Real-Time Identification of Cyber-Physical Attacks on Water Distribution Systems via Machine Learning–Based Anomaly Detection Techniques
Publication: Journal of Water Resources Planning and Management
Volume 145, Issue 1
Abstract
Smart water infrastructures are prone to cyber-physical attacks that can disrupt their operations or damage their assets. An algorithm was developed to identify suspicious behaviors in the different cyber-physical components of a smart water distribution system. The algorithm incorporated multiple modules of anomaly-detection techniques to recognize different types of anomalies in the real-time monitoring and control data. Trained artificial neural networks were used to detect unusual patterns that do not conform to normal operational behavior. Principal component analysis was conducted to decompose the high-dimensional space occupied by the sensory data to uncover global anomalies. The algorithm was trained using a historical data set of trusted observations and tested against a validation and a test data set, both featuring a group of simulated attack scenarios. The proposed approach successfully identified all the attacks featured in the Battle of the Attack Detection Algorithms (BATADAL) data sets with high sensitivity and specificity. Nevertheless, the performance was sensitive to high background noise in the sensory data.
Get full access to this article
View all available purchase options and get full access to this article.
Acknowledgments
Partial support from the Lucy and Stanley Lopata Endowment at Washington University in St. Louis is gratefully acknowledged.
References
Abokifa, A. A., K. Haddad, C. S. Lo, and P. Biswas. 2017. “Detection of cyber physical attacks on water distribution systems via principal component analysis and artificial neural networks.” In Proc., World Environmental and Water Resources Congress 2017, 676–691. Reston, VA: ASCE.
Abokifa, A. A., Y. J. Yang, C. S. Lo, and P. Biswas. 2016. “Water quality modeling in the dead end sections of drinking water distribution networks.” Water Res. 89: 107–117. https://doi.org/10.1016/j.watres.2015.11.025.
Almalawi, A., A. Fahad, Z. Tari, A. Alamri, R. Alghamdi, and A. Y. Zomaya. 2016. “An efficient data-driven clustering technique to detect attacks in SCADA systems.” IEEE Trans. Inf. Forensics Secur. 11 (5): 893–906. https://doi.org/10.1109/TIFS.2015.2512522.
Amin, S., X. Litrico, S. Sastry, and A. M. Bayen. 2013a. “Cyber security of water SCADA systems—Part I: Analysis and experimentation of stealthy deception attacks.” IEEE Trans. Control Syst. Technol. 21 (5): 1963–1970. https://doi.org/10.1109/TCST.2012.2211873.
Amin, S., X. Litrico, S. S. Sastry, and A. M. Bayen. 2013b. “Cyber security of water SCADA systems—Part II: Attack detection using enhanced hydrodynamic models.” IEEE Trans. Control Syst. Technol. 21 (5): 1679–1693. https://doi.org/10.1109/TCST.2012.2211874.
Arad, J., M. Housh, L. Perelman, and A. Ostfeld. 2013. “A dynamic thresholds scheme for contaminant event detection in water distribution systems.” Water Res. 47 (5): 1899–1908. https://doi.org/10.1016/j.watres.2013.01.017.
Broad, D. R., G. C. Dandy, and H. R. Maier. 2015. “A systematic approach to determining metamodel scope for risk-based optimization and its application to water distribution system design.” Environ. Modell. Software 69: 382–395. https://doi.org/10.1016/j.envsoft.2014.11.015.
Broad, D. R., H. R. Maier, and G. C. Dandy. 2010. “Optimal operation of complex water distribution systems using metamodels.” J. Water Resour. Plann. Manage. 136 (4): 433–443. https://doi.org/10.1061/(ASCE)WR.1943-5452.0000052.
Chandola, V., A. Banerjee, and V. Kumar. 2009. “Anomaly detection: A survey.” ACM Comput. Surv. (CSUR) 41 (3): 1–58. https://doi.org/10.1145/1541880.
Cunningham, J. P., and Z. Ghahramani. 2014. “Linear dimensionality reduction: Survey, insights, and generalizations.” J. Mach. Learn. Res. 16: 2859–2900.
DHS ICS-CERT (Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team). 2015. “Year in review.” Accessed October 1, 2017. https://ics-cert.us-cert.gov/.
Eliades, D. G., and M. M. Polycarpou. 2012. “Leakage fault detection in district metered areas of water distribution systems.” J. Hydroinf. 14 (4): 992–1005. https://doi.org/10.2166/hydro.2012.109.
