Abstract
As cyber-physical systems grow increasingly interconnected and spatially distributed, ensuring their resilience against evolving cyberattacks has become a critical priority. Spatio-Temporal Anomaly detection plays an important role in ensuring system security and operational integrity. However, current data-driven approaches, largely driven by black-box deep learning, face challenges in interpretability, adaptability to distribution shifts, and robustness under evolving system dynamics. In this paper, we advocate for a causal learning perspective to advance anomaly detection in spatially distributed infrastructures that grounds detection in structural cause-effect relationships. We identify and formalize three key directions: causal graph profiling, multi-view fusion, and continual causal graph learning, each offering distinct advantages in uncovering dynamic cause-effect structures across time and space. Drawing on real-world insights from systems such as water treatment infrastructures, we illustrate how causal models provide early warning signals and root cause attribution, addressing the limitations of black-box detectors. Looking ahead, we outline the future research agenda centered on multi-modality, generative AI-driven, and scalable adaptive causal frameworks. Our objective is to lay a new research trajectory toward scalable, adaptive, explainable, and spatially grounded anomaly detection systems. We hope to inspire a paradigm shift in cybersecurity research, promoting causality-driven approaches to address evolving threats in interconnected infrastructures.
Abstract (translated)
随着物理信息系统变得越来越相互关联和空间分布广泛,确保这些系统能够抵御不断演变的网络攻击已成为一个关键优先事项。时空异常检测在保障系统安全性和操作完整性方面发挥着重要作用。然而,目前以黑盒深度学习为主导的数据驱动方法,在可解释性、适应分布变化的能力以及面对不断发展的系统动态时的鲁棒性上面临着挑战。 本文倡导采用因果推理视角来推进空间分布式基础设施中的异常检测技术,通过建立在结构化因果关系基础上的检测方法。我们确定并形式化了三个关键方向:因果图谱分析、多视图融合和持续因果图学习,每一项都有助于揭示时间和空间维度上的动态因果结构。 借鉴诸如水处理设施等实际系统的经验,本文展示了因果模型如何提供早期预警信号以及根本原因归因,从而克服黑盒检测器的局限性。展望未来,我们概述了以多模态、生成式AI驱动和可扩展适应性为重心的研究议程。我们的目标是开辟一个新研究路径,即向可伸缩、自适应、解释性和基于空间定位的异常检测系统迈进。 我们希望这项工作能激发网络安全研究中的范式转变,促进因果驱动方法的应用以应对互联互通基础设施中不断演变的安全威胁。
URL
https://arxiv.org/abs/2507.08177
