Combining Physical and Network Data for Attack Detection in Water Distribution Networks

Combining Physical and Network Data for Attack Detection in Water Distribution Networks

Water distribution infrastructures are increasingly incorporating the IoT in the form of sensing and computing power to improve control over the system and achieve greater adaptability to water demand. This evolution, from physical to cyber-physical systems, comes with an attack perimeter extended f...

Full description

Saved in:
Bibliographic Details
Main Authors: Côme Frappé - - Vialatoux, Pierre Parrend
Format: Article
Language:English
Published: MDPI AG 2024-09-01
Series:Engineering Proceedings
Subjects:
cyber-physical systems
security
machine learning
Online Access:https://www.mdpi.com/2673-4591/69/1/118
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Water distribution infrastructures are increasingly incorporating the IoT in the form of sensing and computing power to improve control over the system and achieve greater adaptability to water demand. This evolution, from physical to cyber-physical systems, comes with an attack perimeter extended from physical infrastructure to cyberspace. Being able to detect this novel kind of attack is gaining traction in the scientific community. Machine learning detection algorithms, which are showing encouraging results in cybersecurity applications, are leveraging the increasing number of datasets published in the water distribution community for better attack detection. These datasets also begin to reflect this novel cyber-physical aspect in two ways, first by conducting cyberattacks against the testbed infrastructures during data acquisition, and secondly by including network traffic data along with the physical data captured during the experimentations. However, current machine learning models do not fully take into account this cyber-physical component, being only trained either on the physical or on the network data. This paper addresses this problem by providing a multi-layer approach to applying machine learning to cyber-physical systems, by combining physical and network traffic data and assessing their effects on the attack detection performance of machine learning algorithms, as well as the cross-impact with data enriched with graph metrics.
ISSN:2673-4591

Similar Items