We propose a modular acceleration system, called SUOD, to address it.
arXiv Detail & Related papers (2020-03-11T00:22:50Z)

This list is automatically generated from the titles and abstracts of the papers in this site.