Final Rosanne Aartman
19 september 2024 10:00 t/m 11:00 - Locatie: Echo-Hall E, 29.02.060 - Door: DCSC | Zet in mijn agenda
Cyber-attack detection: Man In The Middle attacks on a water storage unit in a water distribution network
Supervisor: Dr. Riccardo Ferrari
Abstract:
Water distribution networks are a fundamental component of modern urban infrastructure. However, these networks are increasingly vulnerable to cyber-attacks, posing significant risks to public health and safety. As technology advances and interconnected systems become prevalent, the potential for malicious actors to exploit vulnerabilities in water distribution networks grows exponentially. Therefore, cyber-attack detection mechanisms are essential for safeguarding this critical infrastructure.
This thesis explores the application of model-based anomaly detection methods to detect cyber-physical attacks in water distribution networks utilising real-time process data from Dunea, a Dutch drinking water company. The case study focuses on a water storage unit, which is drained when there is an increase in demand by the consumers and replenished when there is a decrease in demand by the consumers, aiming to maintain a steady production rate to ensure high-quality drinking water at all times. Utilising provided process descriptions, real-time DCS data, and system identification, a model is derived to represent the nominal behaviour of the water storage unit. Due to its different modes of operation, a hybrid automaton is created to describe its nominal dynamics. Additionally, a Kalman filter is implemented to update the estimations of the system and make them applicable for anomaly detection. The cyber-physical attacks targeting the water storage unit modelled as MITM (Man In The Middle) attacks focused on extreme scenarios and availability of drinking water by obstructing the initialisation of the draining or replenishment of the reservoir and replaying previously recorded data, masking the attack to the operators. Finally, a non-parametric CUSUM detector is implemented to detect replay attacks on the water storage unit and increase the detectability of cyber-physical attacks targeted against water distribution networks.