Abstract
The recent increase in frequency and severity of cyber-physical attacks on water treatment plants and distribution systems calls for the development of intrusion detection schemes that help protect these critical infrastructures. This paper contributes an algorithm specifically designed for detecting and localizing cyber attacks against water distribution systems. The algorithm builds on the idea of learning a data-driven model that reproduces the patterns of all hydraulic processes observed within a distribution system: the model is trained using data pertaining to normal operating conditions, in order to poorly reproduce anomalous patterns, such as those induced by cyber attacks. The modeling process is carried out using autoencoders, a deep learning neural network architecture capable of building a compressed and meaningful representation of high-dimensional input data patterns. The algorithm is developed and tested on three data sets devised for the Battle of the Attack Detection Algorithms—the only open-source data available, at this stage, for research in cyber security of water networks. Results show that the detection algorithm can identify all attacks featured in the data sets, including those compromising data integrity. The algorithm has two additional important features: it localizes the components under attack, and it is developed using only data pertaining to normal operating conditions, which are generally available to water utilities.
Get full access to this article
View all available purchase options and get full access to this article.
Acknowledgments
The authors are supported by the National Research Foundation (NRF), Singapore, under its National Cybersecurity R&D Programme (Award No. NRF2014NCR-NCR001-40).
References
Arad, J., M. Housh, L. Perelman, and A. Ostfeld. 2013. “A dynamic thresholds scheme for contaminant event detection in water distribution systems.” Water. Res. 47 (5): 1899–1908. https://doi.org/10.1016/j.watres.2013.01.017.
BATADAL. 2017. “The BATtle of the Attack Detection ALgorithms.” Accessed May 22, 2018. http://www.batadal.net.
Behzad, M., K. Asghari, M. Eazi, and M. Palhang. 2009. “Generalization performance of support vector machines and neural networks in runoff modeling.” Expert Syst. Appl. 36 (4): 7624–7629. https://doi.org/10.1016/j.eswa.2008.09.053.
Bengio, Y. 2009. “Learning deep architectures for AI.” Found. Trends Mach. Learn. 2 (1): 1–127. https://doi.org/10.1561/2200000006.
Chen, T., and C. Guestrin. 2016. “XGBoost: A scalable tree boosting system.” In Proc., 22nd ACM SIGKDD Int. Conf. on Knowledge Discovery and Data Mining, 785–794. New York: ACM.
Chollet, F. 2017. Keras: Deep learning for Python. Shelter Island, NY: Manning.
Creaco, E., A. Campisano, M. Franchini, and C. Modica. 2017. “Unsteady flow modeling of pressure real-time control in water distribution networks.” J. Water Resour. Plann. Manage. 143 (9): 04017056. https://doi.org/10.1061/(ASCE)WR.1943-5452.0000821.
Deng, L., and D. Yu. 2014. “Deep learning: Methods and applications.” Found. Trends Sig. Process. 7 (3–4): 197–387. https://doi.org/10.1561/2000000039.
Friedman, J. H. 2001. “Greedy function approximation: A gradient boosting machine.” Ann. Stat. 29 (5): 1189–1232. https://doi.org/10.1214/aos/1013203451.
Galelli, S., and A. Castelletti. 2013. “Assessing the predictive capability of randomized tree-based ensembles in streamflow modelling.” Hydrol. Earth Syst. Sci. 17 (7): 2669–2684. https://doi.org/10.5194/hess-17-2669-2013.
Galelli, S., G. B. Humphrey, H. R. Maier, A. Castelletti, G. C. Dandy, and M. S. Gibbs. 2014. “An evaluation framework for input variable selection algorithms for environmental data-driven models.” Environ. Modell. Software 62: 33–51. https://doi.org/10.1016/j.envsoft.2014.08.015.
Gong, W., M. A. Suresh, L. Smith, A. Ostfeld, R. Stoleru, A. Rasekh, and M. K. Banks. 2016. “Mobile sensor networks for optimal leak and backflow detection and localization in municipal water networks.” Environ. Modell. Software 80: 306–321. https://doi.org/10.1016/j.envsoft.2016.02.001.
