Framework for Continuous System Security Protection in SWaT

Abstract

Researchers implemented algorithms and attack techniques in programmable logic controllers of cyber physical systems like water treatment testbeds and power testbeds. However, in a reallife water plant such methods are almost impossible to be realised because the public utility company will not risk the damages may cause to the existing system by the software changes as the plant is actively producing water for the consumers. A reduction or stoppage of water due to system modifications will affect the daily life of many people. Thus, this paper focuses on the architecture framework to generate, run, and test research techniques particularly machine learning invariants in Secure Water Treatment (SWaT) that can be used in a real-life water treatment plant through a non-intrusive method. This framework has been thoroughly tested in SWaT using single or multiple invariants. The software in this framework allows substantial code reuse of data structures and algorithms. The programs to generate, run, and test the invariants are written in Python. The supervised machine learning invariants can detect anomalies without any false alarms for continuous systems in SWaT through physical device attacks and software generated attacks. This framework is also applicable to other cyber physical systems like power and gas testbeds with certain modifications such as the access interfaces and invariant designs. The future direction of this research is to provide a wider coverage protection solution framework to detect anomalies for discrete and continuous systems in cyber physical systems.