Explainable Data Driven Anomaly Detection for Securing Cyber Physical Systems: Theory and Experiment

Abstract

This thesis addresses the growing security challenges in cyber-physical systems (CPS) used in mission-critical applications such as autonomous vehicles, industrial automation, and IoT devices. CPS environments, characterized by their multi-layered structure—comprising perception, transmission, and application layers—are increasingly exposed to sophisticated cyberattacks that exploit vulnerabilities across these layers. Traditional security measures, including network segmentation and rule-based threat detection, are often inadequate against a continuously evolving attack corpus. While AI-based threat detection has gained traction and trust across various industries, most solutions rely on supervised anomaly detection methods. Although these solutions excel at identifying known threats, they frequently fail to detect zero-day vulnerabilities and novel attack patterns. In response, this work proposes novel multi-layered, AI-driven anomaly detection algorithms and framework that leverages multimodal and multivariate time-series data to provide offline and real-time threat identification without prior knowledge of attack vectors. our proposed solutions are enhanced with explainable AI (xAI) techniques, which bolster the interpretability and trustworthiness of model decisions, thereby enabling effective human-on-the-loop oversight with actionable insights. We assessed our proposed solutions in several ways to ensure they work well in real-world applications and can be easily adopted by industry. First, we measured their performance using publicly available datasets and standard benchmarks. In addition, we curated a novel dataset based on actual robotic operations. Finally, we implemented our solutions on a fully operational CPS to demonstrate the feasibility of real-world deployment and their detection capabilities. By integrating advanced anomaly detection methods with real-time responsiveness and explainability, this research contributes to the development of next-generation CPS security solutions that are robust, adaptable, and ready for real-world deployment.