research-article

Model-based Attack Detection Scheme for Smart Water Distribution Networks

Authors:

Chuadhry Mujeeb Ahmed,

Carlos Murguia,

Justin RuthsAuthors Info & Claims

ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security

Pages 101 - 113

https://doi.org/10.1145/3052973.3053011

Published: 02 April 2017 Publication History

Abstract

In this manuscript, we present a detailed case study about model-based attack detection procedures for Cyber-Physical Systems (CPSs). In particular, using EPANET (a simulation tool for water distribution systems), we simulate a Water Distribution Network (WDN). Using this data and sub-space identification techniques, an input-output Linear Time Invariant (LTI) model for the network is obtained. This model is used to derive a Kalman filter to estimate the evolution of the system dynamics. Then, residual variables are constructed by subtracting data coming from EPANET and the estimates of the Kalman filter. We use these residuals and the Bad-Data and the dynamic Cumulative Sum (CUSUM) change detection procedures for attack detection. Simulation results are presented - considering false data injection and zero-alarm attacks on sensor readings, and attacks on control input - to evaluate the performance of our model-based attack detection schemes. Finally, we derive upper bounds on the estimator-state deviation that zero-alarm attacks can induce.

References

[1]

EPANET: software that models the hydraulic and water quality behavior of water distribution piping systems. https://www.epa.gov/water-research/epanet. Accessed: 2016-03--29.

[2]

I. C. 2014. Ics-mm201408: May-august 2014. Report no., U.S. Department of Homeland Security-Industrial Control Systems-Cyber Emergency Response Team, Washington, D.C. Available online at https://ics-cert.us-cert.gov., 2014.

[3]

B. Adams, W. Woodall, and C. Lowry. The use (and misuse) of false alarm probabilities in control chart design. Frontiers in Statistical Quality Control 4, pages 155--168, 1992.

[4]

C. M. Ahmed, A.Sridhar, and M. Aditya. Limitations of state estimation based cyber attack detection schemes in industrial control systems. In IEEE Smart City Security and Privacy Workshop, CPSWeek, 2016.

[5]

S. Amin, X. Litrico, S. Sastry, and A. M. Bayen. Cyber security of water scada systems-part i: analysis and experimentation of stealthy deception attacks. IEEE Transactions on Systems Technology, pages 1963--1970, 2013a.

[6]

S. Amin, X. Litrico, S. Sastry, and A. M. Bayen. Cyber security of water scada systems-part ii: Attack detection using enhanced hydrodynamic models. IEEE Transactions on Systems Technology, pages 1679--1693, 2013b.

[7]

K. J. Aström and B. Wittenmark. Computer-controlled Systems (3rd Ed.). Prentice-Hall, Inc., Upper Saddle River, NJ, USA, 1997.

Digital Library

[8]

A. Bobat, T. Gezgin, and H. Aslan. The scada system applications in management of yuvacik dam and reservoir. Desalination and Water Treatment, 2015.

[9]

A. Cardenas, S. Amin, Z. Lin, Y. Huang, C. Huang, and S. Sastry. Attacks against process control systems: Risk assessment, detection, and response. In 6th ACM Symposium on Information, Computer and Communications Security, pages 355--366, 2011.

Digital Library

[10]

J. Giraldo, A. Cardenas, and N. Quijano. Integrity attacks on realtime pricing in smart grids: Impact and countermeasures. IEEE Transactions on Smart Grid, 2016.

[11]

Y. Gu, T. Liu, D. Wang, X. Guan, and Z. Xu. Bad data detection method for smart grids based on distributed estimation. In IEEE ICC, 2013.

[12]

R. A. Horn and C. R. Johnson. Matrix Analysis. Cambridge University Press, New York, NY, USA, 2nd edition, 2012.

Digital Library

[13]

C. Kwon, W. Liu, and I. Hwang. Security analysis for cyber-physical systems against stealthy deception attacks. In American Control Conference (ACC), pages 3344--3349, 2013.

[14]

E. A. Lee. Cyber physical systems: Design challenges. In EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2008--8. http://www.eecs.berkeley.edu/Pubs/TechRpts/2008/EECS- 2008--8.html, Jan. 2008.

[15]

N. Lehtinen. Error functions. Stanford University,Webpage:http://nlpc.stanford.edu/nleht/ Science/reference/errorfun.pdf, April 2010.

