Detecting Cyber-Physical Attacks in Water Distribution Systems: One-class Classifier Approach

Water Distribution Systems (WDSs) are critical infrastructures that supply drinking water from water sources to end-users. Smart WDSs could be designed by integrating physical components (e.g. valve and pumps) with computation and networking devices. As such, in smart WDSs, pumps and valves are automatically controlled together with continuous monitoring of important systems' parameters. However, despite its advantage of improved efficacy, the automated control and operation through a cyber-layer can expose the system to cyber-physical attacks. One-Class classification technique is proposed to detect such attacks by analyzing collected sensors' readings from the system components. One-class classifiers have been found suitable for classifying "normal" and "abnormal" conditions with unbalanced datasets, which are expected in the cyber-attack detection problem. In the cyber-attack detection problem, typically, most of the data samples are under the "normal" state, and only small fraction of the samples can be suspected as under-attack (i.e. "abnormal" state). The results of this study demonstrate that one-class classification algorithms can be suitable for the cyber-attack detection problem and can compete with existing approaches. More specifically, this study examines the Support Vector Data Description (SVDD) method together with a tailored features selection methodology, which is based on the physical understanding of the WDS topology. The developed algorithm is examined on BATADAL datasets, which demonstrate a quasi-realistic case study and on a new case study of a large-scale WDS.