SpringerLink
Log in

Detecting Attacks on a Water Treatment System Using Oneclass Support Vector Machines

  • Conference paper
  • First Online:
Advances in Digital Forensics XVI (DigitalForensics 2020)

Part of the book series: IFIP Advances in Information and Communication Technology ((IFIPAICT,volume 589))

Included in the following conference series:

Abstract

Critical infrastructure assets such as power grids and water treatment plants are monitored and managed by industrial control systems. Attacks that leverage industrial control systems to disrupt or damage infrastructure assets can impact human lives, the economy and the environment. Several attack detection methods have been proposed, but they are often difficult to implement and their accuracy is often low. Additionally, these methods do not consider the digital forensic aspects.

This chapter focuses on the use of machine learning, specifically one-class support vector machines, for attack detection and forensic investigations. The methodology is evaluated using a water treatment testbed, a scaled-down version of a real-world industrial water treatment plant. Data collected under normal operations and attacks are used in the study. In order to enhance detection accuracy, the water treatment process is divided into sub-processes for individual one-class support vector machine model training. The experimental results demonstrate that the trained sub-process models yield better detection performance than the trained complete process model. Additionally, the approach enhances the efficiency and effectiveness of forensic investigations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. S. Adepu and A. Mathur, An investigation into the response of a water treatment system to cyber attacks, Proceedings of the Seventeenth IEEE International Symposium on High Assurance Systems Engineering, pp. 141–148, 2016.

    Google Scholar 

  2. S. Amraee, A. Vafaei, K. Jamshidi and P. Adibi, Abnormal event detection in crowded scenes using a one-class SVM, Signal, Image and Video Processing, vol. 12(6), pp. 1115–1123, 2018.

    Google Scholar 

  3. K. Aung, Secure Water Treatment Testbed (SWaT): An Overview, iTrust Centre for Research in Cyber Security, Singapore University of Technology and Design, Singapore, 2015.

    Google Scholar 

  4. M. Bekkar, K. Djemaa and T. Alitouche, Evaluation measures for model assessment over imbalanced datasets, Journal of Information Engineering and Applications, vol. 3(10), pp. 27–38, 2013.

    Google Scholar 

  5. A. Bottenberg and J. Ward, Applied Multiple Linear Regression, Technical Documentary Report PRL-TDR-63-6, Air Force Systems Command, Lackland Air Force Base, Texas, 1963.

    Google Scholar 

  6. G. Dietterich, Machine learning for sequential data: A review, Proceedings of the Joint IAPR International Workshops on Statistical Techniques in Pattern Recognition, and Structural and Syntactic Pattern Recognition, pp. 15–30, 2002.

    Google Scholar 

  7. J. Goh, S. Adepu, K. Junejo and A. Mathur, A dataset to support research in the design of secure water treatment systems, Proceedings of the International Conference on Critical Information Infrastructures Security, pp. 88–99, 2016.

    Google Scholar 

  8. J. Inoue, Y. Yamagata, Y. Chen, M. Poskitt and J. Sun, Anomaly detection in a water treatment system using unsupervised machine learning, Proceedings of the IEEE International Conference on Data Mining Workshops, pp. 1058–1065, 2017.

    Google Scholar 

  9. M. Kravchik and A. Shabtai, Efficient Cyber Attack Detection in Industrial Control Systems using Lightweight Neural Networks, Department of Software and Information Systems Engineering, Ben-Gurion University of the Negev, Beer-Sheva, Israel, 2019.

    Google Scholar 

  10. M. Lee, M. Assante and T. Conway, Analysis of the Cyber Attack on the Ukrainian Power Grid, TLP: White, SANS Industrial Control Systems, Bethesda, Maryland, and Electricity Information Sharing and Analysis Center, Washington, DC, 2016.

    Google Scholar 

  11. F. Mitchell, The use of artificial intelligence in digital forensics: An introduction, Digital Evidence and Electronic Signature Law Review, vol. 7, pp. 35–41, 2010.

    Google Scholar 

  12. S. Mounce, R. Mounce and J. Boxall, Novelty detection for time series data analysis in water distribution systems using support vector machines, Journal of Hydroinformatics, vol. 13(4), pp. 672–686, 2011.

    Google Scholar 

  13. D. Ramotsoela, A. Abu-Mahfouz and G. Hancke, A survey of anomaly detection in industrial wireless sensor networks with critical water system infrastructure as a case study, Sensors, vol. 18(8), article E2491, 2018.

    Google Scholar 

  14. SAS Institute, Machine learning: What it is and why it matters, Cary, North Carolina (www.sas.com/en_us/insights/analytics/machine-learning.html), 2019.

    Google Scholar 

  15. F. Schuster, A. Paul, R. Rietz and H. Koenig, Potential of using a one-class SVM for detecting protocol-specific anomalies in industrial networks, Proceedings of the IEEE Symposium Series on Computational Intelligence, pp. 83–90, 2015.

    Google Scholar 

  16. scikit-learn, Machine learning in Python (scikit-learn.org), 2019.

    Google Scholar 

  17. M. Sokolova and G. Lapalme, A systematic analysis of performance measures for classification tasks, Information Processing and Management, vol. 45(4), pp. 427–437, 2009.

    Google Scholar 

  18. TensorFlow, TensorFlow: An end-to-end open source machine learning platform (www.tensorflow.org), 2019.

    Google Scholar 

  19. R. Vlasveld, Introduction to One-Class Support Vector Machines (rvlasveld.github.io/blog/2013/07/12/introduction-to-one-class-support-vector-machines), July 12, 2013.

    Google Scholar 

  20. J. Wang, J. Sun, Y. Jia, S. Qin and Z. Xu, Towards “verifying” a water treatment system, in Formal Methods, K. Havelund, J. Peleska, B. Roscoe and E. de Vink (Eds.), Springer, Cham, Switzerland, pp. 73–92, 2018.

    Google Scholar 

  21. K. Yau and K. Chow, PLC forensics based on control program logic change detection, Journal of Digital Forensics, Security and Law, vol. 10(4), pp. 59–68, 2015.

    Google Scholar 

  22. K. Yau and K. Chow, Detecting anomalous programmable logic controller events using machine learning, in Advances in Digital Forensics XIII, G. Peterson and S. Shenoi (Eds.), Springer, Cham, Switzerland, pp. 81–94, 2017.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Hong Kong, Hong Kong, China

    Ken Yau, Kam-Pui Chow & Siu-Ming Yiu

Authors
  1. Ken Yau
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kam-Pui Chow
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Siu-Ming Yiu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kam-Pui Chow .

Editor information

Editors and Affiliations

  1. Department of Electrical and Computer Engineering, Air Force Institute of Technology, Wright-Patterson AFB, OH, USA

    Gilbert Peterson

  2. Tandy School of Computer Science, University of Tulsa, Tulsa, OK, USA

    Sujeet Shenoi

Rights and permissions

Reprints and permissions

Copyright information

© 2020 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Yau, K., Chow, KP., Yiu, SM. (2020). Detecting Attacks on a Water Treatment System Using Oneclass Support Vector Machines. In: Peterson, G., Shenoi, S. (eds) Advances in Digital Forensics XVI. DigitalForensics 2020. IFIP Advances in Information and Communication Technology, vol 589. Springer, Cham. https://doi.org/10.1007/978-3-030-56223-6_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-56223-6_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-56222-9

  • Online ISBN: 978-3-030-56223-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation