Search Results (12)

In the realm of critical infrastructure protection, robust intrusion detection systems (IDSs) are essential for securing essential services. This paper investigates the efficacy of various machine learning algorithms for anomaly detection within critical infrastructure, using the Secure Water Treatment (SWaT) dataset, a comprehensive collection of time-series data from a water treatment testbed, to experiment upon and analyze the findings. The study evaluates supervised learning algorithms alongside unsupervised learning algorithms. The analysis reveals that supervised learning algorithms exhibit exceptional performance with high accuracy and reliability, making them well-suited for handling the diverse and complex nature of anomalies in critical infrastructure. They demonstrate significant capabilities in capturing spatial and temporal variables. Among the unsupervised approaches, valuable insights into anomaly detection are provided without the necessity for labeled data, although they face challenges with higher rates of false positives and negatives. By outlining the benefits and drawbacks of these machine learning algorithms in relation to critical infrastructure, this research advances the field of cybersecurity. It emphasizes the importance of integrating supervised and unsupervised techniques to enhance the resilience of IDSs, ensuring the timely detection and mitigation of potential threats. The findings offer practical guidance for industry professionals on selecting and deploying effective machine learning algorithms in critical infrastructure environments. Full article

Adversarial attacks targeting industrial control systems, such as the Maroochy wastewater system attack and the Stuxnet worm attack, have caused significant damage to related facilities. To enhance the security of industrial control systems, recent research has focused on not only improving the accuracy of intrusion detection systems but also developing techniques to generate adversarial attacks for evaluating the performance of these intrusion detection systems. In this paper, we propose a deep reinforcement learning-based adversarial attack framework designed to perform man-in-the-middle attacks on industrial control systems. Unlike existing adversarial attack methods, our proposed adversarial attack scheme learns to evade detection by the intrusion detection system based on both the impact on the target and the detection results from previous attacks. For performance evaluation, we utilized a dataset collected from the secure water treatment (SWaT) testbed. The simulation results demonstrated that our adversarial attack scheme successfully executed man-in-the-middle attacks while evading detection by the rule-based intrusion detection system, which was defined based on the analysis of the SWaT dataset. Full article

Accurate detection of process anomalies is crucial for maintaining reliable operations in critical infrastructures such as water treatment plants. Traditional methods for creating anomaly detection systems in these facilities typically focus on either design-based strategies, which encompass physical and engineering aspects, or on data-driven models that utilize machine learning to interpret complex data patterns. Challenges in creating these detectors arise from factors such as dynamic operating conditions, lack of design knowledge, and the complex interdependencies among heterogeneous components. This paper proposes a novel fusion detector that combines the strengths of both design-based and machine learning approaches for accurate detection of process anomalies. The proposed methodology was implemented in an operational secure water treatment (SWaT) testbed, and its performance evaluated during the Critical Infrastructure Security Showdown (CISS) 2022 event. A comparative analysis against four commercially available anomaly detection systems that participated in the CISS 2022 event revealed that our fusion detector successfully detected 19 out of 22 attacks, demonstrating high accuracy with a low rate of false positives. Full article

Critical Infrastructure Security Showdown 2021—Online (CISS2021-OL) represented the fifth run of iTrust’s international technology assessment exercise. During this event, researchers and experts from the industry evaluated the performance of technologies designed to detect and mitigate real-time cyber-physical attacks launched against the operational iTrust testbeds and digital twins. Here, we summarize the performance of an anomaly detection mechanism, named AICrit, that was used during the exercise. AICrit utilizes the plant’s design to determine the models to be created using machine learning, and hence is referred to as a “design-enhanced” anomaly detector. The results of the validation in this large-scale exercise reveal that AICrit successfully detected 95.83% of the 27 launched attacks. Our analysis offers valuable insights into AICrit’s efficiency in detecting process anomalies in a water treatment plant under a continuous barrage of cyber-physical attacks. Full article

