Skip to main content

Detection and localization of cyber attacks on water treatment systems: an entropy-based approach



With the advent of Industry 4.0, water treatment systems (WTSs) are recognized as typical industrial cyber-physical systems (iCPSs) that are connected to the open Internet. Advanced information technology (IT) benefits the WTS in the aspects of reliability, efficiency, and economy. However, the vulnerabilities exposed in the communication and control infrastructure on the cyber side make WTSs prone to cyber attacks. The traditional IT system oriented defense mechanisms cannot be directly applied in safety-critical WTSs because the availability and real-time requirements are of great importance. In this paper, we propose an entropy-based intrusion detection (EBID) method to thwart cyber attacks against widely used controllers (e.g., programmable logic controllers) in WTSs to address this issue. Because of the varied WTS operating conditions, there is a high false-positive rate with a static threshold for detection. Therefore, we propose a dynamic threshold adjustment mechanism to improve the performance of EBID. To validate the performance of the proposed approaches, we built a high-fidelity WTS testbed with more than 50 measurement points. We conducted experiments under two attack scenarios with a total of 36 attacks, showing that the proposed methods achieved a detection rate of 97.22% and a false alarm rate of 1.67%.


随着工业4.0的发展, 水处理系统作为一种典型工业信息物理系统逐渐接入互联网。先进的信息技术使水处理系统在可靠性、效率和经济性方面受益。然而, 网络和基础设施中潜在的漏洞使水处理系统很容易遭受网络攻击。由于水处理系统对于实时性和可用性的严苛要求, 传统的面向信息系统的防御机制无法直接应用于水处理系统。本文提出一种基于熵的入侵检测方法来抵御针对系统中控制器(如可编程逻辑控制器)的攻击。由于水处理系统运行条件的变化, 在模型采用静态阈值进行检测时会产生较高误报率。因此本文提出一种动态阈值调整机制来提高所提方法的检测性能。为验证所提方法, 我们建立了一个包含超过50个测量点的高保真水处理系统测试平台。在两种攻击场景下进行实验, 共涵盖了36次攻击。结果表明, 所提方法能够实现97.22%的检测率和1.67%的误报率。

This is a preview of subscription content, access via your institution.


Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Qiang Wei  (魏强).

Additional information

Project supported by the National Natural Science Foundation of China (No. 61833015)


Ke LIU and Mufeng WANG designed the research. Qiang WEI helped design the research. Ke LIU processed the data. Ke LIU and Mufeng WANG drafted the paper. Rongkuan MA, Zhenyong ZHANG, and Qiang WEI helped organize the paper. Ke LIU and Mufeng WANG revised and finalized the paper.

Compliance with ethics guidelines

Ke LIU, Mufeng WANG, Rongkuan MA, Zhenyong ZHANG, and Qiang WEI declare that they have no conflict of interest.

Rights and permissions

Reprints and Permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Liu, K., Wang, M., Ma, R. et al. Detection and localization of cyber attacks on water treatment systems: an entropy-based approach. Front Inform Technol Electron Eng 23, 587–603 (2022).

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI:

Key words

CLC number