pith. sign in

arxiv: 2504.20906 · v4 · submitted 2025-04-29 · 💻 cs.CR · cs.LG

A Giant-Step Baby-Step Classifier For Scalable and Real-Time Anomaly Detection In Industrial Control Systems and Water Treatment Systems

Sarad Venugopalan , Sridhar Adepu This is my paper

Pith reviewed 2026-05-22 18:35 UTC · model grok-4.3

classification 💻 cs.CR cs.LG
keywords anomaly detectionindustrial control systemswater treatmentreal-time detectionexplainabilitylinearizationcyber-physical systemssensor-actuator relationships
0
0 comments X

The pith

Linearizing sensor-actuator relationships enables millisecond anomaly detection with full traceability in industrial control systems.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper develops a classifier for anomaly detection in industrial control systems that begins by converting non-linear sensor-actuator relationships into linear forms. This linearization supports a giant-step baby-step procedure that identifies anomalies in milliseconds and traces each detection back to the specific sensor or actuator involved. Experiments on a water treatment testbed report 97.72 percent accuracy while treating deviations that stay inside safe operating limits as normal. The resulting combination of speed and explainability is presented as an advance over prior AI and machine-learning approaches that typically trade one property for the other.

Core claim

After linearizing the non-linear sensor-actuator relationships, a giant-step baby-step classifier detects anomalies in real time, returns millisecond-scale responses, and supplies traceable explanations that identify the responsible sensor or actuation state, reaching 97.72 percent accuracy on a water treatment testbed by classifying safe-limit deviations as non-anomalous.

What carries the argument

Giant-step baby-step classifier applied to linearized sensor-actuator models, performing classification that preserves component-level traceability.

Load-bearing premise

Linear approximations of non-linear sensor-actuator dynamics retain enough information to separate anomalies from normal safe variations.

What would settle it

Applying the classifier to an industrial control system whose non-linear dynamics differ substantially from the water treatment testbed and observing a large drop in accuracy or loss of traceability.

Figures

Figures reproduced from arXiv: 2504.20906 by Sarad Venugopalan, Sridhar Adepu.

Figure 1
Figure 1. Figure 1: Safe state determination using sensors. Boundaries are fed into a programmable logic controller. Lower bound (LB) and upper bound (UB). ii.) An extended solution is proposed in Section 4 to detect anomalies that stand out over a longer period of time. iii.) We compare our solution results with AI/ML models for anomaly detection and explainable AI (see Section 5). iv.) We discuss how explainability [14] is … view at source ↗
Figure 3
Figure 3. Figure 3: The actuators a4-a6 are for non-nearest neighbors w.r.t [PITH_FULL_IMAGE:figures/full_fig_p003_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: High level system architecture of SWaT water treatment testbed [9]. 2.4 Threat Model An attacker is assumed to have followed an attack vector [17] to gain access into plant OT. This adversary is assumed to be able to inject control commands and modify sensor readings and actuator status in OT. This leads to four attack types [9] — single stage single point (SSSP) where exactly one sensor/actuator data is u… view at source ↗
Figure 5
Figure 5. Figure 5: Mid-granular level view of P1 and early P2 SWaT process stages. Pretrain￾sb SWaT￾normal SWaT-nn actuator(s) Pretrain￾diff Training￾gi Training￾by SWaT￾attack Pretest￾sb Pretest￾diff Testing￾gi Testing￾by copy time index, sensor, nn￾acts append switchboard append diff Linearize into groups Linearize into groups Output: [LBg1,UBg1],..., [LBgm,UBgn] Output: [LBb1,UBb1],..., [LBbm,UBbn] Split Split Train Train… view at source ↗
Figure 7
Figure 7. Figure 7: Plot of six [LB, UB] baby-step training bounds for sensor LIT101. SWaT normal dataset is used for training. 3.3.2 Linearized state groups Further, we split the Training-by dataset into linearized groups (LSGsb), for all sb ∈ Training-by dataset. The first group contains only dataset rows associated with the sb = 11 switchboard state for this example, in the exact order it appeared in the Training-by datase… view at source ↗
Figure 6
Figure 6. Figure 6: Evolution of training and testing dataset. Pretest, testing and comparison are carried out in real-time, once the output from training is available. 3.3 A switchboard to map actuation state, building lin￾earized state groups, and enable explanation The training dataset is built on the normal SWaT dataset and the testing dataset from the SWaT attack dataset (see [PITH_FULL_IMAGE:figures/full_fig_p005_6.png] view at source ↗
Figure 8
Figure 8. Figure 8: A SWaT process P1 water pumping example. In [PITH_FULL_IMAGE:figures/full_fig_p007_8.png] view at source ↗
Figure 9
Figure 9. Figure 9: The Baby-step training split is similar to the Giant-step shown in [PITH_FULL_IMAGE:figures/full_fig_p007_9.png] view at source ↗
Figure 10
Figure 10. Figure 10: This example shows testing and explainability for the sensor trained in Giant-step ( [PITH_FULL_IMAGE:figures/full_fig_p008_10.png] view at source ↗
Figure 12
Figure 12. Figure 12: A hypothetical illustration of the distribution probabilities for sensor readings given its nn-actuation state, centred at p = 0.5. The anomaly probability is 0 at the centre and tends towards 1, as it approaches either of the boundaries. The x-axis is range of probability distribution and y-axis, its frequency. For the example with n = 3, we have T = 36, P(senn l ) = 3/36 = 0.083 and P(senn r ) = 31/36 =… view at source ↗
read the original abstract