Critical infrastructure, such as water treatment facilities, largely relies on the effective functioning of industrial control systems (ICSs). Due to the wide adoption of high-speed network and digital infrastructure technologies, these systems are now highly interconnected not only to corporate networks but also to the public Internet, mostly for remote control and monitoring purposes. Sophisticated cyber-attacks may take advantage the increased interconnectedness or other security gaps of an ICS and infiltrate the system with devastating consequences to the economy, national security, and even human life. Due to the paramount importance of detecting and isolating these attacks, we propose an unsupervised anomaly detection approach that employs causal inference to construct a robust anomaly score in two phases. First, minimal domain knowledge via causal models helps identify critical interdependencies in the system, while univariate models contribute to individually learn the normal behavior of the system’s components. In the final phase, we employ the extreme studentized deviate (ESD) on the computed score to detect attacks and to exclude any irrelevant sensor signals. Our approach is validated on the widely used Secure Water Treatment (SWaT) benchmark, and it exhibits the highest F1 score with zero false alarms, which is extremely important for real-world deployment. Full article

Cyber-physical systems (CPS) and their Supervisory Control and Data Acquisition (SCADA) have attracted great interest for automatic management of industrial infrastructures, such as water and wastewater systems. A range of technologies can be employed for wastewater treatment CPS to manage risks and protect the infrastructures of water systems and their wastewater against cyberattacks. In this paper, we develop a novel risk assessment framework, named RAF-CPWS, which perfectly estimates the risks of water and wastewater technologies. To do this, a multi-criteria group decision-making (MCGDM) approach is designed by neutrosophic theory to assess the risks of wastewater treatment technologies (WWTTs). The proposed approach evaluates the best WWTTs, considering various economic, environmental, technological and cybersecurity, and social factors. A decision-making trial and evaluation laboratory (DEMATEL) is employed to evaluate the significance of the adopted factors in a real testbed setting. The proposed approach contributes to a comprehensive measure of WWTTs through several factors, revealing its high sustainability and security in assessing the risks of cyber-physical water and wastewater systems. Full article

As the treated water from offshore oil and gas production is discharged to the surrounding sea, there is an incentive to improve the performance of the offshore produced water treatment, to reduce the environmental pollutants to the sea. Regulations determine both the maximum allowed oil concentration and the total annual quantity. It is reasonable to assume that when better separation equipment or methods are developed, the regulation will become more strict, and force other producers to follow the trend towards zero harmful discharge. This paper develops and validates a hydrocyclone model to be used as a test-bed for improved control designs. The modeling methodology uses a combination of first-principles to define model structure and data-driven parameter identification. To evaluate and validate the separation performance, real-time fluorescence-based oil-in-water (OiW) concentration monitors, with dual redundancy, are installed and used on sidestreams of a modified pilot plant. The installed monitors measure the inlet and outlet OiW concentration of the tested hydrocyclone. The proposed control-oriented hydrocyclone model proved to be a reasonable candidate for predicting the hydrocyclone separation performance. Full article

Industrial Control Systems (ICS) are used to control physical processes in critical infrastructure. These systems are used in a wide variety of operations such as water treatment, power generation and distribution, and manufacturing. While the safety and security of these systems are of serious concern, recent reports have shown an increase in targeted attacks aimed at manipulating physical processes to cause catastrophic consequences. This trend emphasizes the need for algorithms and tools that provide resilient and smart attack detection mechanisms to protect ICS. In this paper, we propose an anomaly detection framework for ICS based on a deep neural network. The proposed methodology uses dilated convolution and long short-term memory (LSTM) layers to learn temporal as well as long term dependencies within sensor and actuator data in an ICS. The sensor/actuator data are passed through a unique feature engineering pipeline where wavelet transformation is applied to the sensor signals to extract features that are fed into the model. Additionally, this paper explores four variations of supervised deep learning models, as well as an unsupervised support vector machine (SVM) model for this problem. The proposed framework is validated on Secure Water Treatment testbed results. This framework detects more attacks in a shorter period of time than previously published methods. Full article

