Comparison of Design-Centric and Data-Centric Methods for Distributed Attack Detection in Cyber-Physical Systems


Cyber-physical systems are vulnerable to a variety of cyber, physical and cyber-physical attacks. The security of cyber-physical systems can be enhanced beyond what can be achieved through firewalls and trusted components by building trust from observed and/or expected behaviors. These behaviors can be encoded as invariants. Information flows that do not satisfy the invariants are used to identify and isolate malfunctioning devices and cyber intrusions. However, the distributed architectures of cyber-physical systems often contain multiple access points that are physically and/or digitally linked. Thus, invariants may be difficult to determine and/or computationally prohibitive to check in real time. Researchers have employed various methods for determining the invariants by analyzing the designs of and/or data generated by cyber-physical systems such as water treatment plants and electric power grids. This chapter compares the effectiveness of detecting attacks on a water treatment plant using design-centric invariants versus data-centric rules, the latter generated using a variety of data mining methods. The methods are compared based on the maximization of true positives and minimization of false positives.

Meeting Name

IFIP Advances in Information and Communication Technology


Computer Science


National Science Foundation, Grant CNS-1837472

Keywords and Phrases

Cyber-physical attacks; data mining; invariants; water treatment plant

International Standard Book Number (ISBN)


International Standard Serial Number (ISSN)

1868-4238; 1868-422X

Document Type

Article - Conference proceedings

Document Version


File Type





© 2020 Springer Verlag, All rights reserved.

Publication Date

01 Jan 2020