Detecting Cyber-Physical Attacks in Water Distribution Systems: One-Class Classifier Approach
Publication: Journal of Water Resources Planning and Management
Volume 146, Issue 8
Abstract
Water distribution systems (WDSs) are critical infrastructures that supply drinking water from water sources to end-users. Smart WDSs could be designed by integrating physical components (e.g., valve and pumps) with computation and networking devices. As such, in smart WDSs, pumps and valves are automatically controlled together with continuous monitoring of important systems’ parameters. However, despite its advantage of improved efficacy, automated control and operation through a cyber-layer can expose the system to cyber-physical attacks. The one-class classification technique is proposed to detect such attacks by analyzing collected sensors’ readings from the system components. One-class classifiers have been found suitable for classifying normal and abnormal conditions with unbalanced datasets, which are expected in the cyber-attack detection problem. In the cyber-attack detection problem, typically, most of the data samples are under the normal state, while only a small fraction of the samples can be suspected as under attack (i.e., abnormal state). The results of this study demonstrate that one-class classification algorithms can be suitable for the cyber-attack detection problem and can compete with existing approaches. More specifically, this study examines the support vector data description (SVDD) method together with a tailored features selection methodology, which is based on the physical understanding of the WDS topology. The developed algorithm is examined on the Battle of the Attack Detection Algorithms (BATADAL) datasets that demonstrate a quasi-realistic case study and on a new case study of a large-scale WDS.
Get full access to this article
View all available purchase options and get full access to this article.
Data Availability Statement
All data, models, and code generated or used during the study appear in the published article.
Acknowledgments
This research was made possible by the financial support of the Israeli Water Authority and the Center for Cyber Law & Policy at the University of Haifa in conjunction with the Israel National Cyber Directorate in the Prime Minister’s Office. We would like also to thank Mr. Elad Salomons and the anonymous reviewers for their helpful comments and suggestions.
References
Abokifa, A. A., K. Haddad, C. Lo, and P. Biswas. 2018. “Real-time identification of cyber-physical attacks on water distribution systems via machine learning–based anomaly detection techniques.” J. Water Resour. Plann. Manage. 145 (1): 04018089. https://doi.org/10.1061/(ASCE)WR.1943-5452.0001023.
Abokifa, A. A., K. Haddad, C. S. Lo, and P. Biswas. 2017. “Detection of cyber physical attacks on water distribution systems via principal component analysis and artificial neural networks.” In Proc., World Environmental and Water Resources Congress, 676–691. Reston, VA: ASCE. https://doi.org/10.1061/9780784480625.063.
Aghashahi, M., R. Sundararajan, M. Pourahmadi, and M. K. Banks. 2017. “Water distribution systems analysis symposium—Battle of the attack detection algorithms (BATADAL).” In Proc., World Environmental and Water Resources Congress 2017, 101–108. Reston, VA: ASCE. https://doi.org/10.1061/9780784480595.010.
Alvisi, S. 2015. “A new procedure for optimal design of district metered areas based on the multilevel balancing and refinement algorithm.” Water Resour. Manage. 29 (12): 4397–4409. https://doi.org/10.1007/s11269-015-1066-z.
Amin, S., X. Litrico, S. Sastry, and A. M. Bayen. 2013a. “Cyber security of water SCADA systems. Part I: Analysis and experimentation of stealthy deception attacks.” IEEE Trans. Control Syst. Technol. 21 (5): 1963–1970. https://doi.org/10.1109/TCST.2012.2211873.
Amin, S., X. Litrico, S. S. Sastry, and A. M. Bayen. 2013b. “Cyber security of water SCADA systems. Part II: Attack detection using enhanced hydrodynamic models.” IEEE Trans. Control Syst. Technol. 21 (5): 1679–1693. https://doi.org/10.1109/TCST.2012.2211874.
Breiman, L. 2001. “Random forests.” Mach. Learn. 45 (1): 5–32. https://doi.org/10.1023/A:1010933404324.
Brentan, B. M., E. Campbell-Gonzalez, T. Goulart, D. Manzi, G. Meirelles, A. M. Herrera Fernández, J. Izquierdo Sebastián, and E. Luvizotto. 2018. “Social network community detection and hybrid optimization for dividing water supply into district metered areas.” J. Water Resour. Plann. Manage. 144 (5): 04018020. https://doi.org/10.1061/(ASCE)WR.1943-5452.0000924.
