With the advent of Industry 4.0,water treatment systems(WTSs)are recognized as typical industrial cyber-physical systems(iCPSs)that are connected to the open Internet.Advanced information technology(IT)benefits the WTS in the aspects of reliability,efficiency,and economy.However,the vulnerabilities exposed in the communication and control infrastructure on the cyber side make WTSs prone to cyber attacks.The traditional IT system oriented defense mechanisms cannot be directly applied in safety-critical WTSs because the availability and real-time requirements are of great importance.In this paper,we propose an entropy-based intrusion detection(EBID)method to thwart cyber attacks against widely used controllers(e.g.,programmable logic controllers)in WTSs to address this issue.Because of the varied WTS operating conditions,there is a high false-positive rate with a static threshold for detection.Therefore,we propose a dynamic threshold adjustment mechanism to improve the performance of EBID.To validate the performance of the proposed approaches,we built a high-fidelity WTS testbed with more than 50 measurement points.We conducted experiments under two attack scenarios with a total of 36 attacks,showing that the proposed methods achieved a detection rate of 97.22％and a false alarm rate of 1.67％.

Ke LIU;Mufeng WANG;Rongkuan MA;Zhenyong ZHANG;Qiang WEI

State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450001,China;College of Control Science and Engineering,Zhejiang University,Hangzhou 310027,China

信息与电子工程前沿（英文）

[1]Ke LIU;Mufeng WANG;Rongkuan MA;Zhenyong ZHANG;Qiang WEI-.Detection and localization of cyber attacks on water treatment systems:an entropy-based approach)[J].信息与电子工程前沿（英文）,2022(04):587-603

WTSs,iCPSs,EBID,thwart

Detection,localization,cyber,attacks,water,treatment,systems,entropy,With,advent,Industry,are,recognized,typical,industrial,physical,that,connected,open,Internet,Advanced,information,technology,IT,benefits,aspects,reliability,efficiency,economy,However,vulnerabilities,exposed,communication,infrastructure,side,make,prone,traditional,oriented,defense,mechanisms,cannot,directly,applied,safety,critical,because,availability,real,requirements,great,importance,this,paper,intrusion,detection,against,widely,used,controllers,programmable,logic,address,issue,Because,varied,operating,conditions,there,high,false,positive,rate,static,threshold,Therefore,dynamic,adjustment,improve,performance,To,validate,proposed,approaches,built,fidelity,testbed,more,than,measurement,points,We,conducted,experiments,under,two,scenarios,total,showing,methods,achieved,alarm

0.540092