Combined anomaly detection framework for digital twins of water treatment facilities
Digital twins of cyber‐physical systems with automated process control systems using programmable logic controllers (PLCs) are increasingly popular nowadays. At the same time, cyber-physical security is also a growing concern with system connectivity. This study develops a combined anomaly detection...
Saved in:
| Main Authors: | , , , |
|---|---|
| Other Authors: | |
| Format: | Article |
| Language: | English |
| Published: |
2022
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/160609 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | Digital twins of cyber‐physical systems with automated process control systems using programmable logic controllers (PLCs) are increasingly popular nowadays. At the same time, cyber-physical security is also a growing concern with system connectivity. This study develops a combined anomaly detection framework (CADF) against various types of security attacks on the digital twin of process control in water treatment facilities. CADF utilizes the PLC‐based whitelist system to detect anomalies that target the actuators and the deep learning approach of natural gradient boosting (NGBoost) and probabilistic assessment to detect anomalies that target the sensors. The effectiveness of CADF is verified using a physical facility for water treatment with membrane processes called the Secure Water Treatment (SWaT) system in the Singapore University of Technology and Design. Various attack scenarios are tested in SWaT by falsifying the reported values of sensors and actuators in the digital twin process. These scenarios include both trivial attacks, which are commonly studied, as well as non‐trivial (i.e., sophisticated) attacks, which are rarely reported. The results show that CADF performs very well with good detection accuracy in all scenarios, and par-ticularly, it is able to detect all sophisticated attacks while ongoing before they can induce damage to the water treatment facility. CADF can be further extended to other cyber‐physical systems in the future. |
|---|