Goodfellow, I., Y. Bengio, and A. Courville. 2016. Deep learning. Cambridge, MA: MIT Press.
Hayes, M. A., and M. A. Capretz. 2015. “Contextual anomaly detection framework for big sensor data.” J. Big Data 2 (1): 2. https://doi.org/10.1186/s40537-014-0011-y.
Hinton, G. E., and R. R. Salakhutdinov. 2006. “Reducing the dimensionality of data with neural networks.” Science 313 (5786): 504–507. https://doi.org/10.1126/science.1127647.
Housh, M., and Z. Ohar. 2017. “Integrating physically based simulators with event detection systems: Multi-site detection approach.” Water. Res. 110: 180–191. https://doi.org/10.1016/j.watres.2016.12.003.
Housh, M., and A. Ostfeld. 2015. “An integrated logit model for contamination event detection in water distribution systems.” Water. Res. 75: 210–223. https://doi.org/10.1016/j.watres.2015.02.016.
ICS-CERT (Industrial Control Systems-Cyber Emergency Response Team). 2015. NCCIC/ICS-CERT year in review: FY 2014. Washington, DC: ICS-CERT.
ICS-CERT (Industrial Control Systems-Cyber Emergency Response Team). 2016. NCCIC/ICS-CERT year in review: FY 2015. Washington, DC: ICS-CERT.
Kingma, D., and J. Ba. 2014. “Adam: A method for stochastic optimization.” Preprint, submitted December 22, 2014. https://arxiv.org/abs/1412.6980.
Koch, M. W., and S. A. McKenna. 2011. “Distributed sensor fusion in water quality event detection.” J. Water Resour. Plann. Manage. 137 (1): 10–19. https://doi.org/10.1061/(ASCE)WR.1943-5452.0000094.
LeCun, Y., Y. Bengio, and G. Hinton. 2015. “Deep learning.” Nature 521 (7553): 436–444. https://doi.org/10.1038/nature14539.
Lee, H., R. Grosse, R. Ranganath, and A. Y. Ng. 2009. “Convolutional deep belief networks for scalable unsupervised learning of hierarchical representations.” In Proc., 26th Annual Int. Conf. on Machine Learning, 609–616. New York: ACM.
Liu, S., R. Li, K. Smith, and H. Che. 2016. “Why conventional detection methods fail in identifying the existence of contamination events.” Water. Res. 93: 222–229. https://doi.org/10.1016/j.watres.2016.02.027.
Maier, H. R., A. Jain, G. C. Dandy, and K. Sudheer. 2010. “Methods used for the development of neural networks for the prediction of water resource variables in river systems: Current status and future directions.” Environ. Modell. Software 25 (8): 891–909. https://doi.org/10.1016/j.envsoft.2010.02.003.
Microsoft. 2016. LightGBM: Light gradient boosting machine. San Francisco: GitHub.
Oliker, N., Z. Ohar, and A. Ostfeld. 2016. “Spatial event classification using simulated water quality data.” Environ. Modell. Software 77: 71–80. https://doi.org/10.1016/j.envsoft.2015.11.013.
Oliker, N., and A. Ostfeld. 2014. “A coupled classification-evolutionary optimization model for contamination event detection in water distribution systems.” Water. Res. 51: 234–245. https://doi.org/10.1016/j.watres.2013.10.060.
Ostfeld, A., et al. 2012. “Battle of the water calibration networks.” J. Water Resour. Plann. Manage. 138 (5): 523–532. https://doi.org/10.1061/(ASCE)WR.1943-5452.0000191.
Pan, S. J., and Q. Yang. 2010. “A survey on transfer learning.” IEEE Trans. Knowl. Data Eng. 22 (10): 1345–1359. https://doi.org/10.1109/TKDE.2009.191.