Gao, W., T. Morris, B. Reaves, and D. Richey. 2010. “On SCADA control system command and response injection and intrusion detection.” In Proc., eCrime Researchers Summit. Piscataway, NJ: IEEE.
Hawkins, D. M. 1980. Identification of outliers. London: Chapman & Hall.
Horta, R. 2007. “The city of Boca Raton: A case study in water utility cybersecurity.” J. Am. Water Works Assoc. 99 (3): 48–50. https://doi.org/10.1002/j.1551-8833.2007.tb07881.x.
Housh, M., and Z. Ohar. 2017a. “Integrating physically based simulators with event detection systems: Multi-site detection approach.” Water Res. 110: 180–191. https://doi.org/10.1016/j.watres.2016.12.003.
Housh, M., and Z. Ohar. 2017b. “Multiobjective calibration of event-detection systems.” J. Water Resour. Plann. Manage. 143 (8): 06017004. https://doi.org/10.1061/(ASCE)WR.1943-5452.0000808.
Housh, M., and Z. Ohar. 2018. “Model-based approach for cyber-physical attack detection in water distribution systems.” Water Res. 139: 132–143. https://doi.org/10.1016/j.watres.2018.03.039.
Huang, L., X. Nguyen, M. Garofalakis, M. I. Jordan, A. Joseph, and N. Taft. 2007. “In-network PCA and anomaly detection.” In Advances in neural information processing systems 19, 617–624. Cambridge, MA: MIT Press.
Izquierdo, J., P. A. López, F. J. Martínez, and R. Pérez. 2007. “Fault detection in water supply systems using hybrid (theory and data-driven) modelling.” Math. Comput. Modell. 46 (3–4): 341–350. https://doi.org/10.1016/j.mcm.2006.11.013.
Jolliffe, I. T., and J. Cadima. 2016. “Principal component analysis: A review and recent developments.” Philos. Trans. R. Soc. A. 374 (2065): 20150202. https://doi.org/10.1098/rsta.2015.0202.
Kosut, O., L. J. L. Jia, R. J. Thomas, and L. T. L. Tong. 2010. “Malicious data attacks on smart grid state estimation: Attack strategies and countermeasures.”In Proc., Smart Grid Communications, 220–225. Piscataway, NJ: IEEE.
Lakhina, A., M. Crovella, and C. Diot. 2004. “Diagnosing network-wide traffic anomalies.” ACM SIGCOMM Comput. Commun. Rev. 34 (4): 219–230. https://doi.org/10.1145/1030194.1015492.
Laszka, A., W. Abbas, Y. Vorobeychik, and X. Koutsoukos. 2017. “Synergic security for smart water networks: Redundancy, diversity, and hardening.” In Proc., 3rd Int. Workshop on Cyber-Physical Systems for Smart Water Networks, 21–24. New York: Association of Computing Machinery.
Lee, E. A. 2008. “Cyber physical systems: Design challenges.” In Proc., 11th IEEE Int. Symp. on Object Oriented Real-Time Distributed Computing, 363–369. Piscataway, NJ: IEEE.
Lee, Y. J., Y. R. Yeh, and Y. C. F. Wang. 2013. “Anomaly detection via online oversampling principal component analysis.” IEEE Trans. Knowl. Data Eng. 25 (7): 1460–1470. https://doi.org/10.1109/TKDE.2012.99.
Maglaras, L. A., and J. Jiang. 2014. “Intrusion detection in SCADA systems using machine learning techniques.”In Proc., Science and Information Conf., 626–631. Piscataway, NJ: IEEE.
Maier, H. R., and G. C. Dandy. 2000. “Neural networks for the prediction and forecasting of water resources variables: A review of modelling issues and applications.” Environ. Modell. Software 15 (1): 101–124. https://doi.org/10.1016/S1364-8152(99)00007-9.
Mathur, A. 2017. “SecWater: A multi-layer security framework for water treatment plants.” In Proc., 3rd Int. Workshop on Cyber-Physical Systems for Smart Water Networks, 29–32. New York: Association for Computing Machinery.
May, R. J., G. C. Dandy, H. R. Maier, and J. B. Nixon. 2008. “Application of partial mutual information variable selection to ANN forecasting of water quality in water distribution systems.” Environ. Modell. Software 23 (10–11): 1289–1299. https://doi.org/10.1016/j.envsoft.2008.03.008.
Ohar, Z., O. Lahav, and A. Ostfeld. 2015. “Optimal sensor placement for detecting organophosphate intrusions into water distribution systems.” Water Res. 73: 193–203. https://doi.org/10.1016/j.watres.2015.01.024.
