Detecting Cyber-Physical Attacks in Water Distribution Systems: One-Class Classifier Approach

Water distribution systems (WDSs) are critical infrastructures that supply drinking water from water sources to end-users. Smart WDSs could be designed by integrating physical components (e.g., valve and pumps) with computation and networking devices. As such, in smart WDSs, pumps and valves are automatically controlled together with continuous monitoring of important systems' parameters. However, despite its advantage of improved efficacy, automated control and operation through a cyber-layer can expose the system to cyber-physical attacks. The one-class classification technique is proposed to detect such attacks by analyzing collected sensors' readings from the system components. One-class classifiers have been found suitable for classifying normal and abnormal conditions with unbalanced datasets, which are expected in the cyber-attack detection problem. In the cyber-attack detection problem, typically, most of the data samples are under the normal state, while only a small fraction of the samples can be suspected as under attack (i.e., abnormal state). The results of this study demonstrate that one-class classification algorithms can be suitable for the cyber-attack detection problem and can compete with existing approaches. More specifically, this study examines the support vector data description (SVDD) method together with a tailored features selection methodology, which is based on the physical understanding of the WDS topology. The developed algorithm is examined on the Battle of the Attack Detection Algorithms (BATADAL) datasets that demonstrate a quasi-realistic case study and on a new case study of a large-scale WDS.