The continuous monitoring of the interactions between cyber-physical components of any industrial control system (ICS) is required to secure automation of the system controls, and to guarantee plant processes are fail-safe and remain in an acceptably safe state. Safety is achieved by managing actuation (where electric signals are used to trigger physical movement), dependent on corresponding sensor readings; used as ground truth in decision making. Timely detection of anomalies (attacks, faults and unascertained states) in ICSs is crucial for the safe running of a plant, the safety of its personnel, and for the safe provision of any services provided. We propose an anomaly detection method that involves accurate linearization of the non-linear forms arising from sensor-actuator(s) relationships, primarily because solving linear models is easier and well understood. We accomplish this by using a well-known water treatment testbed as a use case. Our experiments show millisecond time response to detect anomalies, all of which are explainable and traceable; this simultaneous coupling of detection speed and explainability has not been achieved by other state of the art Artificial Intelligence (AI)/ Machine Learning (ML) models with eXplainable AI (XAI) used for the same purpose. Our methods explainability enables us to pin-point the sensor(s) and the actuation state(s) for which the anomaly was detected. The proposed algorithm showed an accuracy of 97.72% by flagging deviations within safe operation limits as non-anomalous; indicative that slower detectors with highest detection resolution is unnecessary, for systems whose safety boundaries provide leeway within safety limits.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 1 minor

Summary. The paper proposes a Giant-Step Baby-Step Classifier for anomaly detection in industrial control systems (ICS) and water treatment systems. It centers on accurate linearization of inherently non-linear sensor-actuator relationships to enable fast, explainable detection, reporting 97.72% accuracy on a water treatment testbed by treating deviations within safe limits as non-anomalous, along with millisecond response times and traceability to specific sensors/actuators. The authors assert this simultaneously achieves speed and explainability not attained by prior AI/ML models with XAI.

