Enhancing Network Security Management in Water Systems using FM-based Attack Attribution
- URL: http://arxiv.org/abs/2503.01229v1
- Date: Mon, 03 Mar 2025 06:52:00 GMT
- Title: Enhancing Network Security Management in Water Systems using FM-based Attack Attribution
- Authors: Aleksandar Avdalovic, Joseph Khoury, Ahmad Taha, Elias Bou-Harb,
- Abstract summary: We propose a novel model-agnostic Factorization Machines (FM)-based approach that capitalizes on water system sensor-actuator interactions to provide granular explanations and attributions for cyber attacks.<n>In multi-feature cyber attack scenarios involving intricate sensor-actuator interactions, our FM-based attack attribution method effectively ranks attack root causes, achieving approximately 20% average improvement over SHAP and LEMNA.
- Score: 43.48086726793515
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Water systems are vital components of modern infrastructure, yet they are increasingly susceptible to sophisticated cyber attacks with potentially dire consequences on public health and safety. While state-of-the-art machine learning techniques effectively detect anomalies, contemporary model-agnostic attack attribution methods using LIME, SHAP, and LEMNA are deemed impractical for large-scale, interdependent water systems. This is due to the intricate interconnectivity and dynamic interactions that define these complex environments. Such methods primarily emphasize individual feature importance while falling short of addressing the crucial sensor-actuator interactions in water systems, which limits their effectiveness in identifying root cause attacks. To this end, we propose a novel model-agnostic Factorization Machines (FM)-based approach that capitalizes on water system sensor-actuator interactions to provide granular explanations and attributions for cyber attacks. For instance, an anomaly in an actuator pump activity can be attributed to a top root cause attack candidates, a list of water pressure sensors, which is derived from the underlying linear and quadratic effects captured by our approach. We validate our method using two real-world water system specific datasets, SWaT and WADI, demonstrating its superior performance over traditional attribution methods. In multi-feature cyber attack scenarios involving intricate sensor-actuator interactions, our FM-based attack attribution method effectively ranks attack root causes, achieving approximately 20% average improvement over SHAP and LEMNA.
Related papers
- Breaking the Flow and the Bank: Stealthy Cyberattacks on Water Network Hydraulics [3.360922672565235]
Stealthy False Data Injection Attacks (SFDIAs) can compromise system operations while avoiding detection.
This paper presents a systematic analysis of sensor attacks against water distribution networks (WDNs)
We propose several attack formulations that range from tailored strategies satisfying both physical and detection constraints to simpler measurement manipulations.
arXiv Detail & Related papers (2025-04-24T02:54:20Z) - Hybrid Temporal Differential Consistency Autoencoder for Efficient and Sustainable Anomaly Detection in Cyber-Physical Systems [0.0]
Cyberattacks on critical infrastructure, particularly water distribution systems, have increased due to rapid digitalization.
This study addresses key challenges in anomaly detection by leveraging time correlations in sensor data.
We propose a hybrid autoencoder-based approach, referred to as hybrid TDC-AE, which extends TDC by incorporating both deterministic nodes and conventional statistical nodes.
arXiv Detail & Related papers (2025-04-08T09:22:44Z) - Defense against Joint Poison and Evasion Attacks: A Case Study of DERMS [2.632261166782093]
We propose the first framework of IDS that is robust against joint poisoning and evasion attacks.
We verify the robustness of our method on the IEEE-13 bus feeder model against a diverse set of poisoning and evasion attack scenarios.
arXiv Detail & Related papers (2024-05-05T16:24:30Z) - Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS)
FLEKD enables a more flexible aggregation method than conventional model fusion techniques.
Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
arXiv Detail & Related papers (2024-01-22T14:16:37Z) - AI-Based Energy Transportation Safety: Pipeline Radial Threat Estimation
Using Intelligent Sensing System [52.93806509364342]
This paper proposes a radial threat estimation method for energy pipelines based on distributed optical fiber sensing technology.
We introduce a continuous multi-view and multi-domain feature fusion methodology to extract comprehensive signal features.
We incorporate the concept of transfer learning through a pre-trained model, enhancing both recognition accuracy and training efficiency.
arXiv Detail & Related papers (2023-12-18T12:37:35Z) - Adversarial Attacks on Leakage Detectors in Water Distribution Networks [6.125017875330933]
We propose a taxonomy for adversarial attacks against machine learning based leakage detectors in water distribution networks.
Based on a mathematical formalization of the least sensitive point problem, we use three different algorithmic approaches to find a solution.
arXiv Detail & Related papers (2023-05-25T12:05:18Z) - A Human-in-the-Middle Attack against Object Detection Systems [4.764637544913963]
We propose a novel hardware attack inspired by Man-in-the-Middle attacks in cryptography.
This attack generates a Universal Adversarial Perturbations (UAP) and injects the perturbation between the USB camera and the detection system.
These findings raise serious concerns for applications of deep learning models in safety-critical systems, such as autonomous driving.
arXiv Detail & Related papers (2022-08-15T13:21:41Z) - EPASAD: Ellipsoid decision boundary based Process-Aware Stealthy Attack
Detector [9.002791610276834]
We present EPASAD, which improves the detection technique used in PASAD to detect micro-stealthy attacks.
Our method EPASAD overcomes this by using Ellipsoid boundaries, thereby tightening the boundaries in various dimensions.
The results show that EPASAD improves PASAD's average recall by 5.8% and 9.5% for the two datasets.
arXiv Detail & Related papers (2022-04-08T16:06:10Z) - Invisible for both Camera and LiDAR: Security of Multi-Sensor Fusion
based Perception in Autonomous Driving Under Physical-World Attacks [62.923992740383966]
We present the first study of security issues of MSF-based perception in AD systems.
We generate a physically-realizable, adversarial 3D-printed object that misleads an AD system to fail in detecting it and thus crash into it.
Our results show that the attack achieves over 90% success rate across different object types and MSF.
arXiv Detail & Related papers (2021-06-17T05:11:07Z) - Learning-Based Vulnerability Analysis of Cyber-Physical Systems [10.066594071800337]
This work focuses on the use of deep learning for vulnerability analysis of cyber-physical systems.
We consider a control architecture widely used in CPS (e.g., robotics) where the low-level control is based on e.g., the extended Kalman filter (EKF) and an anomaly detector.
To facilitate analyzing the impact potential sensing attacks could have, our objective is to develop learning-enabled attack generators.
arXiv Detail & Related papers (2021-03-10T06:52:26Z) - Towards robust sensing for Autonomous Vehicles: An adversarial
perspective [82.83630604517249]
It is of primary importance that the resulting decisions are robust to perturbations.
Adversarial perturbations are purposefully crafted alterations of the environment or of the sensory measurements.
A careful evaluation of the vulnerabilities of their sensing system(s) is necessary in order to build and deploy safer systems.
arXiv Detail & Related papers (2020-07-14T05:25:15Z) - Adversarial vs behavioural-based defensive AI with joint, continual and
active learning: automated evaluation of robustness to deception, poisoning
and concept drift [62.997667081978825]
Recent advancements in Artificial Intelligence (AI) have brought new capabilities to behavioural analysis (UEBA) for cyber-security.
In this paper, we present a solution to effectively mitigate this attack by improving the detection process and efficiently leveraging human expertise.
arXiv Detail & Related papers (2020-01-13T13:54:36Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.