An interpretable semi‐supervised system for detecting cyberattacks using anomaly detection in industrial scenarios

When detecting cyberattacks in Industrial settings, it is not sufficient to determine whether the system suffering a cyberattack. It also fundamental explain why under cyberattack and which are assets affected. In this context, Anomaly Detection based on Machine Learning (ML) Deep (DL) techniques showed great performance when industrial scenarios. However, two main limitations hinder using them real environment. Firstly, most solutions trained supervised approach, impractical world. Secondly, use of black-box ML DL makes impossible interpret decision made by model. This article proposes an interpretable semi-supervised detect settings. Besides, our proposal was validated data collected from Tennessee Eastman Process. To best knowledge, only one that offers interpretability together with approach setting. Our discriminates between causes effects anomalies achieved for 11 types out 20 overall recall 0.9577, precision 0.9977, F1-score 0.9711.