Privacy-Preserving Anomaly Detection With Homomorphic Encryption for Industrial Control Systems in Critical Infrastructure

Critical infrastructure (CI) is essential for societal and economic stability, making it a prime target for cyber threats. Traditional anomaly detection models like LSTM and Transformers require substantial computational resources, which are often unavailable in CI environments. Cloud computing offers on-demand resources but introduces privacy concerns due to the need to transmit sensitive data to cloud servers. Homomorphic encryption (HE) enables secure processing of encrypted data but is computationally intensive, particularly due to operations like bootstrapping. This letter proposes a bootstrapping-free lightweight anomaly detection model optimized for homomorphically encrypted data, leveraging CI's operational characteristics. The model employs a two-stage data separation process and introduces state-vectors for normal operation detection, forming a allowlist anomaly detection approach. Experimental results on the SWaT and WADI datasets demonstrate the model's competitive performance and efficiency, with significantly reduced training times while maintaining robust security.