Detection of Cyber Physical Attacks on Water Distribution Systems via Principal Component Analysis and Artificial Neural Networks
Publication: World Environmental and Water Resources Congress 2017
Abstract
Automated monitoring and operation of modern water distribution systems (WDSs) are largely dependent on an interconnected network of computers, sensors, and actuators that are jointly coordinated by a supervisory control and data acquisition (SCADA) system. Although the implementation of such embedded systems enhances the reliability of the WDS, it also exposes it to cyber-physical attacks that can disrupt the system’s operation or compromise critical information. Hence, the development of attack detection algorithms that can efficiently diagnose and identify such assaults is crucial for the successful application of these automated systems. In this study, we developed an algorithm to identify anomalous behaviors of the different components of a WDS in the context of the Battle of the Attack Detection Algorithms (BATADAL). The algorithm relies on using multiple layers of anomaly detection techniques to identify both local anomalies that affect each sensor individually, as well as global anomalies that simultaneously affect more than one sensor at the same time. The first layer targets finding statistical outliers in the data using simple outlier detection techniques. The second layer employs a trained artificial neural networks (ANNs) model to detect contextual anomalies that does not conform to the normal operational behavior of the system. The third layer uses principal component analysis (PCA) to decompose the high-dimensional space occupied by the given set of sensor measurements into two sub-spaces representing normal and anomalous network operating conditions. By continuously tracking the projections of the data instances on the anomalous conditions subspace, the algorithm identifies the outliers based on their influence on the directions of the principal components. The proposed approach successfully predicted all of the pre-labeled attacks in the validation data set with high sensitivity and specificity. However, for all the detected attacks, the algorithm maintained a false “under attack” status for a few hours after the threat no longer existed.
Get full access to this article
View all available purchase options and get full access to this chapter.
Information & Authors
Information
Published In
Copyright
© 2017 American Society of Civil Engineers.
History
Published online: May 18, 2017
Authors
Metrics & Citations
Metrics
Citations
Download citation
If you have the appropriate software installed, you can download article citation data to the citation manager of your choice. Simply select your manager software from the list below and click Download.