Brentan, B. M., E. Campbell, G. Lima, D. Manzi, D. Ayala-Cabrera, M. Herrera, I. Montalvo, J. Izquierdo, and E. Luvizotto. 2017. “On-line cyber attack detection in water networks through state forecasting and control by pattern recognition.” In Proc., World Environmental and Water Resources Congress, 583–592. Reston, VA: ASCE. https://doi.org/10.1061/9780784480625.054.
Chandy, S. E., A. Rasekh, Z. A. Barker, and M. E. Shafiee. 2018. “Cyberattack detection using deep generative models with variational inference.” J. Water Resour. Plann. Manage. 145 (2): 04018093. https://doi.org/10.1061/(ASCE)WR.1943-5452.0001007.
Chang, C. C., and C. J. Lin. 2011. “LIBSVM: A library for support vector machines.” ACM Trans. Intell. Syst. Technol. (TIST) 2 (3): 1–27. https://doi.org/10.1145/1961189.1961199.
Chang, W. C., C. P. Lee, and C. J. Lin. 2013. A revisit to support vector data description. Taipei, Taiwan: Dept. of Computer Science, National Taiwan Univ.
Chaudhuri, A., D. Kakde, C. Sadek, L. Gonzalez, and S. Kong. 2017. “The mean and median criteria for kernel bandwidth selection for support vector data description.” In Proc., 2017 IEEE Int. Conf. on Data Mining Workshops (ICDMW), 842–849. New York: IEEE.
Clark, R. M., and R. A. Deininger. 2000. “Protecting the nation’s critical infrastructure: The vulnerability of US water supply systems.” J. Contingencies Crisis Manage. 8 (2): 73–80. https://doi.org/10.1111/1468-5973.00126.
Ferrari, G., D. Savic, and G. Becciu. 2014. “Graph-theoretic approach and sound engineering principles for design of district metered areas.” J. Water Resour. Plann. Manage. 140 (12): 04014036. https://doi.org/10.1061/(ASCE)WR.1943-5452.0000424.
Finkle, J. 2011. “US probes cyber attack on water system.” Accessed May 11, 2020. https://www.reuters.com/article/us-cybersecurity-attack/u-s-probes-cyber-attack-on-water-system-idUSTRE7AH2C320111121.
Friedman, J., T. Hastie, and R. Tibshirani. 2001. “Unsupervised learning.” Chap. 14 in Vol. 1 of The elements of statistical learning, 337–387. New York: Springer.
Galdiero, E., F. De Paola, N. Fontana, M. Giugni, and D. Savic. 2016. “Decision support system for the optimal design of district metered areas.” J. Hydroinf. 18 (1): 49–61. https://doi.org/10.2166/hydro.2015.023.
Gao, W., T. Morris, B. Reaves, and D. Richey. 2010. “On SCADA control system command and response injection and intrusion detection.” In Proc., eCrime Researchers Summit (eCrime), 1–9. New York: IEEE.
Giacomoni, M., N. Gatsis, and A. Taha. 2017. “Identification of cyber attacks on water distribution systems by unveiling low-dimensionality in the sensory data.” In Proc., World Environmental and Water Resources Congress 2017, 660–675. Reston, VA: ASCE. https://doi.org/10.1061/9780784480625.062.
Gilbert, D., E. Abraham, I. Montalvo, and O. Piller. 2017. “Iterative multistage method for a large water network sectorization into DMAs under multiple design objectives.” J. Water Resour. Plann. Manage. 143 (11): 04017067. https://doi.org/10.1061/(ASCE)WR.1943-5452.0000835.
Housh, M., and Z. Ohar. 2017a. “Integrating physically based simulators with event detection systems: Multi-site detection approach.” Water Res. 110 (Mar): 180–191. https://doi.org/10.1016/j.watres.2016.12.003.
Housh, M., and Z. Ohar. 2017b. “Model based approach for cyber-physical attacks detection in water distribution systems.” In Proc., World Environmental and Water Resources Congress, 727–736. Reston, VA: ASCE.
Housh, M., and Z. Ohar. 2018. “Model-based approach for cyber-physical attack detection in water distribution systems.” Water Res. 139 (Aug): 132–143. https://doi.org/10.1016/j.watres.2018.03.039.
