Cyberattack Detection Using Deep Generative Models with Variational Inference
Publication: Journal of Water Resources Planning and Management
Volume 145, Issue 2
Abstract
Recent years have witnessed a rise in the frequency and intensity of cyberattacks targeted at critical infrastructure systems. This study designs a versatile, data-driven cyberattack detection platform for infrastructure systems cybersecurity, with a special demonstration in the water sector. A deep generative model with variational inference autonomously learns normal system behavior and detects attacks as they occur. The model can process the natural data in its raw form and automatically discover and learn its representations, hence augmenting system knowledge discovery and reducing the need for laborious human engineering and domain expertise. The proposed model is applied to a simulated cyberattack detection problem involving a drinking water distribution system subject to programmable logic controller hacks, malicious actuator activation, and deception attacks. The model is only provided with observations of the system, such as pump pressure and tank water level reads, and is blind to the internal structures and workings of the water distribution system. The simulated attacks are manifested in the model’s generated reproduction probability plot, indicating its ability to discern the attacks. There is, however, need for improvements in reducing false alarms, especially by optimizing detection thresholds. Altogether, the results indicate ability of the model in distinguishing attacks and their repercussions from normal system operation in water distribution systems, and the promise it holds for cyberattack detection in other domains.
Get full access to this article
View all available purchase options and get full access to this article.
Acknowledgments
Author contributions: S.E.C. formulated the methodology, performed analysis, and assisted with manuscript writing; A.R. orchestrated the work, wrote the manuscript, and assisted with analysis; Z.A.B formulated the comparison method and assisted with analysis; M.E.S. designed the attack generator and assisted with analysis.
References
Ahmed, C. M., C. Murguia, and J. Ruths. 2017. “Model-based attack detection scheme for smart water distribution networks.” In Proc., 2017 ACM on Asia Conf. on Computer and Communications Security, 101–113. New York: Association for Computing Machinery.
Amin, S., X. Litrico, S. Sastry, and A. M. Bayen. 2013a. “Cyber security of water SCADA systems—Part I: Analysis and experimentation of stealthy deception attacks.” IEEE Trans. Control Syst. Technol. 21 (5): 1963–1970. https://doi.org/10.1109/TCST.2012.2211873.
Amin, S., X. Litrico, S. S. Sastry, and A. M. Bayen. 2013b. “Cyber security of water SCADA systems—Part II: Attack detection using enhanced hydrodynamic models.” IEEE Trans. Control Syst. Technol. 21 (5): 1679–1693. https://doi.org/10.1109/TCST.2012.2211874.
Aminikhanghahi, S., and D. J. Cook. 2017. “A survey of methods for time series change point detection.” Knowl. Inf. Syst. 51 (2): 339–367. https://doi.org/10.1007/s10115-016-0987-z.
Bai, Y., Z. Chen, J. Xie, and C. Li. 2016. “Daily reservoir inflow forecasting using multiscale deep feature learning with hybrid models.” J. Hydrol. 532: 193–206. https://doi.org/10.1016/j.jhydrol.2015.11.011.
Bastien, F., P. Lamblin, R. Pascanu, J. Bergstra, I. Goodfellow, A. Bergeron, N. Bouchard, D. Warde-Farley, and Y. Bengio. 2012. “Theano: New features and speed improvements.” In Proc., 25th Int. Conf. on Neural Information Processing Systems (NIPS 2012). La Jolla, CA: NIPS Foundation.
Bengio, Y., A. Courville, and P. Vincent. 2013. “Representation learning: A review and new perspectives.” IEEE Trans. Pattern Anal. Mach. Intell. 35 (8): 1798–1828. https://doi.org/10.1109/TPAMI.2013.50.
Blei, D. M., A. Kucukelbir, and J. D. McAuliffe. 2017. “Variational inference: A review for statisticians.” J. Am. Stat. Assoc. 112 (518): 859–877. https://doi.org/10.1080/01621459.2017.1285773.