Thermal magnetic resonance (ThermalMR) accommodates radio frequency (RF)-induced temperature modulation, thermometry, anatomic and functional imaging, and (nano)molecular probing in an integrated RF applicator. This study examines the feasibility of ThermalMR for the controlled release of a model therapeutics from thermoresponsive nanogels using a 7.0-tesla whole-body MR scanner en route to local drug-delivery-based anticancer treatments. The capacity of ThermalMR is demonstrated in a model system involving the release of fluorescein-labeled bovine serum albumin (BSA-FITC, a model therapeutic) from nanometer-scale polymeric networks. These networks contain thermoresponsive polymers that bestow environmental responsiveness to physiologically relevant changes in temperature. The release profile obtained for the reference data derived from a water bath setup used for temperature stimulation is in accordance with the release kinetics deduced from the ThermalMR setup. In conclusion, ThermalMR adds a thermal intervention dimension to an MRI device and provides an ideal testbed for the study of the temperature-induced release of drugs, magnetic resonance (MR) probes, and other agents from thermoresponsive carriers. Integrating diagnostic imaging, temperature intervention, and temperature response control, ThermalMR is conceptually appealing for the study of the role of temperature in biology and disease and for the pursuit of personalized therapeutic drug delivery approaches for better patient care. Full article

Selenium is an essential trace element but is increasingly becoming a contaminant of concern in the electric power industry due to the challenges of removing solubilized selenate anions, particularly in the presence of sulfate. In this work, we evaluate granulated layered double hydroxide (LDH) materials as sorbents for selenium removal from wastewaters obtained from a natural gas power plant with the aim to elucidate the effect of competing ions on the sorption capacities for selenium removal. We first present jar test data, followed by small-scale column testing in 0.43 inch (1.1 cm) and 2 inch (5.08 cm) diameter testbed columns for the treatment of as-obtained cooling tower blowdown waters and plant wastewaters. Finally, we present field results from a pilot-scale study evaluating the LDH media for treatment of cooling tower blowdown water. We find that despite the high levels of total dissolved solids and competing sulfate ions, the selenium oxoanions and other regulated metals such as chromium and arsenic are successfully removed using LDH media without needing any pre-treatment or pH adjustment of the wastewater. Full article

This paper presents the development of a Supervisory Control and Data Acquisition (SCADA) system testbed used for cybersecurity research. The testbed consists of a water storage tank’s control system, which is a stage in the process of water treatment and distribution. Sophisticated cyber-attacks were conducted against the testbed. During the attacks, the network traffic was captured, and features were extracted from the traffic to build a dataset for training and testing different machine learning algorithms. Five traditional machine learning algorithms were trained to detect the attacks: Random Forest, Decision Tree, Logistic Regression, Naïve Bayes and KNN. Then, the trained machine learning models were built and deployed in the network, where new tests were made using online network traffic. The performance obtained during the training and testing of the machine learning models was compared to the performance obtained during the online deployment of these models in the network. The results show the efficiency of the machine learning models in detecting the attacks in real time. The testbed provides a good understanding of the effects and consequences of attacks on real SCADA environments. Full article

Modern technology enhancements have been used worldwide to fulfill the requirements of the industrial sector, especially in supervisory control and data acquisition (SCADA) systems as a part of industrial control systems (ICS). SCADA systems have gained popularity in industrial automations due to technology enhancements and connectivity with modern computer networks and/or protocols. The procurement of new technologies has made SCADA systems important and helpful to processing in oil lines, water treatment plants, and electricity generation and control stations. On the other hand, these systems have vulnerabilities like other traditional computer networks (or systems), especially when interconnected with open platforms. Many international organizations and researchers have proposed and deployed solutions for SCADA security enhancement, but most of these have been based on node-to-node security, without emphasizing critical sessions that are linked directly with industrial processing and automation. This study concerns SCADA security measures related to critical processing with specified sessions of automated polling, analyzing cryptography mechanisms and deploying the appropriate explicit inclusive security solution in a distributed network protocol version 3 (DNP3) stack, as part of a SCADA system. The bytes flow through the DNP3 stack with security computational bytes within specified critical intervals defined for polling. We took critical processing knowledge into account when designing a SCADA/DNP3 testbed and deploying a cryptography solution that did not affect communications. Full article