Detecting and Localizing Cyber-Physical Attacks in Water Distribution Systems without Records of Labeled Attacks

Abstract

Modern water distribution systems (WDSs) offer automated controls and operations to improve their efficiency and reliability. Nonetheless, such automation can be vulnerable to cyber-attacks. Therefore, various approaches have been suggested to detect cyber-attacks in WDSs. However, most of these approaches rely on labeled attack records which are rarely available in real-world applications. Thus, for a detection model to be practical, it should be able to detect and localize events without referring to a predetermined list of labeled attacks. This study proposes a semi-supervised approach that relies solely on attack-free datasets to address this challenge. The approach utilizes a reduction in dimensionality by using maximum canonical correlation analysis (MCCA) followed by support vector data description (SVDD). The developed algorithm was tested on two case studies and various datasets, demonstrating consistently high performance in detecting and localizing cyber-attacks.