Can replay attacks designed to steal water from water distribution systems remain undetected?

Venkata Reddy Palleti, Vishrut Kumar Mishra, Chuadhry Mujeeb Ahmed, Aditya Mathur

Research output: Contribution to journalArticlepeer-review

6 Citations (Scopus)
13 Downloads (Pure)


Industrial Control Systems (ICS) monitor and control physical processes. ICS are found in, among others, critical infrastructures such as water treatment plants, water distribution systems, and the electric power grid. While the existence of cyber-components in an ICS leads to ease of operations and maintenance, it renders the system under control vulnerable to cyber and physical attacks. An experimental study was conducted with replay attacks launched on an operational water distribution (WADI) plant to understand under what conditions an attacker/attack can remain undetected while stealing water. A detection method, based on an input-output Linear Time-invariant system model of the physical process, was developed and implemented in WADI to detect such attacks. The experiments reveal the strengths and limitations of the detection method and challenges faced by an attacker while attempting to steal water from a water distribution system.

Original languageEnglish
Article number9
Number of pages19
JournalACM Transactions on Cyber-Physical Systems
Issue number1
Early online date17 Dec 2020
Publication statusPublished - 31 Jan 2021


  • industrial control systems
  • model-based attack detection
  • replay attack
  • water distribution systems
  • water leak


Dive into the research topics of 'Can replay attacks designed to steal water from water distribution systems remain undetected?'. Together they form a unique fingerprint.

Cite this