Abstract
When a complex cyber-physical infrastructure is attacked, operators need to isolate the attack location. Since sensors and actuators are physically intertwined in such structures, operators must be able to separate incoming status data to isolate the precise location of the cyberattack. We let several unsupervised algorithms compete and analyze the extent to which they can provide fast and efficient analysis in order to support operators with this task, using data from the Secure Water Treatment testbed (SWaT), an experimental infrastructure in Singapore that allows us to simulate the behavior of large infrastructure systems. We find that the k-Shape algorithm performs best. This result suggests that unsupervised algorithms can support human operators efficiently even in critical infrastructures with complex sensor data time series.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aghabozorgi, S., Shirkhorshidi, A., & Wah, T. Y. (2015). Time-series clustering - A decade review. Information Systems, 53, 16–38.
Aghabozorgi S, Wah TY, Herawan T, Jalab H, Shayegan M, Jalali A (2014) A hybrid algorithm for clustering of time series data based on affinity search technique. The Scientific World Journal, 562194.
Ahmed, C. M., & Zhou, J. (2021). Bank of models: Sensor attack detection and isolation in industrial control systems. In D. Percia David, A. Mermoud, & T. Maillart (Eds.), Critical Information Infrastructures Security (pp. 3–23). Springer LNCS: Berlin, Heidelberg.
Amigó, E., Gonzalo, J., Artiles, J., & Verdejo, F. (2009). A comparison of extrinsic clustering evaluation metrics based on formal constraints. Information Retrieval, 12, 461–486.
Bagnall, A., Dau, H. A., Lines, J., Flynn, M., Large, J., Bostrom, A., Southam, P., & Keogh, E. (2018). The UEA multivariate time series classification archive. arXiv:1811.00075
Balaji, M., Shrivastava, S., Adepu, S., & Mathur, A. (2021). Super Detector: An ensemble approach for anomaly detection in industrial control systems. In D. Percia David, A. Mermoud, & T. Maillart (Eds.), Critical Information Infrastructures Security (pp. 24–43). Springer LNCS: Berlin, Heidelberg.
Batista, G., Keogh, E., Moses Tataw, O., & de Souza, V. (2014). CID: An efficient complexity-invariant distance for time series. Data Mining and Knowledge Discovery, 28, 634–669.
Dau, H. A., Bagnall, A., Kamgar, K., Yeh, C. C., Zhu, Y., Gharghabi, S., & Ratanamahatana CAm Keogh E. (2018). The UCR time series archive. arXiv:1810.07758
Ding, H., Trajcevski, G., Scheuermann, P., Wang, X., & Keogh, E. (2008). Querying and mining of time series data: Experimental comparison of representations and distance measures. Proceedings of the VLDB Endowment, 1(2), 1542–1552.
Goh, J., Adepu, S., Junejo, K. N., & Mathur, A. (2017). A dataset to support research in the design of secure water treatment systems. In G. Havarneanu, R. Setola, H. Nassopoulos, & S. Wolthusen (Eds.), Critical Information Infrastructures Security (pp. 88–99). Berlin, Heidelberg: Springer LNCS.
Inoue, J., Yamagata, Y., Chen, Y., Poskitt, C. M., & Sun, J. (2017). Anomaly detection for a water treatment system using unsupervised machine learning. In Proceedings of the 2017 IEEE International Conference on Data Mining Workshops (ICDMW), pp. 1058–1065.
Junejo, K. N., Goh, J. (2016). Behaviour-based attack detection and classification in cyber physical systems using machine learning. In Proceedings of the 2nd ACM International Workshop on Cyber-Physical System Security, pp. 34–43.
Keogh, E., & Kasetty, S. (2003). On the need for time series data mining benchmarks: A survey and empirical demonstration. Data Mining and Knowledge Discovery, 7(4), 349–371.
Keogh, E., & Pazzani, M. (2000). A simple dimensionality reduction technique for fast similarity search in large time series databases. In T. Terano, H. Liu, & A. Chen (Eds.), Knowledge Discovery and Data Mining (pp. 122–133). Berlin, Heidelberg: Springer.
Kravchik, M., & Shabtai, A. (2018). Detecting cyber attacks in industrial control systems using convolutional neural networks. In Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy, pp. 72–83.
Li, D., Chen, D., Jin, B., Shi, L., Goh, J., & Ng, S. K. (2019). MAD-GAN: Multivariate anomaly detection for time series data with generative adversarial networks. In I. V. Tetko, V. Kůrková, P. Karpov, & F. Theis (Eds.), Artificial neural networks and machine learning - ICANN 2019: Text and time series (pp. 703–716). Berlin, Heidelberg: Springer LNCS.
Mathur, A., & Tippenhauer, N. (2016). SWaT: A water treatment testbed for research and training on ICS security. In Proceedings of the 2016 International Workshop on Cyber-physical Systems for Smart Water Networks (CySWater), pp. 31–36.
Paparrizos, J., & Gravano, L. (2016). k-Shape: Efficient and accurate clustering of time series. ACM SIGMOD Record, 45(1), 69–76.
Perales Gómez, A. L., Fernández Maimó, L., Huertas Celdrán, A., & GarcÃa Clemente, F. J. (2020). MADICS: A methodology for anomaly detection in industrial control systems. Symmetry, 12(10), 1583.
Qureshi, M., Al-Madani, B., & Shawahna, A. (2019). Anomaly detection for industrial control networks using machine learning with the help from the inter-arrival curves. arXiv:1911.05692
Yang, T., Murguia, C., Kuijper, M., & Nešić, D. (2019). An unknown input multi-observer approach for estimation, attack isolation, and control of LTI systems under actuator attacks. In Proceedings of the 18th European Control Conference (ECC), pp. 4350–4355.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Su, K., Ahmed, C.M., Zhou, J. (2023). Unsupervised Attack Isolation in Cyber-physical Systems: A Competitive Test of Clustering Algorithms. In: Keupp, M.M. (eds) Cyberdefense. International Series in Operations Research & Management Science, vol 342. Springer, Cham. https://doi.org/10.1007/978-3-031-30191-9_3
Download citation
DOI: https://doi.org/10.1007/978-3-031-30191-9_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-30190-2
Online ISBN: 978-3-031-30191-9
eBook Packages: Business and ManagementBusiness and Management (R0)