Model-Based Anomaly Detection has been a successful approach to identify deviations from the expected behavior of Cyber-Physical Production Systems. Since manual creation of these models is a time-consuming process, it is advantageous to learn them from data and represent them in a generic formalism like timed automata. However, these models - and by extension, the detected anomalies - can be challenging to interpret due to a lack of additional information about the system. This paper aims to improve model-based anomaly detection in CPPS by combining the learned timed automaton with a formal knowledge graph about the system. Both the model and the detected anomalies are described in the knowledge graph in order to allow operators an easier interpretation of the model and the detected anomalies. The authors additionally propose an ontology of the necessary concepts. The approach was validated on a five-tank mixing CPPS and was able to formally define both automata model as well as timing anomalies in automata execution.

翻译：基于模型的异常检测已成为识别信息物理生产系统偏离预期行为的成功方法。由于手动创建这些模型耗时费力，从数据中学习模型并以时间自动机等通用形式表示它们具有显著优势。然而，由于缺乏关于系统的额外信息，这些模型乃至所检测到的异常往往难以解释。本文旨在通过将学习到的时间自动机与系统的形式化知识图谱相结合，改进CPPS中基于模型的异常检测。该模型与检测到的异常均在知识图谱中进行描述，以便操作员更轻松地理解模型与异常。作者进一步提出了所需概念的本体。该方法已在五罐混合CPPS上得到验证，能够形式化定义自动机模型以及自动机执行中的时序异常。