Significance. If the linearization step preserves anomaly-discriminating information and the performance generalizes, the work would offer a useful practical contribution to real-time ICS security by providing both low-latency detection and component-level traceability, addressing a gap where many XAI approaches trade off one for the other. The focus on safe-operation leeway as a design principle is a constructive element.

major comments (2)
  1. [Abstract and method description of linearization] The central performance claims (97.72% accuracy, millisecond latency, and traceability) rest on the linearization procedure, yet the manuscript supplies no quantitative bound on the linearization residual, no sensitivity analysis showing the size of deviation that can be masked by the approximation, and no evaluation on a second ICS domain beyond the single water-treatment testbed. This directly undermines the claim that the method works outside the reported experiments.
  2. [Abstract and experimental results] No baselines, error analysis, or comparative results against SOTA XAI models are presented to support the superiority assertion; the accuracy figure is stated without derivation details, cross-validation, or discussion of how thresholds were chosen, making the experimental evidence insufficient to substantiate the headline claims.
minor comments (1)
  1. [Abstract] The abstract refers to a 'well-known water treatment testbed' without naming it (e.g., SWaT or WADI), which reduces reproducibility; adding the exact testbed identifier and any public dataset references would help.

Simulated Author's Rebuttal

2 responses · 1 unresolved

We thank the referee for their careful reading and constructive comments. We address each major comment below and indicate planned revisions to improve the manuscript.

read point-by-point responses

  1. Referee: [Abstract and method description of linearization] The central performance claims (97.72% accuracy, millisecond latency, and traceability) rest on the linearization procedure, yet the manuscript supplies no quantitative bound on the linearization residual, no sensitivity analysis showing the size of deviation that can be masked by the approximation, and no evaluation on a second ICS domain beyond the single water-treatment testbed. This directly undermines the claim that the method works outside the reported experiments.

    Authors: We agree that an explicit quantitative bound on the linearization residual and a sensitivity analysis are not currently provided. The linearization approximates non-linear sensor-actuator relationships within the safe-operation envelope, treating deviations inside those bounds as non-anomalous by design. We will add a dedicated subsection deriving an error bound using the maximum observed deviation from normal-operation data and a first-order Taylor approximation residual. A sensitivity analysis showing the largest masked deviation will also be included. Regarding a second ICS domain, the current work focuses on the water-treatment testbed as a canonical ICS example; adding another domain would require new instrumentation and attack datasets that are outside the scope of this revision. We will explicitly state this limitation in the discussion and revise the abstract to qualify the generalization claim. revision: partial

  2. Referee: [Abstract and experimental results] No baselines, error analysis, or comparative results against SOTA XAI models are presented to support the superiority assertion; the accuracy figure is stated without derivation details, cross-validation, or discussion of how thresholds were chosen, making the experimental evidence insufficient to substantiate the headline claims.

    Authors: The reported accuracy of 97.72% is computed on the labeled testbed dataset by counting detections where the linearized prediction error exceeds the pre-defined safe-limit threshold. We will expand the experimental section with: (i) explicit derivation of the threshold from the 99th-percentile residual on normal data, (ii) 5-fold cross-validation results, and (iii) an error analysis breaking down false positives and negatives by sensor/actuator. Direct quantitative comparisons against SOTA XAI models were not performed because the method’s primary contribution is millisecond latency with built-in traceability rather than post-hoc explanation. We will revise the abstract and conclusion to replace the superiority claim with a statement that the approach simultaneously achieves real-time detection and component-level explainability, and add a qualitative comparison table against representative XAI methods in the related-work section. revision: partial

standing simulated objections not resolved
  • Evaluation on a second ICS domain, which would require new testbed instrumentation and attack data collection not feasible within the current revision timeline.

Circularity Check

0 steps flagged

No circularity in derivation chain

full rationale

The paper proposes linearization of non-linear sensor-actuator relationships as the core modeling step for anomaly detection, then reports empirical results (97.72% accuracy, millisecond latency, traceability) obtained by running the resulting classifier on a single well-known water-treatment testbed. No equations, parameter-fitting steps, or self-citations are shown that reduce the claimed performance figures or the linearization itself to the inputs by construction. The accuracy metric is an observed outcome on the validation data rather than a tautological prediction, and the method is presented as an engineering approximation whose validity is checked externally against the testbed traces. The derivation is therefore self-contained.