Cardenas, A., S. Amin, B. Sinopoli, A. Giani, A. Perrig, and S. Sastry. 2009. “Challenges for securing cyber physical systems.” In Vol. 5 of Workshop on Future Directions in Cyber-Physical Systems Security. Washington, DC: Dept. of Homeland Security.
Chandola, V., A. Banerjee, and V. Kumar. 2009. “Anomaly detection: A survey.” ACM Comput. Surv. 41 (3): 1–58. https://doi.org/10.1145/1541880.1541882.
Ghafouri, A., W. Abbas, A. Laszka, Y. Vorobeychik, and X. Koutsoukos. 2016. “Optimal thresholds for anomaly-based intrusion detection in dynamical environments.” In Proc., Int. Conf. on Decision and Game Theory for Security, 415–434. Cham: Springer.
Goh, J., S. Adepu, K. N. Junejo, and A. Mathur. 2016. “A dataset to support research in the design of secure water treatment systems.” In Proc., 11th Int. Conf. on Critical Information Infrastructures Security. New York: Springer International Publishing.
Goodfellow, I., Y. Bengio, and A. Courville. 2016. Deep learning. Cambridge, MA: MIT Press.
Goodfellow, I. J., J. Pouget-Abadie, M. Mirza, B. Xu, D. Warde-Farley, S. Ozair, A. Courville, and Y. Bengio. 2014. “Generative adversarial networks.” In Proc., 27th Int. Conf. on Neural Information Processing Systems, 2672–2680. Cambridge, MA: MIT Press.
Gregor, K., I. Danihelka, A. Mnih, C. Blundell, and D. Wierstra. 2014. “Deep AutoRegressive networks.” In Proc., Int. Conf. on Machine Learning, 1242–1250. New York: Association for Computing Machinery.
Hinton, G. E., and Z. Ghahramani. 1997. “Generative models for discovering sparse distributed representations.” Philos. Trans. R. Soc. London, Ser. B 352 (1358): 1177–1190. https://doi.org/10.1098/rstb.1997.0101.
Housh, M., and Z. Ohar. 2017. “Model based approach for cyber-physical attacks detection in water distribution systems.” In Proc., World Environmental and Water Resources Congress 2017, 727–736. Reston, VA: ASCE.
ICS-CERT. 2016. NCCIC/ICS-CERT year in review: FY 2015. Washington, DC: US Dept. of Homeland Security.
Ioffe, S., and C. Szegedy. 2015. “Batch normalization: Accelerating deep network training by reducing internal covariate shift.” Proc. Mach. Learn. Res. 37: 448–456.
Kingma, D., and J. Ba. 2015. “Adam: A method for stochastic optimization.” In Proc., 3rd Int. Conf. on Learning Representations (ICLR 2015). La Jolla, CA: ICLR.
Kingma, D., and M. Welling. 2014. “Auto-encoding variational Bayes.” In Proc., 2nd Int. Conf. on Learning Representations (ICLR 2014). La Jolla, CA: ICLR.
Krizhevsky, A., I. Sutskever, and G. E. Hinton. 2012. “ImageNet classification with deep convolutional neural networks.” In Proc., 25th Int. Conf. on Neural Information Processing Systems (NIPS 2012). La Jolla, CA: NIPS Foundation.
Laszka, A., W. Abbas, S. S. Sastry, Y. Vorobeychik, and X. Koutsoukos. 2016. “Optimal thresholds for intrusion detection systems.” In Proc., Symp. and Bootcamp on the Science of Security, 72–81. New York: Association for Computing Machinery.
Laszka, A., W. Abbas, Y. Vorobeychik, and X. Koutsoukos. 2017. “Synergic security for smart water networks: Redundancy, diversity, and hardening.” In Proc., 3rd Int. Workshop on Cyber-Physical Systems for Smart Water Networks, 21–24. New York: Association for Computing Machinery.
