Realistic Data Generation for Anomaly Detection in Industrial Settings Using Simulations

With the rise of advanced persistent threats to cyber-physical facilities, new methods for anomaly detection are required. However, research on anomaly detection systems for industrial networks suffers from the lack of suitable training data to verify the methods at early stages. This paper presents a framework and workflow to generate meaningful training and test data for anomaly detection systems in industrial settings. Using process-model based simulations data can be generated on a large scale. We evaluate the data in regard to its usability for state-of-the-art anomaly detection systems. With adequate simulation configurations, it is even possible to simulate a sensor manipulation attack on the model and to derive labeled data. By this simulation of attacked components, we demonstrate the effectiveness of systems trained on artificial data to detect previously unseen attacks.