Detecting cyber-physical attacks in water distribution systems: one-class classifier approach

Noy Kadosh, Alex Frid, Mashor Housh

Research output: Contribution to journalArticlepeer-review


Water distribution systems (WDSs) are critical infrastructures that supply drinking water from water sources to end-users. Smart WDSs could be designed by integrating physical components (e.g., valve and pumps) with computation and networking devices. As such, in smart WDSs, pumps and valves are automatically controlled together with continuous monitoring of important systems' parameters. However, despite its advantage of improved efficacy, automated control and operation through a cyber-layer can expose the system to cyber-physical attacks. The one-class classification technique is proposed to detect such attacks by analyzing collected sensors' readings from the system components. One-class classifiers have been found suitable for classifying normal and abnormal conditions with unbalanced datasets, which are expected in the cyber-attack detection problem. In the cyber-attack detection problem, typically, most of the data samples are under the normal state, while only a small fraction of the samples can be suspected as under attack (i.e., abnormal state). The results of this study demonstrate that one-class classification algorithms can be suitable for the cyber-attack detection problem and can compete with existing approaches. More specifically, this study examines the support vector data description (SVDD) method together with a tailored features selection methodology, which is based on the physical understanding of the WDS topology. The developed algorithm is examined on the Battle of the Attack Detection Algorithms (BATADAL) datasets that demonstrate a quasi-realistic case study and on a new case study of a large-scale WDS.

Original languageEnglish
Article number04020060-1
Pages (from-to)1-13
JournalJournal of Water Resources Planning and Management - ASCE
Issue number8
StatePublished - 1 Aug 2020

Bibliographical note

Funding Information:
This research was made possible by the financial support of the Israeli Water Authority and the Center for Cyber Law & Policy at the University of Haifa in conjunction with the Israel National Cyber Directorate in the Prime Minister’s Office. We would like also to thank Mr. Elad Salomons and the anonymous reviewers for their helpful comments and suggestions.

Publisher Copyright:
© 2020 American Society of Civil Engineers.


  • Anomaly detection
  • Cyber-attack detection
  • One-class classification
  • Water distribution systems

ASJC Scopus subject areas

  • Civil and Structural Engineering
  • Geography, Planning and Development
  • Water Science and Technology
  • Management, Monitoring, Policy and Law


Dive into the research topics of 'Detecting cyber-physical attacks in water distribution systems: one-class classifier approach'. Together they form a unique fingerprint.

Cite this