Housh, M., and A. Ostfeld. 2015. “An integrated logit model for contamination event detection in water distribution systems.” Water Res. 75 (May): 210–223. https://doi.org/10.1016/j.watres.2015.02.016.
Hsu, C. W., C. C. Chang, and C. J. Lin. 2003. “A practical guide to support vector classification.” Accessed May 11, 2020. https://www.cs.sfu.ca/people/Faculty/teaching/726/spring11/ svmguide.pdf.
ICS-CERT (Industrial Control Systems-Cyber Emergency Response Team). 2014. NCCIC/ICS-CERT year in review: FY 2013. Washington, DC: US Dept. of Homeland Security, ICS-CERT.
ICS-CERT (Industrial Control Systems-Cyber Emergency Response Team). 2015. NCCIC/ICS-CERT year in review: FY 2014.. Washington, DC: US Dept. of Homeland Security, ICS-CERT.
ICS-CERT (Industrial Control Systems-Cyber Emergency Response Team). 2016. NCCIC/ICS-CERT year in review: FY 2015. Washington, DC: US Dept. of Homeland Security, ICS-CERT.
Kosut, O., L. Jia, R. J. Thomas, and L. Tong. 2010. “Malicious data attacks on smart grid state estimation: Attack strategies and countermeasures.” In Proc., 2010 First IEEE Int. Conf. on Smart Grid Communications (SmartGridComm). New York: IEEE.
Kotsiantis, S. B., I. Zaharakis, and P. Pintelas. 2007. “Supervised machine learning: A review of classification techniques.” Emerging Artif. Intell. Appl. Comput. Eng. 160: 3–24.
Lee, E. A. 2008. “Cyber physical systems: Design challenges.” In Proc., 11th IEEE Int. Symp. on Object/Component/Service-Oriented Real-Time Distributed Computing, 363–369. Piscataway, NJ: IEEE.
Liao, Y., D. Kakde, A. Chaudhuri, H. Jiang, C. Sadek, and S. Kong. 2018. “A new bandwidth selection criterion for using SVDD to analyze hyperspectral data.” In Vol. 10644 of Proc. SPIE Algorithms and Technologies for Multispectral, Hyperspectral, and Ultraspectral Imagery XXIV, 106441M. Bellingham, WA: International Society for Optics and Photonics. https://doi.org/10.1117/12.2314964.
Liu, Y., P. Ning, and M. K. Reiter. 2011. “False data injection attacks against state estimation in electric power grids.” ACM Trans. Inf. Syst. Secur. (TISSEC) 14 (1): 1. https://doi.org/10.1145/1952982.1952995.
Matherly, J. 2009. “Shodan search engine.” Accessed December 3, 2017. https://www.shodan.io.
Meseguer, J., J. M. Mirats-Tur, G. Cembrano, V. Puig, J. Quevedo, R. Pérez, and D. Ibarra. 2014. “A decision support system for on-line leakage localization.” Environ. Modell. Software 60 (Oct): 331–345. https://doi.org/10.1016/j.envsoft.2014.06.025.
Pasha, M. F. K., B. Kc, and S. L. Somasundaram. 2017. “An approach to detect the cyber-physical attack on water distribution system.” In Proc., World Environmental and Water Resources Congress 2017, 703–711. Reston, VA: ASCE. https://doi.org/10.1061/9780784480625.065.
Perelman, L., and S. Amin. 2014. “A network interdiction model for analyzing the vulnerability of water distribution systems.” In Proc., 3rd Int. Conf. on High Confidence Networked Systems, HiCoNS’14, 135–144. New York: Association for Computing Machinery.
Perelman, L., and A. Ostfeld. 2011. “Topological clustering for water distribution systems analysis.” Environ. Modell. Software 26 (7): 969–972. https://doi.org/10.1016/j.envsoft.2011.01.006.
Perelman, L. S., M. Allen, A. Preis, M. Iqbal, and A. J. Whittle. 2015. “Automated sub-zoning of water distribution systems.” Environ. Modell. Software 65 (Mar): 1–14. https://doi.org/10.1016/j.envsoft.2014.11.025.
Perez, R., G. Sanz, V. Puig, J. Quevedo, M. A. C. Escofet, F. Nejjari, and R. Sarrate. 2014. “Leak localization in water networks: A model-based methodology using pressure sensors applied to a real network in Barcelona [applications of control].” IEEE Control Syst. 34 (4): 24–36. https://doi.org/10.1109/MCS.2014.2320336.