Axiom & Free-Parameter Ledger

1 free parameters · 1 axioms · 0 invented entities

The central claim rests on the assumption that linearization can be performed accurately for the target systems and that the chosen testbed is representative; these introduce domain assumptions and likely free parameters for the linearization step.

free parameters (1)
  • Linearization coefficients or thresholds
    Parameters required to convert non-linear sensor-actuator relationships into linear forms, presumably fitted or chosen for the water treatment testbed.
axioms (1)
  • domain assumption The water treatment testbed sufficiently represents real-world ICS dynamics for anomaly detection evaluation.
    Validation and accuracy claims are based exclusively on this testbed.

pith-pipeline@v0.9.0 · 5829 in / 1423 out tokens · 87230 ms · 2026-05-22T18:35:42.280671+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

40 extracted references · 40 canonical work pages · 2 internal anchors

  1. [1]

    Jaikaran, Cybersecurity: Selected Cyberattacks, 2012-2022 (Last up- dated - August, 2023)

    C. Jaikaran, Cybersecurity: Selected Cyberattacks, 2012-2022 (Last up- dated - August, 2023)

    work page 2012

  2. [2]

    TRENDMICRO, German Steel Plant Suffers Significant Damage from Targeted Attack (January 12, 2015)

    work page 2015

  3. [3]

    R. M. Lee, M. J. Assante, T. Conway, ICS CP/PE (Cyber-to-Physical or Process Effects) case study paper – German Steel Mill Cyber Attack (Dec 30, 2014)

    work page 2014

  4. [4]

    Dean Parsons, What’s the Scoop on FrostyGoop: The Latest ICS Mal- ware and ICS Controls Considerations (August 9, 2024)

    work page 2024

  5. [5]

    Marshall Abrams and Joe Weiss, Malicious Control System Cyber Secu- rity Attack Case Study – Maroochy Water Services, Australia (2008)

    work page 2008

  6. [6]

    James, 11 recent cyber attacks on the water and wastewater sector (October 13, 2024)

    work page 2024

  7. [7]

    Trevor Quinn, Anti-Israeli hackers leave 180 Mayo homes without water in cyberattack (December 7, 2023)

    work page 2023

  8. [8]

    Andy Greenberg, A Hacker Tried to Poison a Florida City’s Water Supply, Officials Say (February 8, 2021)

    work page 2021

  9. [9]

    J. Goh, S. Adepu, K. N. Junejo, A. P. Mathur, A dataset to support research in the design of secure water treatment systems, in: Critical Information Infrastructures Security, Cham, 2017, pp. 88–99

    work page 2017

  10. [10]

    Z. Li, Y . Zhao, X. Hu, N. Botta, C. Ionescu, G. Chen, ECOD: Un- supervised Outlier Detection Using Empirical Cumulative Distribution Functions, IEEE Transactions on Knowledge and Data Engineering (2022) 1–1

    work page 2022

  11. [11]

    L. Ruff, N. G ¨ornitz, L. Deecke, S. A. Siddiqui, R. A. Vandermeulen, A. Binder, E. M¨uller, M. Kloft, Deep One-Class Classification, in: ICML, 2018, pp. 4390–4399

    work page 2018

  12. [12]

    Mathuros, S

    K. Mathuros, S. Venugopalan, S. Adepu, WaXAI: Explainable Anomaly Detection in Industrial Control Systems and Water Systems, in: Proceed- ings of the 10th ACM Cyber-Physical System Security Workshop, CPSS ’24, ACM, New York, NY , USA, 2024, p. 3–15

    work page 2024

  13. [13]

    C. Feng, V . R. Palleti, A. Mathur, D. Chana, A systematic framework to generate invariants for anomaly detection in industrial control systems, Network and Distributed System Security (NDSS) Symposium, 2019

    work page 2019

  14. [14]

