Cyberattack Detection using Deep Generative Models with Variational Inference

Recent years have witnessed a rise in the frequency and intensity of cyberattacks targeted at critical infrastructure systems. This study designs a versatile, data-driven cyberattack detection platform for infrastructure systems cybersecurity, with a special demonstration in water sector. A deep generative model with variational inference autonomously learns normal system behavior and detects attacks as they occur. The model can process the natural data in its raw form and automatically discover and learn its representations, hence augmenting system knowledge discovery and reducing the need for laborious human engineering and domain expertise. The proposed model is applied to a simulated cyberattack detection problem involving a drinking water distribution system subject to programmable logic controller hacks, malicious actuator activation, and deception attacks. The model is only provided with observations of the system, such as pump pressure and tank water level reads, and is blind to the internal structures and workings of the water distribution system. The simulated attacks are manifested in the model's generated reproduction probability plot, indicating its ability to discern the attacks. There is, however, need for improvements in reducing false alarms, especially by optimizing detection thresholds. Altogether, the results indicate ability of the model in distinguishing attacks and their repercussions from normal system operation in water distribution systems, and the promise it holds for cyberattack detection in other domains.

An Agent-based Modeling Framework for Sociotechnical Simulation of Water Distribution Contamination Events

In the event that a bacteriological or chemical toxin is intro- duced to a water distribution network, a large population of consumers may become exposed to the contaminant. A contamination event may be poorly predictable dynamic process due to the interactions of consumers and utility managers during an event. Consumers that become aware of a threat may select protective actions that change their water demands from typical demand patterns, and new hydraulic conditions can arise that differ from conditions that are predicted when demands are considered as exogenous inputs. Consequently, the movement of the contaminant plume in the pipe network may shift from its expected trajectory. A sociotechnical model is developed here to integrate agent-based models of consumers with an engineering water distribution system model and capture the dynamics between consumer behaviors and the water distribution system for predicting contaminant transport and public exposure. Consumers are simulated as agents with behaviors defined for water use activities, mobility, word-of-mouth communication, and demand reduction, based on a set of rules representing an agents autonomy and reaction to health impacts, the environment, and the actions of other agents. As consumers decrease their water use, the demand exerted on the water distribution system is updated; as the flow directions and volumes shift in response, the location of the contaminant plume is updated and the amount of contaminant consumed by each agent is calculated. The framework is tested through simulating realistic contamination scenarios for a virtual city and water distribution system.