Rahman, A., and Z. Y. Wu. 2018. “Multistep simulation-optimization modeling approach for partitioning water distribution system into district meter areas.” J. Water Resour. Plann. Manage. 144 (5): 04018018. https://doi.org/10.1061/(ASCE)WR.1943-5452.0000927.
Rahmani, F., K. Muhammed, K. Behzadian, and R. Farmani. 2018. “Optimal operation of water distribution systems using a graph theory–based configuration of district metered areas.” J. Water Resour. Plann. Manage. 144 (8): 04018042. https://doi.org/10.1061/(ASCE)WR.1943-5452.0000941.
Rasekh, A., A. Hassanzadeh, S. Mulchandani, S. Modi, and M. K. Banks. 2016. “Smart water networks and cyber security.” J. Water Resour. Plann. Manage. 142 (7): 01816004. https://doi.org/10.1061/(ASCE)WR.1943-5452.0000646.
Saldarriaga, J., J. Bohorquez, D. Celeita, L. Vega, D. Paez, D. Savic, G. Dandy, Y. Filion, W. Grayman, and Z. Kapelan. 2019. “Battle of the water networks district metered areas.” J. Water Resour. Plann. Manage. 145 (4): 04019002. https://doi.org/10.1061/(ASCE)WR.1943-5452.0001035.
Salomons, E., O. Skulovich, and A. Ostfeld. 2017. “Battle of water networks DMAs: Multistage design approach.” J. Water Resour. Plann. Manage. 143 (10): 04017059. https://doi.org/10.1061/(ASCE)WR.1943-5452.0000830.
Slay, J., and M. Miller. 2008. “Lessons learned from the Maroochy Water breach.” In Critical infrastructure protection, edited by E. Goetz and S. Shenoi, 73–82. Boston: Springer.
Taormina, R., et al. 2018. “Battle of the attack detection algorithms: Disclosing cyber attacks on water distribution networks.” J. Water Resour. Plann. Manage. 144 (8): 04018048. https://doi.org/10.1061/(ASCE)WR.1943-5452.0000969.
Taormina, R., and S. Galelli. 2018. “Deep-learning approach to the detection and localization of cyber-physical attacks on water distribution systems.” J. Water Resour. Plann. Manage. 144 (10): 04018065. https://doi.org/10.1061/(ASCE)WR.1943-5452.0000983.
Taormina, R., S. Galelli, H. C. Douglas, N. O. Tippenhauer, E. Salomons, and A. Ostfeld. 2019. “A toolbox for assessing the impacts of cyber-physical attacks on water distribution systems.” Environ. Modell. Software 112 (Feb): 46–51. https://doi.org/10.1016/j.envsoft.2018.11.008.
Taormina, R., S. Galelli, N. O. Tippenhauer, E. Salomons, and A. Ostfeld. 2017. “Characterizing cyber-physical attacks on water distribution systems.” J. Water Resour. Plann. Manage. 143 (5): 04017009. https://doi.org/10.1061/(ASCE)WR.1943-5452.0000749.
Tax, D. M., and R. P. Duin. 2004. “Support vector data description.” Mach. Learn. 54 (1): 45–66. https://doi.org/10.1023/B:MACH.0000008084.60811.49.
Tomlinson, K. 2016. “How hackers changed chemical levels in people’s drinking water.” Accessed May 11, 2020. https://archerint.com/how-hackers-changed-chemical-levels-in-peoples-drinking-water/.
Xie, L., Y. Mo, and B. Sinopoli. 2010. “False data injection attacks in electricity markets: Smart grid communications (SmartGridComm).” In Proc., 2010 First IEEE Int. Conf. on Smart Grid Communications, 226–231. New York: IEEE.
Information & Authors
Information
Published In
Journal of Water Resources Planning and Management
Volume 146 • Issue 8 • August 2020
Copyright
©2020 American Society of Civil Engineers.
History
Received: Nov 2, 2019
Accepted: Feb 24, 2020
Published online: May 25, 2020
Published in print: Aug 1, 2020
Discussion open until: Oct 25, 2020
Authors
Metrics & Citations
Metrics
Citations
Download citation
If you have the appropriate software installed, you can download article citation data to the citation manager of your choice. Simply select your manager software from the list below and click Download.