[16]

F. Miao, Q. Zhu, M. Pajic, and G. J. Pappas. Coding sensor outputs for injection attacks detection. In IEEE conference in Decision and Control (CDC), pages 5776--5781, 2014.

[17]

L. Mili, T. Cutsen, and M.R.-Pavella. Bad data identification methods in power system state estimation - a comparative study. IEEE Trans. on Power Apparatus and Systems, 1985.

[18]

Y. Mo, E. Garone, A. Casavola, and B. Sinopoli. False data injection attacks against state estimation in wireless sensor networks. In IEEE conference in Decision and Control (CDC), pages 5967--5972, 2010.

[19]

C. Murguia and J. Ruths. Characterization of a cusum model-based sensor attack detector. In 55th IEEE Conference on Decision and Control Conference (CDC), 2016.

[20]

C. Murguia and J. Ruths. Cusum and chi-squared attack detection of compromised sensors. In 2016 IEEE Conference on Control Applications (CCA), pages 474--480, Sept 2016.

[21]

P. V. Overschee and B. D. Moor. Subspace identification for linear systems: theory, implementation, applications. Boston: Kluwer Academic Publications, 1996.

[22]

E. Page. Continuous inspection schemes. Biometrika, 41:100--115, 1954.

[23]

L. Perelman and S. Amin. A network interdiction model for analyzing the vulnerability of water distribution systems. In Proceedings of the 3rd international conference on High confidence networked systems, ACM., pages 135--144, 2014.

Digital Library

[24]

M. Ross. Introduction to Probability Models, Ninth Edition. Academic Press, Inc., Orlando, FL, USA, 2006.

Digital Library

[25]

J. Slay and M. Miller. Lessons learned from the maroochy water breach. Springer 620 US, Boston, MA, pages 73--82, 2008.

[26]

A. Sridhar and M. Aditya. Generalized attacker and attack models for cyber physical systems. In 40th IEEE COMPSAC, 2016.

[27]

C. van Dobben de Bruyn. Cumulative sum tests : theory and practice. London : Griffin, 1968.

Cited By

Christian IFurtado FMathur AZhou JChattopadhyay S(2024)DRACE: A Framework for Evaluating Anomaly Detectors for Industrial Control SystemsProceedings of the 10th ACM Cyber-Physical System Security Workshop10.1145/3626205.3659145(77-87)Online publication date: 2-Jul-2024
https://dl.acm.org/doi/10.1145/3626205.3659145
Wang RAhmed C(2024)Differential Privacy with Selected Privacy Budget $$\epsilon $$ in a Cyber Physical System Using Machine LearningApplied Cryptography and Network Security Workshops10.1007/978-3-031-61489-7_7(101-116)Online publication date: 29-Jun-2024
https://doi.org/10.1007/978-3-031-61489-7_7
Runge IAkinci BBergés M(2023)Challenges in Cyber-Physical Attack Detection for Building Automation SystemsProceedings of the 10th ACM International Conference on Systems for Energy-Efficient Buildings, Cities, and Transportation10.1145/3600100.3623738(236-239)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3600100.3623738
Show More Cited By

Index Terms

Model-based Attack Detection Scheme for Smart Water Distribution Networks
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation

Recommendations

Can Replay Attacks Designed to Steal Water from Water Distribution Systems Remain Undetected?
Special Issue on Security and Privacy for Connected CPS

Industrial Control Systems (ICS) monitor and control physical processes. ICS are found in, among others, critical infrastructures such as water treatment plants, water distribution systems, and the electric power grid. While the existence of cyber-...
DDoSniffer: Detecting DDoS attack at the source agents

Distributed Denial of Service (DDoS) attacks are an important and challenging security threat. Despite the existing defence mechanisms, attackers manage to build large sets of impersonated hosts. Our approach consists in detecting DDoS directly on these ...
POSTER: Defense against False Data Injection Attack in a Cyber-Physical System
ASIA CCS '24: Proceedings of the 19th ACM Asia Conference on Computer and Communications Security

Cyber-physical systems (CPSs) are closed-loop feedback systems that efficiently control the physical processes through cyber-systems. Security threats like false data injection (FDI) attacks are increasing in CPSs. FDI attacks disrupt the system's ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security

