Cyber-security attacks pose a significant threat to the operation of autonomous systems. Particularly impacted are the Heating, Ventilation, and Air Conditioning (HVAC) systems in smart buildings, which depend on data gathered by sensors and Machine Learning (ML) models using the captured data. As such, attacks that alter the readings of these sensors can severely affect the HVAC system operations impacting residents' comfort and energy reduction goals. Such attacks may induce changes in the online data distribution being fed to the ML models, violating the fundamental assumption of similarity in training and testing data distribution. This leads to a degradation in model prediction accuracy due to a phenomenon known as Concept Drift (CD) - the alteration in the relationship between input features and the target variable. Addressing CD requires identifying the source of drift to apply targeted mitigation strategies, a process termed drift explanation. This paper proposes a Feature Drift Explanation (FDE) module to identify the drifting features. FDE utilizes an Auto-encoder (AE) that reconstructs the activation of the first layer of the regression Deep Learning (DL) model and finds their latent representations. When a drift is detected, each feature of the drifting data is replaced by its representative counterpart from the training data. The Minkowski distance is then used to measure the divergence between the altered drifting data and the original training data. The results show that FDE successfully identifies 85.77 % of drifting features and showcases its utility in the DL adaptation method under the CD phenomenon. As a result, the FDE method is an effective strategy for identifying drifting features towards thwarting cyber-security attacks.

翻译：网络安全攻击对自主系统的运行构成重大威胁。受影响尤为严重的是智能楼宇中的暖通空调（HVAC）系统，该系统依赖于传感器收集的数据以及基于捕获数据运行的机器学习（ML）模型。因此，篡改传感器读数的攻击会严重影响HVAC系统运行，从而影响居民舒适度和节能目标。此类攻击可能改变输入ML模型的在线数据分布，违反训练数据与测试数据分布相似的基本假设。这会导致模型预测精度下降，这种现象称为概念漂移（CD）——输入特征与目标变量之间关系的改变。应对CD需要识别漂移源以应用针对性缓解策略，此过程称为漂移解释。本文提出一种特征漂移解释（FDE）模块，用于识别漂移特征。FDE利用自编码器（AE）重建回归深度学习（DL）模型第一层的激活值，并寻找其潜在表征。当检测到漂移时，将漂移数据中的每个特征替换为其在训练数据中的对应代表值。随后使用闵可夫斯基距离度量修改后的漂移数据与原始训练数据之间的差异。结果表明，FDE能成功识别85.77%的漂移特征，并展示了其在CD现象下DL自适应方法中的实用性。因此，FDE方法是识别漂移特征以抵御网络安全攻击的有效策略。