Prediction of industrial cyber attacks using normalizing flows

This paper presents the development and evaluation of methods for detecting cyberattacks on industrial systems using neural network approaches. The focus is on the task of detecting anomalies in multivariate time series, where the diversity and complexity of potential attack scenarios require the use of advanced models. To address these challenges, a transformer-based autoencoder architecture was used, which was further enhanced by transitioning to a variational autoencoder (VAE) and integrating normalizing flows. These modifications allowed the model to better capture the data distribution, enabling effective anomaly detection, including those not present in the training set. As a result, high performance was achieved, with an F1 score of 0.93 and a ROC-AUC of 0.87. The obtained results underscore the effectiveness of the proposed methodology and provide valuable contributions to the field of anomaly detection and cybersecurity in industrial systems.