LeCun, Y., Y. Bengio, and G. Hinton. 2015. “Deep learning.” Nature 521 (7553): 436–444. https://doi.org/10.1038/nature14539.
Marçais, J., and J. R. de Dreuzy. 2017. “Prospective interest of deep learning for hydrological inference.” Groundwater 55 (5): 688–692. https://doi.org/10.1111/gwat.12557.
Ostfeld, A., et al. 2012. “Battle of the water calibration networks.” J. Water Resour. Plann. Manage. 138 (5): 523–532. https://doi.org/10.1061/(ASCE)WR.1943-5452.0000191.
Perelman, L., and S. Amin. 2014. “A network interdiction model for analyzing the vulnerability of water distribution systems.” In Proc., 3rd Int. Conf. on High Confidence Networked Systems, 135–144. New York: Association for Computing Machinery.
Rao, V. M., and R. A. Francis. 2015. “Critical review of cybersecurity protection procedures and practice in water distribution systems.” In Proc., IIE Annual Conf. Peachtree Corners, GA: Institute of Industrial and Systems Engineers.
Rasekh, A., A. Hassanzadeh, S. Mulchandani, S. Modi, and M. K. Banks. 2016. “Smart water networks and cyber security.” J. Water Resour. Plann. Manage. 142 (7): 01816004. https://doi.org/10.1061/(ASCE)WR.1943-5452.0000646.
Rossman, L. A. 2000. EPANET 2: Users manual. Washington, DC: Environmental Protection Agency.
Sokolova, M., N. Japkowicz, and S. Szpakowicz. 2006. “Beyond accuracy, F-score and ROC: A family of discriminant measures for performance evaluation.” In Vol. 4304 of Australian Conf. on Artificial Intelligence, 1015–1021. New York: Springer International Publishing.
Stouffer, K., J. Falco, and K. Scarfone. 2011. “Guide to industrial control systems security.” NIST Spec. Publ. 800 (82): 16. https://doi.org/10.1175/JHM-D-15-0075.1.
Tao, Y., X. Gao, K. Hsu, S. Sorooshian, and A. Ihler. 2016. “A deep neural network modeling framework to reduce bias in satellite precipitation products.” J. Hydrometeorol. 17 (3): 931–945. https://doi.org/10.1175/JHM-D-15-0075.1.
Taormina, R., et al. 2018. “The battle of the attack detection algorithms: Disclosing cyber attacks on water distribution networks.” J. Water Resour. Plann. Manage. 144 (8): 04018048. https://doi.org/10.1061/(ASCE)WR.1943-5452.0000969.
Taormina, R., S. Galelli, N. O. Tippenhauer, E. Salomons, and A. Ostfeld. 2017. “Characterizing cyber-physical attacks on water distribution systems.” J. Water Resour. Plann. Manage. 143 (5): 04017009. https://doi.org/10.1061/(ASCE)WR.1943-5452.0000749.
Thomson, L. L. 2016. “Insecurity of the internet of things.” Scitech Lawyer 12 (3): 32.
Verizon Communication. 2016. Data breach digest: Scenarios from the field. New York: Verizon Communication.
Water Sector Coordinating Council. 2008. Roadmap to secure control systems in the water sector. Washington, DC: National Association of Water Companies.
White House. 2013. Presidential policy directive—Critical infrastructure security and resilience. PPD-21. Washington, DC: White House.
White House. 2017. Presidential executive order on strengthening the cybersecurity of federal networks and critical infrastructure. Washington, DC: White House.
Information & Authors
Information
Published In
Copyright
©2018 American Society of Civil Engineers.
History
Received: Jul 10, 2017
Accepted: Jun 1, 2018
Published online: Nov 26, 2018
Published in print: Feb 1, 2019
Discussion open until: Apr 26, 2019
Authors
Metrics & Citations
Metrics
Citations
Download citation
If you have the appropriate software installed, you can download article citation data to the citation manager of your choice. Simply select your manager software from the list below and click Download.