Deep-Learning Approach to the Detection and Localization of Cyber-Physical Attacks on Water Distribution Systems

Abstract

The recent increase in frequency and severity of cyber-physical attacks on water treatment plants and distribution systems calls for the development of intrusion detection schemes that help protect these critical infrastructures. This paper contributes an algorithm specifically designed for detecting and localizing cyber attacks against water distribution systems. The algorithm builds on the idea of learning a data-driven model that reproduces the patterns of all hydraulic processes observed within a distribution system: the model is trained using data pertaining to normal operating conditions, in order to poorly reproduce anomalous patterns, such as those induced by cyber attacks. The modeling process is carried out using autoencoders, a deep learning neural network architecture capable of building a compressed and meaningful representation of high-dimensional input data patterns. The algorithm is developed and tested on three data sets devised for the Battle of the Attack Detection Algorithms—the only open-source data available, at this stage, for research in cyber security of water networks. Results show that the detection algorithm can identify all attacks featured in the data sets, including those compromising data integrity. The algorithm has two additional important features: it localizes the components under attack, and it is developed using only data pertaining to normal operating conditions, which are generally available to water utilities.