Abstract
Critical infrastructure assets such as power grids and water treatment plants are monitored and managed by industrial control systems. Attacks that leverage industrial control systems to disrupt or damage infrastructure assets can impact human lives, the economy and the environment. Several attack detection methods have been proposed, but they are often difficult to implement and their accuracy is often low. Additionally, these methods do not consider the digital forensic aspects.
This chapter focuses on the use of machine learning, specifically one-class support vector machines, for attack detection and forensic investigations. The methodology is evaluated using a water treatment testbed, a scaled-down version of a real-world industrial water treatment plant. Data collected under normal operations and attacks are used in the study. In order to enhance detection accuracy, the water treatment process is divided into sub-processes for individual one-class support vector machine model training. The experimental results demonstrate that the trained sub-process models yield better detection performance than the trained complete process model. Additionally, the approach enhances the efficiency and effectiveness of forensic investigations.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
S. Adepu and A. Mathur, An investigation into the response of a water treatment system to cyber attacks, Proceedings of the Seventeenth IEEE International Symposium on High Assurance Systems Engineering, pp. 141–148, 2016.
S. Amraee, A. Vafaei, K. Jamshidi and P. Adibi, Abnormal event detection in crowded scenes using a one-class SVM, Signal, Image and Video Processing, vol. 12(6), pp. 1115–1123, 2018.
K. Aung, Secure Water Treatment Testbed (SWaT): An Overview, iTrust Centre for Research in Cyber Security, Singapore University of Technology and Design, Singapore, 2015.
M. Bekkar, K. Djemaa and T. Alitouche, Evaluation measures for model assessment over imbalanced datasets, Journal of Information Engineering and Applications, vol. 3(10), pp. 27–38, 2013.
A. Bottenberg and J. Ward, Applied Multiple Linear Regression, Technical Documentary Report PRL-TDR-63-6, Air Force Systems Command, Lackland Air Force Base, Texas, 1963.
G. Dietterich, Machine learning for sequential data: A review, Proceedings of the Joint IAPR International Workshops on Statistical Techniques in Pattern Recognition, and Structural and Syntactic Pattern Recognition, pp. 15–30, 2002.
J. Goh, S. Adepu, K. Junejo and A. Mathur, A dataset to support research in the design of secure water treatment systems, Proceedings of the International Conference on Critical Information Infrastructures Security, pp. 88–99, 2016.
J. Inoue, Y. Yamagata, Y. Chen, M. Poskitt and J. Sun, Anomaly detection in a water treatment system using unsupervised machine learning, Proceedings of the IEEE International Conference on Data Mining Workshops, pp. 1058–1065, 2017.
M. Kravchik and A. Shabtai, Efficient Cyber Attack Detection in Industrial Control Systems using Lightweight Neural Networks, Department of Software and Information Systems Engineering, Ben-Gurion University of the Negev, Beer-Sheva, Israel, 2019.
M. Lee, M. Assante and T. Conway, Analysis of the Cyber Attack on the Ukrainian Power Grid, TLP: White, SANS Industrial Control Systems, Bethesda, Maryland, and Electricity Information Sharing and Analysis Center, Washington, DC, 2016.
F. Mitchell, The use of artificial intelligence in digital forensics: An introduction, Digital Evidence and Electronic Signature Law Review, vol. 7, pp. 35–41, 2010.
S. Mounce, R. Mounce and J. Boxall, Novelty detection for time series data analysis in water distribution systems using support vector machines, Journal of Hydroinformatics, vol. 13(4), pp. 672–686, 2011.
D. Ramotsoela, A. Abu-Mahfouz and G. Hancke, A survey of anomaly detection in industrial wireless sensor networks with critical water system infrastructure as a case study, Sensors, vol. 18(8), article E2491, 2018.
SAS Institute, Machine learning: What it is and why it matters, Cary, North Carolina (www.sas.com/en_us/insights/analytics/machine-learning.html), 2019.
F. Schuster, A. Paul, R. Rietz and H. Koenig, Potential of using a one-class SVM for detecting protocol-specific anomalies in industrial networks, Proceedings of the IEEE Symposium Series on Computational Intelligence, pp. 83–90, 2015.
scikit-learn, Machine learning in Python (scikit-learn.org), 2019.
M. Sokolova and G. Lapalme, A systematic analysis of performance measures for classification tasks, Information Processing and Management, vol. 45(4), pp. 427–437, 2009.
TensorFlow, TensorFlow: An end-to-end open source machine learning platform (www.tensorflow.org), 2019.
R. Vlasveld, Introduction to One-Class Support Vector Machines (rvlasveld.github.io/blog/2013/07/12/introduction-to-one-class-support-vector-machines), July 12, 2013.
J. Wang, J. Sun, Y. Jia, S. Qin and Z. Xu, Towards “verifying” a water treatment system, in Formal Methods, K. Havelund, J. Peleska, B. Roscoe and E. de Vink (Eds.), Springer, Cham, Switzerland, pp. 73–92, 2018.
K. Yau and K. Chow, PLC forensics based on control program logic change detection, Journal of Digital Forensics, Security and Law, vol. 10(4), pp. 59–68, 2015.
K. Yau and K. Chow, Detecting anomalous programmable logic controller events using machine learning, in Advances in Digital Forensics XIII, G. Peterson and S. Shenoi (Eds.), Springer, Cham, Switzerland, pp. 81–94, 2017.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 IFIP International Federation for Information Processing
About this paper
Cite this paper
Yau, K., Chow, KP., Yiu, SM. (2020). Detecting Attacks on a Water Treatment System Using Oneclass Support Vector Machines. In: Peterson, G., Shenoi, S. (eds) Advances in Digital Forensics XVI. DigitalForensics 2020. IFIP Advances in Information and Communication Technology, vol 589. Springer, Cham. https://doi.org/10.1007/978-3-030-56223-6_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-56223-6_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-56222-9
Online ISBN: 978-3-030-56223-6
eBook Packages: Computer ScienceComputer Science (R0)