Table of Contents
Fetching ...

A Virtual Cybersecurity Department for Securing Digital Twins in Water Distribution Systems

Mohammadhossein Homaei, Agustin Di Bartolo, Oscar Mogollon-Gutierrez, Fernando Broncano Morgado, Pablo Garcia Rodriguez

TL;DR

This paper addresses cybersecurity risks in digital-twin-enabled water distribution systems and the limited resources of SMEs. It proposes a Virtual Cybersecurity Department (VCD) that integrates open-source monitoring (Zabbix), network intrusion detection (Suricata), and automated blocking (Fail2Ban) with an OD-IDS2022-based, explainable ML intrusion detection ensemble. The framework employs edge proxies (Raspberry Pi), secure transport, and SHAP-guided explanations to deliver real-time threat detection with low resource demands. Experimental results show effective detection of scans, brute-force, and DoS attacks, achieving up to 92% accuracy with strong performance for minority attack classes. The approach offers a practical, scalable security solution for SMEs deploying water-DT systems and highlights avenues for future enhancements including LLM-assisted detection and blockchain for data integrity.

Abstract

Digital twins (DTs) help improve real-time monitoring and decision-making in water distribution systems. However, their connectivity makes them easy targets for cyberattacks such as scanning, denial-of-service (DoS), and unauthorized access. Small and medium-sized enterprises (SMEs) that manage these systems often do not have enough budget or staff to build strong cybersecurity teams. To solve this problem, we present a Virtual Cybersecurity Department (VCD), an affordable and automated framework designed for SMEs. The VCD uses open-source tools like Zabbix for real-time monitoring, Suricata for network intrusion detection, Fail2Ban to block repeated login attempts, and simple firewall settings. To improve threat detection, we also add a machine-learning-based IDS trained on the OD-IDS2022 dataset using an improved ensemble model. This model detects cyber threats such as brute-force attacks, remote code execution (RCE), and network flooding, with 92\% accuracy and fewer false alarms. Our solution gives SMEs a practical and efficient way to secure water systems using low-cost and easy-to-manage tools.

A Virtual Cybersecurity Department for Securing Digital Twins in Water Distribution Systems

TL;DR

This paper addresses cybersecurity risks in digital-twin-enabled water distribution systems and the limited resources of SMEs. It proposes a Virtual Cybersecurity Department (VCD) that integrates open-source monitoring (Zabbix), network intrusion detection (Suricata), and automated blocking (Fail2Ban) with an OD-IDS2022-based, explainable ML intrusion detection ensemble. The framework employs edge proxies (Raspberry Pi), secure transport, and SHAP-guided explanations to deliver real-time threat detection with low resource demands. Experimental results show effective detection of scans, brute-force, and DoS attacks, achieving up to 92% accuracy with strong performance for minority attack classes. The approach offers a practical, scalable security solution for SMEs deploying water-DT systems and highlights avenues for future enhancements including LLM-assisted detection and blockchain for data integrity.

Abstract

Digital twins (DTs) help improve real-time monitoring and decision-making in water distribution systems. However, their connectivity makes them easy targets for cyberattacks such as scanning, denial-of-service (DoS), and unauthorized access. Small and medium-sized enterprises (SMEs) that manage these systems often do not have enough budget or staff to build strong cybersecurity teams. To solve this problem, we present a Virtual Cybersecurity Department (VCD), an affordable and automated framework designed for SMEs. The VCD uses open-source tools like Zabbix for real-time monitoring, Suricata for network intrusion detection, Fail2Ban to block repeated login attempts, and simple firewall settings. To improve threat detection, we also add a machine-learning-based IDS trained on the OD-IDS2022 dataset using an improved ensemble model. This model detects cyber threats such as brute-force attacks, remote code execution (RCE), and network flooding, with 92\% accuracy and fewer false alarms. Our solution gives SMEs a practical and efficient way to secure water systems using low-cost and easy-to-manage tools.
Paper Structure (21 sections, 5 equations, 9 figures, 4 tables)

This paper contains 21 sections, 5 equations, 9 figures, 4 tables.

Figures (9)

  • Figure 1: DT platform in the WDS Homaei2024DTWATER
  • Figure 2: Deployment of Zabbix proxies on Raspberry Pi devices for real-time data collection from IoT meters and SCADA systems.
  • Figure 3: VCD architecture with Zabbix and ML-based IDS for DT-enabled SME water systems
  • Figure 4: logging attempt to the servers
  • Figure 5: Fail2Ban logs showing IP bans triggered by repeated failed SSH login attempts
  • ...and 4 more figures