Leveraging Swarm Intelligence for Invariant Rule Generation and Anomaly Detection in Industrial Control Systems

Industrial control systems (ICSs), which are fundamental to the operation of critical infrastructure, face increasingly sophisticated security threats due to the integration of information and operational technologies. Conventional anomaly detection techniques often lack the ability to provide clear explanations for their detection, and their inherent complexity can impede practical implementation in the resource-constrained environments typical of ICSs. To address these challenges, this paper proposes a novel approach that leverages swarm intelligence algorithms for the extraction of numerical association rules, specifically designed for anomaly detection in ICS. The proposed approach is designed to effectively identify and precisely localize anomalies by analyzing the states of sensors and actuators. Experimental validation using the Secure Water Treatment (SWaT) dataset demonstrates that the proposed approach can detect over 84% of attack instances, with precise anomaly localization achievable by examining as few as two to six sensor or actuator states. This significantly improves the efficiency and accuracy of anomaly detection. Furthermore, since the method is based on the general control dynamics of ICSs, it demonstrates robust generalization, making it applicable across a wide range of industrial control systems.