Skip to main content
SpringerLink
Log in

Unsupervised Attack Isolation in Cyber-physical Systems: A Competitive Test of Clustering Algorithms

  • Chapter
  • First Online:
Cyberdefense

Part of the book series: International Series in Operations Research & Management Science ((ISOR,volume 342))

  • 174 Accesses

Abstract

When a complex cyber-physical infrastructure is attacked, operators need to isolate the attack location. Since sensors and actuators are physically intertwined in such structures, operators must be able to separate incoming status data to isolate the precise location of the cyberattack. We let several unsupervised algorithms compete and analyze the extent to which they can provide fast and efficient analysis in order to support operators with this task, using data from the Secure Water Treatment testbed (SWaT), an experimental infrastructure in Singapore that allows us to simulate the behavior of large infrastructure systems. We find that the k-Shape algorithm performs best. This result suggests that unsupervised algorithms can support human operators efficiently even in critical infrastructures with complex sensor data time series.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Aghabozorgi, S., Shirkhorshidi, A., & Wah, T. Y. (2015). Time-series clustering - A decade review. Information Systems, 53, 16–38.

    Article  Google Scholar 

  2. Aghabozorgi S, Wah TY, Herawan T, Jalab H, Shayegan M, Jalali A (2014) A hybrid algorithm for clustering of time series data based on affinity search technique. The Scientific World Journal, 562194.

    Google Scholar 

  3. Ahmed, C. M., & Zhou, J. (2021). Bank of models: Sensor attack detection and isolation in industrial control systems. In D. Percia David, A. Mermoud, & T. Maillart (Eds.), Critical Information Infrastructures Security (pp. 3–23). Springer LNCS: Berlin, Heidelberg.

    Google Scholar 

  4. Amigó, E., Gonzalo, J., Artiles, J., & Verdejo, F. (2009). A comparison of extrinsic clustering evaluation metrics based on formal constraints. Information Retrieval, 12, 461–486.

    Article  Google Scholar 

  5. Bagnall, A., Dau, H. A., Lines, J., Flynn, M., Large, J., Bostrom, A., Southam, P., & Keogh, E. (2018). The UEA multivariate time series classification archive. arXiv:1811.00075

  6. Balaji, M., Shrivastava, S., Adepu, S., & Mathur, A. (2021). Super Detector: An ensemble approach for anomaly detection in industrial control systems. In D. Percia David, A. Mermoud, & T. Maillart (Eds.), Critical Information Infrastructures Security (pp. 24–43). Springer LNCS: Berlin, Heidelberg.

    Google Scholar 

  7. Batista, G., Keogh, E., Moses Tataw, O., & de Souza, V. (2014). CID: An efficient complexity-invariant distance for time series. Data Mining and Knowledge Discovery, 28, 634–669.

    Article  Google Scholar 

  8. Dau, H. A., Bagnall, A., Kamgar, K., Yeh, C. C., Zhu, Y., Gharghabi, S., & Ratanamahatana CAm Keogh E. (2018). The UCR time series archive. arXiv:1810.07758

  9. Ding, H., Trajcevski, G., Scheuermann, P., Wang, X., & Keogh, E. (2008). Querying and mining of time series data: Experimental comparison of representations and distance measures. Proceedings of the VLDB Endowment, 1(2), 1542–1552.

    Article  Google Scholar 

  10. Goh, J., Adepu, S., Junejo, K. N., & Mathur, A. (2017). A dataset to support research in the design of secure water treatment systems. In G. Havarneanu, R. Setola, H. Nassopoulos, & S. Wolthusen (Eds.), Critical Information Infrastructures Security (pp. 88–99). Berlin, Heidelberg: Springer LNCS.

    Google Scholar 

  11. Inoue, J., Yamagata, Y., Chen, Y., Poskitt, C. M., & Sun, J. (2017). Anomaly detection for a water treatment system using unsupervised machine learning. In Proceedings of the 2017 IEEE International Conference on Data Mining Workshops (ICDMW), pp. 1058–1065.

    Google Scholar 

  12. Junejo, K. N., Goh, J. (2016). Behaviour-based attack detection and classification in cyber physical systems using machine learning. In Proceedings of the 2nd ACM International Workshop on Cyber-Physical System Security, pp. 34–43.

    Google Scholar 

  13. Keogh, E., & Kasetty, S. (2003). On the need for time series data mining benchmarks: A survey and empirical demonstration. Data Mining and Knowledge Discovery, 7(4), 349–371.

    Article  Google Scholar 

  14. Keogh, E., & Pazzani, M. (2000). A simple dimensionality reduction technique for fast similarity search in large time series databases. In T. Terano, H. Liu, & A. Chen (Eds.), Knowledge Discovery and Data Mining (pp. 122–133). Berlin, Heidelberg: Springer.

    Google Scholar 

  15. Kravchik, M., & Shabtai, A. (2018). Detecting cyber attacks in industrial control systems using convolutional neural networks. In Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy, pp. 72–83.

    Google Scholar 

  16. Li, D., Chen, D., Jin, B., Shi, L., Goh, J., & Ng, S. K. (2019). MAD-GAN: Multivariate anomaly detection for time series data with generative adversarial networks. In I. V. Tetko, V. Kůrková, P. Karpov, & F. Theis (Eds.), Artificial neural networks and machine learning - ICANN 2019: Text and time series (pp. 703–716). Berlin, Heidelberg: Springer LNCS.

    Google Scholar 

  17. Mathur, A., & Tippenhauer, N. (2016). SWaT: A water treatment testbed for research and training on ICS security. In Proceedings of the 2016 International Workshop on Cyber-physical Systems for Smart Water Networks (CySWater), pp. 31–36.

    Google Scholar 

  18. Paparrizos, J., & Gravano, L. (2016). k-Shape: Efficient and accurate clustering of time series. ACM SIGMOD Record, 45(1), 69–76.

    Article  Google Scholar 

  19. Perales Gómez, A. L., Fernández Maimó, L., Huertas Celdrán, A., & García Clemente, F. J. (2020). MADICS: A methodology for anomaly detection in industrial control systems. Symmetry, 12(10), 1583.

    Article  Google Scholar 

  20. Qureshi, M., Al-Madani, B., & Shawahna, A. (2019). Anomaly detection for industrial control networks using machine learning with the help from the inter-arrival curves. arXiv:1911.05692

  21. Yang, T., Murguia, C., Kuijper, M., & Nešić, D. (2019). An unknown input multi-observer approach for estimation, attack isolation, and control of LTI systems under actuator attacks. In Proceedings of the 18th European Control Conference (ECC), pp. 4350–4355.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Singapore University of Technology and Design, Singapore, Singapore

    KuiZhen Su & Jianying Zhou

  2. Computer and Information Sciences Department, University of Strathclyde, Glasgow, UK

    Chuadhry Mujeeb Ahmed

Authors
  1. KuiZhen Su
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chuadhry Mujeeb Ahmed
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jianying Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to KuiZhen Su .

Editor information

Editors and Affiliations

  1. Department Head, Department of Defense Economics, Military Academy at the Swiss Federal Institute of Technology, Zurich, Switzerland

    Marcus Matthias Keupp

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Su, K., Ahmed, C.M., Zhou, J. (2023). Unsupervised Attack Isolation in Cyber-physical Systems: A Competitive Test of Clustering Algorithms. In: Keupp, M.M. (eds) Cyberdefense. International Series in Operations Research & Management Science, vol 342. Springer, Cham. https://doi.org/10.1007/978-3-031-30191-9_3

Download citation

Publish with us

Policies and ethics

Search

Navigation