Pedregosa, F., et al. 2011. “Scikit-learn: Machine learning in Python.” J. Mach. Learn. Res. 12: 2825–2830.
Rasekh, A., A. Hassanzadeh, S. Mulchandani, S. Modi, and M. K. Banks. 2016. “Smart water networks and cyber security.” J. Water Resour. Plann. Manage. 142 (7): 01816004. https://doi.org/10.1061/(ASCE)WR.1943-5452.0000646.
Rossman, L. A. 2000. EPANET 2: Users manual. Washington, DC: EPANET.
Ruder, S. 2016. “An overview of gradient descent optimization algorithms.” Preprint, submitted September 15, 2016. https://arxiv.org/abs/1609.04747.
Schmidhuber, J. 2015. “Deep learning in neural networks: An overview.” Neural Networks 61: 85–117. https://doi.org/10.1016/j.neunet.2014.09.003.
Shortridge, J. E., and S. D. Guikema. 2014. “Public health and pipe breaks in water distribution systems: Analysis with internet search volume as a proxy.” Water. Res. 53: 26–34. https://doi.org/10.1016/j.watres.2014.01.013.
Slay, J., and M. Miller. 2008. “Lessons learned from the Maroochy water breach.” In Critical infrastructure protection, edited by E. Goetz, and S. Shenoi, 73–82. Boston: Springer.
Taormina, R., et al. 2018. “The battle of the attack detection algorithms: Disclosing cyber attacks on water distribution networks.” J. Water Resour. Plann. Manage. 144 (8): 04018048. https://doi.org/10.1061/(ASCE)WR.1943-5452.0000969.
Taormina, R., and S. Galelli. 2017. “Real-time detection of cyber-physical attacks on water distribution systems using deep learning.” In Proc., World Environmental and Water Resources Congress 2017, 469–479. Reston, VA: ASCE.
Taormina, R., S. Galelli, N. O. Tippenhauer, E. Salomons, and A. Ostfeld. 2017. “Characterizing cyber-physical attacks on water distribution systems.” J. Water Resour. Plann. Manage. 143 (5): 04017009. https://doi.org/10.1061/(ASCE)WR.1943-5452.0000749.
Theano Development Team. 2016. “Theano: A Python framework for fast computation of mathematical expressions.” e-prints, submitted May 9, 2016. http://arxiv.org/abs/1605.02688.
Van Zyl, J. E., D. A. Savic, and G. A. Walters. 2004. “Operational optimization of water distribution systems using a hybrid genetic algorithm.” J. Water Resour. Plann. Manage. 130 (2): 160–170. https://doi.org/10.1061/(ASCE)0733-9496(2004)130:2(160).
Wang, G., J. Hao, J. Ma, and L. Huang. 2010. “A new approach to intrusion detection using artificial neural networks and fuzzy clustering.” Expert Syst. Appl. 37 (9): 6225–6232. https://doi.org/10.1016/j.eswa.2010.02.102.
Wu, Y., S. Liu, X. Wu, Y. Liu, and Y. Guan. 2016. “Burst detection in district metering areas using a data driven clustering algorithm.” Water. Res. 100: 28–37. https://doi.org/10.1016/j.watres.2016.05.016.
Yang, X., and D. L. Boccelli. 2016. “Dynamic water-quality simulation for contaminant intrusion events in distribution systems.” J. Water Resour. Plann. Manage. 142 (10): 04016038. https://doi.org/10.1061/(ASCE)WR.1943-5452.0000674.
Information & Authors
Information
Published In
Journal of Water Resources Planning and Management
Volume 144 • Issue 10 • October 2018
Copyright
©2018 American Society of Civil Engineers.
History
Received: Nov 24, 2017
Accepted: Apr 23, 2018
Published online: Jul 20, 2018
Published in print: Oct 1, 2018
Discussion open until: Dec 20, 2018
Authors
Metrics & Citations
Metrics
Citations
Download citation
If you have the appropriate software installed, you can download article citation data to the citation manager of your choice. Simply select your manager software from the list below and click Download.