Skip to main content
Log in

Detection and localization of cyber attacks on water treatment systems: an entropy-based approach

水处理系统网络攻击的检测和定位:基于熵的方法

  • Research Article
  • Published:
Frontiers of Information Technology & Electronic Engineering Aims and scope Submit manuscript

Abstract

With the advent of Industry 4.0, water treatment systems (WTSs) are recognized as typical industrial cyber-physical systems (iCPSs) that are connected to the open Internet. Advanced information technology (IT) benefits the WTS in the aspects of reliability, efficiency, and economy. However, the vulnerabilities exposed in the communication and control infrastructure on the cyber side make WTSs prone to cyber attacks. The traditional IT system oriented defense mechanisms cannot be directly applied in safety-critical WTSs because the availability and real-time requirements are of great importance. In this paper, we propose an entropy-based intrusion detection (EBID) method to thwart cyber attacks against widely used controllers (e.g., programmable logic controllers) in WTSs to address this issue. Because of the varied WTS operating conditions, there is a high false-positive rate with a static threshold for detection. Therefore, we propose a dynamic threshold adjustment mechanism to improve the performance of EBID. To validate the performance of the proposed approaches, we built a high-fidelity WTS testbed with more than 50 measurement points. We conducted experiments under two attack scenarios with a total of 36 attacks, showing that the proposed methods achieved a detection rate of 97.22% and a false alarm rate of 1.67%.

摘要

随着工业4.0的发展, 水处理系统作为一种典型工业信息物理系统逐渐接入互联网。先进的信息技术使水处理系统在可靠性、效率和经济性方面受益。然而, 网络和基础设施中潜在的漏洞使水处理系统很容易遭受网络攻击。由于水处理系统对于实时性和可用性的严苛要求, 传统的面向信息系统的防御机制无法直接应用于水处理系统。本文提出一种基于熵的入侵检测方法来抵御针对系统中控制器(如可编程逻辑控制器)的攻击。由于水处理系统运行条件的变化, 在模型采用静态阈值进行检测时会产生较高误报率。因此本文提出一种动态阈值调整机制来提高所提方法的检测性能。为验证所提方法, 我们建立了一个包含超过50个测量点的高保真水处理系统测试平台。在两种攻击场景下进行实验, 共涵盖了36次攻击。结果表明, 所提方法能够实现97.22%的检测率和1.67%的误报率。

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Qiang Wei  (魏强).

Additional information

Project supported by the National Natural Science Foundation of China (No. 61833015)

Contributors

Ke LIU and Mufeng WANG designed the research. Qiang WEI helped design the research. Ke LIU processed the data. Ke LIU and Mufeng WANG drafted the paper. Rongkuan MA, Zhenyong ZHANG, and Qiang WEI helped organize the paper. Ke LIU and Mufeng WANG revised and finalized the paper.

Compliance with ethics guidelines

Ke LIU, Mufeng WANG, Rongkuan MA, Zhenyong ZHANG, and Qiang WEI declare that they have no conflict of interest.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Liu, K., Wang, M., Ma, R. et al. Detection and localization of cyber attacks on water treatment systems: an entropy-based approach. Front Inform Technol Electron Eng 23, 587–603 (2022). https://doi.org/10.1631/FITEE.2000546

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1631/FITEE.2000546

Key words

CLC number

关键词

Navigation