    S. Ali, T. Abuhmed, S. El-Sappagh, K. Muhammad, J. M. Alonso-Moral, R. Confalonieri, R. Guidotti, J. Del Ser, N. D ´ıaz-Rodr´ıguez, F. Herrera, Explainable Artificial Intelligence (XAI): What we know and what is left to attain Trustworthy Artificial Intelligence, Information Fusion 99 (2023) 101805

    work page 2023

  15. [15]

    Seliya, A

    N. Seliya, A. A. Zadeh, T. M. Khoshgoftaar, A literature review on one- class classification and its potential applications in big data, J. Big Data 8 (1) (2021) 122

    work page 2021

  16. [16]

    J. Cao, H. Dai, B. Lei, C. Yin, H. Zeng, A. Kummert, Maximum Cor- rentropy Criterion-Based Hierarchical One-Class Classification, IEEE Transactions on Neural Networks and Learning Systems 32 (8) (2021) 3748–3754

    work page 2021

  17. [17]

    CAPEC, CAPEC VIEW: Domains of Attack (Version 3.9) (Accessed on 8 February, 2025)

    work page 2025

  18. [18]

    Rieger, M

    P. Rieger, M. Chilese, R. Mohamed, M. Miettinen, H. Fereidooni, A.-R. Sadeghi, ARGUS: Context-Based Detection of Stealthy IoT Infiltration Attacks, in: 32nd USENIX Security Symposium (USENIX Security 23), Anaheim, CA, 2023, pp. 4301–4318

    work page 2023

  19. [19]

    Bentley, A

    R. Bentley, A. Sarkar, Humans in AI: The necessity for human-in-the- loop (HILT) (Jun 18, 2024)

    work page 2024

  20. [20]

    Clemmensen, M

    T. Clemmensen, M. T. Moghaddam, J. Nørbjerg, Cyber-physical sys- tems with Human-in-the-Loop: A systematic review of socio-technical perspectives, Journal of Systems and Software 226 (2025) 112348

    work page 2025

  21. [21]

    L. Yuan, S. Yu, Z. Yang, M. Duan, K. Li, A data balancing approach based on generative adversarial network, Future Generation Computer Systems 141 (2023) 768–776

    work page 2023

  22. [22]

    C. M. Ahmed, G. R. M R, A. P. Mathur, Challenges in Machine Learning based approaches for Real-Time Anomaly Detection in Industrial Control Systems, in: Proceedings of the 6th ACM on Cyber-Physical System Security Workshop, CPSS ’20, Association for Computing Machinery, New York, NY , USA, 2020, p. 23–29

    work page 2020

  23. [23]

    Chakrabarty, CS 31: Algorithms (Spring 2019): Lecture 19 (2019)

    D. Chakrabarty, CS 31: Algorithms (Spring 2019): Lecture 19 (2019)

    work page 2019

  24. [24]

    D. I. Urbina, J. A. Giraldo, A. A. Cardenas, N. O. Tippenhauer, J. Valente, M. Faisal, J. Ruths, R. Candell, H. Sandberg, Limiting the Impact of Stealthy Attacks on Industrial Control Systems, CCS ’16, ACM, New York, NY , USA, 2016, p. 1092–1105

    work page 2016

  25. [25]

    Safety devices for protection against excessive pressure (Reviewed and Confirmed, 2025)

    ISO, ISO 4126-1:2013. Safety devices for protection against excessive pressure (Reviewed and Confirmed, 2025)

    work page 2013

  26. [26]

    A. L. Buczak, E. Guven, A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection, IEEE Communications Surveys & Tutorials 18 (2) (2016) 1153–1176

    work page 2016

  27. [27]

    Inoue, Y

    J. Inoue, Y . Yamagata, Y . Chen, C. M. Poskitt, J. Sun, Anomaly Detection for a Water Treatment System Using Unsupervised Machine Learning, in: 2017 IEEE International Conference on Data Mining Workshops (ICDMW), 2017, pp. 1058–1065

    work page 2017

  28. [28]

    X. Xu, Y . Lai, X. Zhang, X. Dong, Abnormal Logical Representation Learning for Intrusion Detection in Industrial Control Systems, IEEE Transactions on Industrial Informatics 20 (8) (2024) 10624–10635

    work page 2024

  29. [29]

    M. R. G. Raman, A. P. Mathur, A Hybrid Physics-Based Data-Driven Framework for Anomaly Detection in Industrial Control Systems, IEEE Transactions on Systems, Man, and Cybernetics: Systems 52 (9) (2022) 6003–6014

    work page 2022

  30. [30]

    Y . K. Saheed, S. Misra, S. Chockalingam, Autoencoder via DCNN and LSTM Models for Intrusion Detection in Industrial Control Systems of Critical Infrastructures, in: 2023 IEEE/ACM 4th International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS), 2023, pp. 9–16

    work page 2023

  31. [31]

    Adepu, A

    S. Adepu, A. Mathur, Distributed Detection of Single-Stage Multipoint Cyber Attacks in a Water Treatment Plant, in: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, ASIA CCS ’16, Association for Computing Machinery, New York, NY , USA, 2016, p. 449–460

    work page 2016

  32. [32]

    C. H. Yoong, V . R. Palleti, R. R. Maiti, A. Silva, C. M. Poskitt, Deriving invariant checkers for critical infrastructure using axiomatic design principles, Cybersecur. 4 (1) (2021) 6

    work page 2021

  33. [33]

    Raman, A

    G. Raman, A. P. Mathur, AICrit: A unified framework for real-time anomaly detection in water treatment plants, Journal of Information Security and Applications 64 (2022) 103046

    work page 2022

  34. [34]

    Mehmood, Z

    M. Mehmood, Z. Baig, N. Syed, Securing Industrial Control Systems (ICS) Through Attack Modelling and Rule-Based Learning, in: 2024 16th International Conference on COMmunication Systems & NETworkS (COMSNETS), 2024, pp. 598–602

    work page 2024

  35. [35]

    S. M. Lundberg, S.-I. Lee, A unified approach to interpreting model predictions, in: Proceedings of the 31st International Conference on Neural Information Processing Systems, NIPS’17, Curran Associates Inc., Red Hook, NY , USA, 2017, p. 4768–4777

    work page 2017

  36. [36]

    M. T. Ribeiro, S. Singh, C. Guestrin, ”Why Should I Trust You?”: Explaining the Predictions of Any Classifier, CoRR abs/1602.04938 (2016).arXiv:1602.04938

    work page internal anchor Pith review Pith/arXiv arXiv 2016

  37. [37]

    D. W. Apley, J. Zhu, Visualizing the Effects of Predictor Variables in Black Box Supervised Learning Models, Journal of the Royal Statistical Society Series B: Statistical Methodology 82 (4) (2020) 1059–1086

    work page 2020

  38. [38]

    Axiomatic Attribution for Deep Networks

    M. Sundararajan, A. Taly, Q. Yan, Axiomatic Attribution for Deep Networks, CoRR abs/1703.01365 (2017).arXiv:1703.01365

    work page internal anchor Pith review Pith/arXiv arXiv 2017

  39. [39]

    Avdalovic, J

    A. Avdalovic, J. Khoury, A. Taha, E. Bou-Harb, Enhancing Network Se- curity Management in Water Systems using FM-based Attack Attribution (2025).arXiv:2503.01229

    work page arXiv 2025

  40. [40]

    C. Fung, E. Zeng, L. Bauer, Attributions for ML-based ICS Anomaly Detection: From Theory to Practice, in: 31st Annual Network and Dis- tributed System Security Symposium, NDSS San Diego, USA, February 26 - March 1, 2024, The Internet Society, 2024

    work page 2024