Panguluri, S., T. D. Nelson, and R. P. Wyman. 2017. “Creating a cyber security culture for your water/waste water utility.” In Cyber-Physical Security Protecting Critical Infrastructure at the State and Local Level, 133–159. Cham, Switzerland: Springer.
Pasqualetti, F., F. Dorfler, and F. Bullo. 2013. “Attack detection and identification in cyber-physical systems.” IEEE Trans. Autom. Control 58 (11): 2715–2729. https://doi.org/10.1109/TAC.2013.2266831.
Perelman, L., J. Arad, M. Housh, and A. Ostfeld. 2012. “Event detection in water distribution systems from multivariate water quality time series.” Environ. Sci. Technol. 46 (15): 8212–8219. https://doi.org/10.1021/es3014024.
Powers, D. 2011. “Evaluation: From precision, recall and F-measure to ROC, informedness, markedness and correlation.” J. Mach. Learn. Technol. 2 (1): 37–63.
Rasekh, A., A. Hassanzadeh, S. Mulchandani, S. Modi, and M. K. Banks. 2016. “Smart water networks and cyber security.” J. Water Resour. Plann. Manage. 142 (7): 01816004. https://doi.org/10.1061/(ASCE)WR.1943-5452.0000646.
Razavi, S., B. A. Tolson, and D. H. Burn. 2012. “Numerical assessment of metamodelling strategies in computationally intensive optimization.” Environ. Modell. Software 34: 67–86. https://doi.org/10.1016/j.envsoft.2011.09.010.
Ringberg, H., A. Soule, J. Rexford, and C. Diot. 2007. “Sensitivity of PCA for traffic anomaly detection.” ACM SIGMETRICS Perform. Eval. Rev. 35 (1): 109–120. https://doi.org/10.1145/1269899.1254895.
Romano, M., and Z. Kapelan. 2014. “Adaptive water demand forecasting for near real-time management of smart water distribution systems.” Environ. Modell. Software 60: 265–276. https://doi.org/10.1016/j.envsoft.2014.06.016.
Shamir, U., and E. Salomons. 2008. “Optimal real-time operation of urban water distribution systems using reduced models.” J. Water Resour. Plann. Manage. 134 (2): 181–185. https://doi.org/10.1061/(ASCE)0733-9496(2008)134:2(181).
Slay, J., and M. Miller. 2008. “Lessons learned from the Maroochy water breach.” In Critical infrastructure protection, 73–82. Boston: Springer.
Sridhar, S., and M. Govindarasu. 2014. “Model-based attack detection and mitigation for automatic generation control.” IEEE Trans. Smart Grid. 5 (2): 580–591. https://doi.org/10.1109/TSG.2014.2298195.
Srirangarajan, S., M. Allen, A. Preis, M. Iqbal, H. B. Lim, and A. J. Whittle. 2013. “Wavelet-based burst event detection and localization in water distribution systems.” J. Signal Process. Syst. 72 (1): 1–16. https://doi.org/10.1007/s11265-012-0690-6.
Taormina, R., et al. 2018. “The battle of the attack detection algorithms: Disclosing cyber attacks on water distribution networks.” J. Water Resour. Plann. Manage. 144 (8): 04018048. https://doi.org/10.1061/(ASCE)WR.1943-5452.0000969.
Taormina, R., S. Galelli, N. O. Tippenhauer, E. Salomons, and A. Ostfeld. 2016. “Simulation of cyber-physical attacks on water distribution systems with EPANET.” In Vol. 14 of Proc., Singapore Cyber-Security Conf. (SG-CRC) 2016, 123–130. Amsterdam, Netherlands: IOS Press.
Taormina, R., S. Galelli, N. O. Tippenhauer, E. Salomons, and A. Ostfeld. 2017. “Characterizing cyber-physical attacks on water distribution systems.” J. Water Resour. Plann. Manage. 143 (5): 04017009. https://doi.org/10.1061/(ASCE)WR.1943-5452.0000749.
Information & Authors
Information
Published In
Journal of Water Resources Planning and Management
Volume 145 • Issue 1 • January 2019
Copyright
©2018 American Society of Civil Engineers.
History
Received: Jan 10, 2018
Accepted: Jul 16, 2018
Published online: Nov 14, 2018
Published in print: Jan 1, 2019
Discussion open until: Apr 14, 2019
Authors
Metrics & Citations
Metrics
Citations
Download citation
If you have the appropriate software installed, you can download article citation data to the citation manager of your choice. Simply select your manager software from the list below and click Download.