Battle of the Attack Detection Algorithms: Disclosing Cyber Attacks on Water Distribution Networks

Taormina, Riccardo; Galelli, Stefano; Tippenhauer, Nils Ole; Salomons, Elad; Ostfeld, Avi; Ηλιάδης, Δημήτριος Γ.; Aghashahi, Mohsen; Sundararajan, Raanju R.; Pourahmadi, Mohsen; Banks, M. Katherine; Brentan, Bruno Melo; Campbell, Enrique; Lima, Gustavo Meirelles; Manzi, Daniel; Ayala-Cabrera, David; Herrera, Manuel; Montalvo, Idel; Izquierdo, Joaquín; Luvizotto, Edevar; Chandy, Sarin E.; Rasekh, Amin; Barker, Zachary A.; Campbell, Berry; Shafiee, M. Ehsan; Giacomoni, Marcio; Gatsis, Nikolaos; Taha, Ahmad F.; Abokifa, Ahmed A.; Haddad, Kelsey; Lo, Cynthia S.; Biswas, Pratim; Pasha, M. Fayzul K.; Kc, Bijay; Somasundaram, Saravanakumar Lakshmanan; Housh, Mashor; Ohar, Ziv

doi:10.1061/(asce)wr.1943-5452.0000969

Cited by 163 publications

(133 citation statements)

References 31 publications

Supporting

Mentioning

114

Contrasting

Order By: Relevance

“…where S T DD is the time-to-detection score, S CLF is the classification score, and γ determines the relative importance of the two scores and is set to 0.5. The details of the calculation of both scores are based on the log record labels and are described in [37]. To summarize, our extensions to the anomaly detection method used in [13] are: • generalization of the prediction, allowing arbitrary length sequence prediction and arbitrary prediction horizon,…”

Section: F Anomaly Detection and Scoring Methodsmentioning

confidence: 99%

“…At the same time, the traffic from PLC3 to SCADA is modified to replay previously recorded values of L T2, as well as V2 flow and pressures. Figure 7 shows that the status of the valve was not replayed, although the authors of [37] reported that it was. Also, one can see that immediately after the attack the system returns to its regular cycle.…”

Section: B Batadalmentioning

confidence: 99%

See 1 more Smart Citation

Detecting Cyber Attacks in Industrial Control Systems Using Convolutional Neural Networks

Kravchik

Shabtai

2018

Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy

238

167

View full text Add to dashboard Cite

Industrial control systems (ICSs) are widely used and vital to industry and society. Their failure can have severe impact on both economics and human life. Hence, these systems have become an attractive target for attacks, both physical and cyber. A number of attack detection methods have been proposed, however they are characterized by a low detection rate, a substantial false positive rate, or are system specific. In this paper, we study an attack detection method based on simple and lightweight neural networks, namely, 1D convolutions and autoencoders. We apply these networks to both the time and frequency domains of the collected data and discuss pros and cons of each approach. We evaluate the suggested method on three popular public datasets and achieve detection rates matching or exceeding previously published detection results, while featuring small footprint, short training and detection times, and generality. We also demonstrate the effectiveness of PCA, which, given proper data preprocessing and feature selection, can provide high attack detection scores in many settings. Finally, we study the proposed method's robustness against adversarial attacks, that exploit inherent blind spots of neural networks to evade detection while achieving their intended physical effect. Our results show that the proposed method is robust to such evasion attacks: in order to evade detection, the attacker is forced to sacrifice the desired physical impact on the system. This finding suggests that neural networks trained under the constraints of the laws of physics can be trusted more than networks trained under more flexible conditions.

show abstract

Section: F Anomaly Detection and Scoring Methodsmentioning

confidence: 99%

Section: B Batadalmentioning

confidence: 99%

Detecting Cyber Attacks in Industrial Control Systems Using Convolutional Neural Networks

Kravchik

Shabtai

2018

Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy

238

167

View full text Add to dashboard Cite

show abstract

“…Second case is taken from the literature and contains a more diverse set of attacks. This dataset used for evaluating the algorithm is from BATADAL (Taormina et al 2018). Training dataset 1 (Taormina et al 2018), which contains no attacks and represents normal operating conditions, is used for training the model.…”

Section: Casementioning

confidence: 99%

“…This dataset used for evaluating the algorithm is from BATADAL (Taormina et al 2018). Training dataset 1 (Taormina et al 2018), which contains no attacks and represents normal operating conditions, is used for training the model. Test dataset (Taormina et al 2018), which contains seven attacks, is used to test and evaluate the trained model.…”

Section: Casementioning

confidence: 99%

Cyberattack Detection Using Deep Generative Models with Variational Inference

Chandy

Rasekh

Barker

et al. 2019

J. Water Resour. Plann. Manage.

Self Cite

View full text Add to dashboard Cite

Recent years have witnessed a rise in the frequency and intensity of cyberattacks targeted at critical infrastructure systems. This study designs a versatile, data-driven cyberattack detection platform for infrastructure systems cybersecurity, with a special demonstration in water sector. A deep generative model with variational inference autonomously learns normal system behavior and detects attacks as they occur. The model can process the natural data in its raw form and automatically discover and learn its representations, hence augmenting system knowledge discovery and reducing the need for laborious human engineering and domain expertise. The proposed model is applied to a simulated cyberattack detection problem involving a drinking water distribution system subject to programmable logic controller hacks, malicious actuator activation, and deception attacks. The model is only provided with observations of the system, such as pump pressure and tank water level reads, and is blind to the internal structures and workings of the water distribution system. The simulated attacks are manifested in the model's generated reproduction probability plot, indicating its ability to discern the attacks. There is, however, need for improvements in reducing false alarms, especially by optimizing detection thresholds. Altogether, the results indicate ability of the model in distinguishing attacks and their repercussions from normal system operation in water distribution systems, and the promise it holds for cyberattack detection in other domains.

show abstract

“…Beyond keeping software updated, this also means making use of state-of-the-art quality assurance methods for penetration testing and fault detection algorithms. As illustrated by Taormina et al [17] for water distribution networks, the analysis of network monitoring data alone could allow cyberattacks to be detected. Since cyberattacks could then be concealed or simulated simply by compromising the monitoring data, technology such as blockchain might be a solution to secure such data.…”

Section: Responding To Smart Water Challengesmentioning

confidence: 99%

Smart urban water systems: what could possibly go wrong?

Vitry

Schneider

Wani

et al. 2019

Environ. Res. Lett.

View full text Add to dashboard Cite

Urban water systems are being redefined for a digital age, promising substantial advantages for service users and providers, and for society as a whole. However, beside the much-discussed benefits of smart urban water systems in future smart cities, the transition will also bring unique challenges, particularly with respect to privacy and cybersecurity. A preemptive delineation of these risks and providing appropriate recommendations will help to guide digital transformations of urban water towards sustainable solutions. Faced with emerging risks of digitalization, urban water management needs to look beyond technology while recognizing the central and multifaceted role of research.In smart city initiatives, urban water systems remain largely out of the digitalization spotlight compared to other types of infrastructure. Oftentimes, the management and planning of urban water systems still follow traditional, steel and concrete-based approaches that treat used water as waste and not as a resource [1]. The need for innovation, however, is significant: the infrastructure, operation, and maintenance cost of urban water systems around the world already ranges in the hundred billion dollars annually and water-related stresses are expected to continue rising. Digitalization could not only increase the flexibility and effectiveness of existing urban water systems, but could also allow for the provisions of new services to society. The envisioned transformation, as outlined for example in the literature [2][3][4], entails novel data collection and transmission techniques, analytical methods, models, and automation. For example, smart water meter data can be combined with noise loggers to detect and roughly locate leaks in water mains. Together with automated control infrastructure, pressure can be regulated to reduce water losses [4]. By this and numerous other smart solutions, not only water distribution but also sewers and wastewater treatment will be transformed. In particular, digitalization facilitates large-scale implementation of disruptive technologies like decentralized wastewater treatment [5] and direct potable reuse, which will help cities to cope with climate change and urbanization.However, we argue that as the benefits of smart urban water systems are increasingly explored and showcased in literature, it is time to also give attention to potential risks that might emerge. Recurring data breaches and the growing use of cyber-attacks for geopolitical ends are a reminder that the digitalization of society indeed carries risks. Given the critical role of water services in society and within the water-energyfood nexus, these risks must be identified and managed pro-actively. In the following, we raise awareness and suggest ways forward in approaching the unique privacy and security issues that accompany the digitalization of urban water systems. Finally, we highlight the central role of researchers in assessing and mitigating the potential risks of the smart urban water solutions they propose. Water tells more th...

show abstract

Battle of the Attack Detection Algorithms: Disclosing Cyber Attacks on Water Distribution Networks

Cited by 163 publications

References 31 publications

Detecting Cyber Attacks in Industrial Control Systems Using Convolutional Neural Networks

Detecting Cyber Attacks in Industrial Control Systems Using Convolutional Neural Networks

Cyberattack Detection Using Deep Generative Models with Variational Inference

Smart urban water systems: what could possibly go wrong?

Contact Info

Product

Resources

About