Cyber Physical Attacks and Detection MEthods in Water Distribution Systems

Abstract

Modern technologies adopt Internet of Things (IoT) devices to increase water management efficiency and enhance water quality services. However, the limitations of IoT devices, such as small sizes and poor security, weaken the Water Distribution System (WDS) security and many attackers compromise the critical components of WDS. Cyber-physical attacks (CPAs) are considered one of the biggest challenges that decrease the security factors in WDS by disrupting normal operations and tampering with the critical data of the water system. Therefore, this dissertation proposes an anomaly detection method to detect cyber-physical attacks and mitigate their bad impacts on the components of WDS. First, we study the current state-of-art for the common cyber-physical attacks and common detection mechanisms for the WDS. Also, we compare CPA attacks and detection methods with emphasis on ideas, methods, evaluation results, advantages, and limitations. Second, we propose a deep learning model based on a conditional variational autoencoder (CVAE) to detect cyber-physical attacks. The CVAE model shows a highly effective way to maximize the chance of generating the desired output and detecting CPA attacks quickly. We also train CVAE on (BATADAL) real medium-sized water distribution dataset and demonstrate high-efficiency results. Experiment results indicate that our proposed method of CVAE can detect all the listed attacks with high accuracy and reduce false alarm issues. Then, we evaluate the proposed models’ performance using various metrics, including accuracy, precision, recall, and F1 score. In addition, we compare the CVAE model with existing models to detect CPA attacks, and the results show that we reach a high accuracy of 98%. Third, we designed an adversarial attack on our CVAE model to show the security risks of this attack and the negative impact on the model’s accuracy. We apply the Fast Sign gradient method to fool the CVAE model and predict the anomalies as normal data rather than anomalies. Then, we propose our novel defense approach, the CVAE defense model, to detect adversarial attacks. The CVAE defense model consists of adversarial detection and the CVAE defense models. The adversarial detection model adopts CNN and LSTM methods to classify data as adversarial or clean. The CVAE defense model takes the output of the adversarial detection model and passes it to our proposed noise generation method. After that, the noise generation method is produced and passed to the CVAE model and activation function. Finally, we calculate the Euclidean distance between the reconstructed output and input vectors and compare it to the threshold. If the output is less than the threshold, there is no attack. Otherwise, the output should be one, and there is an attack. The results show that our CVAE defense model can detect adversarial attacks and increase the performance to an overall 92%.