April 2017

952 pages

ISBN:9781450349444

DOI:10.1145/3052973

General Chairs:
Ramesh Karri
New York University, New York, USA
,
Ozgur Sinanoglu
New York University Abu Dhabi, UAE
,
Program Chairs:
Ahmad-Reza Sadeghi
Technische Universität Darmstadt, Germany
,
Xun Yi
RMIT University, Australia

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 April 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Research Foundation (NRF)

Conference

ASIA CCS '17

Sponsor:

SIGSAC

ASIA CCS '17: ACM Asia Conference on Computer and Communications Security

April 2 - 6, 2017

Abu Dhabi, United Arab Emirates

Acceptance Rates

ASIA CCS '17 Paper Acceptance Rate 67 of 359 submissions, 19%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

50
Total Citations
View Citations
737
Total Downloads

Downloads (Last 12 months)56
Downloads (Last 6 weeks)11

Reflects downloads up to 15 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Christian IFurtado FMathur AZhou JChattopadhyay S(2024)DRACE: A Framework for Evaluating Anomaly Detectors for Industrial Control SystemsProceedings of the 10th ACM Cyber-Physical System Security Workshop10.1145/3626205.3659145(77-87)Online publication date: 2-Jul-2024
https://dl.acm.org/doi/10.1145/3626205.3659145
Wang RAhmed C(2024)Differential Privacy with Selected Privacy Budget $$\epsilon $$ in a Cyber Physical System Using Machine LearningApplied Cryptography and Network Security Workshops10.1007/978-3-031-61489-7_7(101-116)Online publication date: 29-Jun-2024
https://doi.org/10.1007/978-3-031-61489-7_7
Runge IAkinci BBergés M(2023)Challenges in Cyber-Physical Attack Detection for Building Automation SystemsProceedings of the 10th ACM International Conference on Systems for Energy-Efficient Buildings, Cities, and Transportation10.1145/3600100.3623738(236-239)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3600100.3623738
Oluyomi ABhattacharjee SDas S(2023)Detection of False Data Injection in Smart Water Metering Infrastructure2023 IEEE International Conference on Smart Computing (SMARTCOMP)10.1109/SMARTCOMP58114.2023.00070(267-272)Online publication date: Jun-2023
https://doi.org/10.1109/SMARTCOMP58114.2023.00070
Geng YChen YMa RWei QPan JWang JCheng PWang Q(2023)Defending Cyber–Physical Systems Through Reverse-Engineering-Based Memory Sanity CheckIEEE Internet of Things Journal10.1109/JIOT.2022.320012710:10(8331-8347)Online publication date: 15-May-2023
https://doi.org/10.1109/JIOT.2022.3200127
Rodríguez-Martínez CQuiñones-Grueiro MLlanes-Santiago O(2023)Cyberattack Diagnosis in Water Distribution Networks Combining Data-Driven and Structural Analysis MethodsJournal of Water Resources Planning and Management10.1061/JWRMD5.WRENG-5302149:5Online publication date: May-2023
https://doi.org/10.1061/JWRMD5.WRENG-5302
Wolsing KWagner ESaillard AHenze M(2022)IPAL: Breaking up Silos of Protocol-dependent and Domain-specific Industrial Intrusion Detection SystemsProceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3545948.3545968(510-525)Online publication date: 26-Oct-2022
https://dl.acm.org/doi/10.1145/3545948.3545968
Sharmeen SHuda SAbawajy JAhmed CHassan MFortino G(2022)An Advanced Boundary Protection Control for the Smart Water Network Using Semisupervised and Deep Learning ApproachesIEEE Internet of Things Journal10.1109/JIOT.2021.31004619:10(7298-7310)Online publication date: 15-May-2022
https://doi.org/10.1109/JIOT.2021.3100461
Shahid MAhmed CPalleti VZhou J(2022)Curse of System Complexity and Virtue of Operational Invariants: Machine Learning based System Modeling and Attack Detection in CPS2022 IEEE Conference on Dependable and Secure Computing (DSC)10.1109/DSC54232.2022.9888940(1-8)Online publication date: 22-Jun-2022
https://doi.org/10.1109/DSC54232.2022.9888940
Geng YLiu KMa RWei Q(2022)Research on Memory Attacks and Defenses for Programmable Logic Controllers2022 4th International Conference on Communications, Information System and Computer Engineering (CISCE)10.1109/CISCE55963.2022.9851101(256-260)Online publication date: 27-May-2022
https://doi.org/10.1109/CISCE55963.2022.9851101
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents