Visualization Assisted Approach to Anomaly and Attack Detection in Water Treatment Systems

The specificity of the water treatment field, associated with water transmission, distribution and accounting, as well as the need to use automation and intelligent tools for various information solutions and security tools, have resulted in the development of integrated approaches and practical solutions regarding various aspects of the functioning of such systems. The research problem lies in the insecurity of water treatment systems and their susceptibility to malicious influences from the side of potential intruders trying to compromise the functioning. To obtain initial data needed for assessing the states of a water treatment system, the authors have developed a case study presenting a combination of a physical model and a software simulator. The methodology proposed in the article includes combining methods of machine learning and visual data analysis to improve the detection of attacks and anomalies in water treatment systems. The selection of the methods and tuning of their modes and parameters made it possible to build a mechanism for efficient detection of attacks in data from sensors with accuracy values above 0.95 for each class of attack and mixed data. In addition, Change_Measure metric parameters were selected to ensure the detection of attacks and anomalies by using visual data analysis. The combined method allows identifying points when the functioning of the system changes, which could be used as a trigger to start resource-intensive procedures of manual and/or machine-assisted checking of the system state on the basis of the available machine learning models that involve processing big data arrays.

Automated summary

The specificity of the water treatment field has led to the development of integrated approaches and practical solutions to improve the security and accuracy of the systems. The research problem lies in the insecurity of water treatment systems, and the authors have used a combination of a physical model and a software simulator to obtain initial data and improve the detection of attacks and anomalies through machine learning and visual data analysis methods.