A Time-Series Self-Supervised Learning Approach to Detection of Cyber-physical Attacks in Water Distribution Systems
Water Distribution System (WDS) threats have significantly grown following the Maroochy shire incident, as evidenced by proofed attacks on water premises. As a result, in addition to traditional solutions (e.g., data encryption and authentication), attack detection is being proposed in WDS to reduce...
Main Authors: | , , |
---|---|
Format: | Article |
Language: | English |
Published: |
MDPI AG
2022-01-01
|
Series: | Energies |
Subjects: | |
Online Access: | https://www.mdpi.com/1996-1073/15/3/914 |
_version_ | 1797488082335825920 |
---|---|
author | Haitham Mahmoud Wenyan Wu Mohamed Medhat Gaber |
author_facet | Haitham Mahmoud Wenyan Wu Mohamed Medhat Gaber |
author_sort | Haitham Mahmoud |
collection | DOAJ |
description | Water Distribution System (WDS) threats have significantly grown following the Maroochy shire incident, as evidenced by proofed attacks on water premises. As a result, in addition to traditional solutions (e.g., data encryption and authentication), attack detection is being proposed in WDS to reduce disruption cases. The attack detection system must meet two critical requirements: high accuracy and near real-time detection. This drives us to propose a two-stage detection system that uses self-supervised and unsupervised algorithms to detect Cyber-Physical (CP) attacks. Stage 1 uses heuristic adaptive self-supervised algorithms to achieve near real-time decision-making and detection sensitivity of 66% utilizing Boss. Stage 2 attempts to validate the detection of attacks using an unsupervised algorithm to maintain a detection accuracy of 94% utilizing Isolation Forest. Both stages are examined against time granularity and are empirically analyzed against a variety of performance evaluation indicators. Our findings demonstrate that the algorithms in stage 1 are less favored than those in the literature, but their existence enables near real-time decision-making and detection reliability. In stage 2, the isolation Forest algorithm, in contrast, gives excellent accuracy. As a result, both stages can collaborate to maximize accuracy in a near real-time attack detection system. |
first_indexed | 2024-03-09T23:57:04Z |
format | Article |
id | doaj.art-0759f28bc47241eda5a8a3d75ca8f206 |
institution | Directory Open Access Journal |
issn | 1996-1073 |
language | English |
last_indexed | 2024-03-09T23:57:04Z |
publishDate | 2022-01-01 |
publisher | MDPI AG |
record_format | Article |
series | Energies |
spelling | doaj.art-0759f28bc47241eda5a8a3d75ca8f2062023-11-23T16:22:05ZengMDPI AGEnergies1996-10732022-01-0115391410.3390/en15030914A Time-Series Self-Supervised Learning Approach to Detection of Cyber-physical Attacks in Water Distribution SystemsHaitham Mahmoud0Wenyan Wu1Mohamed Medhat Gaber2School of Engineering and Built Environment, Birmingham City University, Birmingham B4 7XG, UKSchool of Engineering and Built Environment, Birmingham City University, Birmingham B4 7XG, UKSchool of Computing and Digital Technology, Birmingham City University, Birmingham B4 7XG, UKWater Distribution System (WDS) threats have significantly grown following the Maroochy shire incident, as evidenced by proofed attacks on water premises. As a result, in addition to traditional solutions (e.g., data encryption and authentication), attack detection is being proposed in WDS to reduce disruption cases. The attack detection system must meet two critical requirements: high accuracy and near real-time detection. This drives us to propose a two-stage detection system that uses self-supervised and unsupervised algorithms to detect Cyber-Physical (CP) attacks. Stage 1 uses heuristic adaptive self-supervised algorithms to achieve near real-time decision-making and detection sensitivity of 66% utilizing Boss. Stage 2 attempts to validate the detection of attacks using an unsupervised algorithm to maintain a detection accuracy of 94% utilizing Isolation Forest. Both stages are examined against time granularity and are empirically analyzed against a variety of performance evaluation indicators. Our findings demonstrate that the algorithms in stage 1 are less favored than those in the literature, but their existence enables near real-time decision-making and detection reliability. In stage 2, the isolation Forest algorithm, in contrast, gives excellent accuracy. As a result, both stages can collaborate to maximize accuracy in a near real-time attack detection system.https://www.mdpi.com/1996-1073/15/3/914attack detectionself-supervised learningwater distribution systemdata intelligenceindustrial cyber-physical systems |
spellingShingle | Haitham Mahmoud Wenyan Wu Mohamed Medhat Gaber A Time-Series Self-Supervised Learning Approach to Detection of Cyber-physical Attacks in Water Distribution Systems Energies attack detection self-supervised learning water distribution system data intelligence industrial cyber-physical systems |
title | A Time-Series Self-Supervised Learning Approach to Detection of Cyber-physical Attacks in Water Distribution Systems |
title_full | A Time-Series Self-Supervised Learning Approach to Detection of Cyber-physical Attacks in Water Distribution Systems |
title_fullStr | A Time-Series Self-Supervised Learning Approach to Detection of Cyber-physical Attacks in Water Distribution Systems |
title_full_unstemmed | A Time-Series Self-Supervised Learning Approach to Detection of Cyber-physical Attacks in Water Distribution Systems |
title_short | A Time-Series Self-Supervised Learning Approach to Detection of Cyber-physical Attacks in Water Distribution Systems |
title_sort | time series self supervised learning approach to detection of cyber physical attacks in water distribution systems |
topic | attack detection self-supervised learning water distribution system data intelligence industrial cyber-physical systems |
url | https://www.mdpi.com/1996-1073/15/3/914 |
work_keys_str_mv | AT haithammahmoud atimeseriesselfsupervisedlearningapproachtodetectionofcyberphysicalattacksinwaterdistributionsystems AT wenyanwu atimeseriesselfsupervisedlearningapproachtodetectionofcyberphysicalattacksinwaterdistributionsystems AT mohamedmedhatgaber atimeseriesselfsupervisedlearningapproachtodetectionofcyberphysicalattacksinwaterdistributionsystems AT haithammahmoud timeseriesselfsupervisedlearningapproachtodetectionofcyberphysicalattacksinwaterdistributionsystems AT wenyanwu timeseriesselfsupervisedlearningapproachtodetectionofcyberphysicalattacksinwaterdistributionsystems AT mohamedmedhatgaber timeseriesselfsupervisedlearningapproachtodetectionofcyberphysicalattacksinwaterdistributionsystems |