This project demonstrates two distinct methodologies for detecting anomalies in Cyber-Physical Systems (CPS). We specifically focus on the LIT101 sensor (Water Level Indicator) measurements obtained from the Secure Water Treatment (SWaT) testbed.
For more datasets from other testbeds at iTrust, please visit: https://itrust.sutd.edu.sg/itrust-labs_datasets/
The demo explores:
- CUSUM (Cumulative Sum): A statistical control chart method used to detect small, persistent shifts in the mean of a process.
- MLP (Multi-Layer Perceptron): A Deep Learning approach that learns normal behavioral patterns of the system to flag deviations as potential security breaches.
.
├── CUSUM_demo.py # Statistical Anomaly Detection Script
├── MLP_demo.py # Deep Learning Anomaly Detection Script
├── pyproject.toml # Project metadata and dependencies (Modern PEP 621)
├── Dataset/
│ └── dataset.csv # Raw sensor data (LIT101, Valve, Pump)
├── requirements.txt # Project dependencies
└── README.md # Project documentation
- Python: 3.12.10
- Package Manager: uv (recommended) or
pip
If you have just downloaded this repository, follow these steps to set up your environment and run the anomaly detection demos.
This project requires Python 3.12.10. We recommend using uv for the fastest setup.
# Create the virtual environment
uv venv --python 3.12.10
# Activate the environment
# On macOS/Linux:
source .venv/bin/activate
# On Windows:
.venv\Scripts\activate
# Install dependencies
uv pip install -r requirements.txtNote: If you do not have uv, you can use standard pip: python -m venv .venv && source .venv/bin/activate && pip install -r requirements.txt
This script calculates baseline statistics and applies the CUSUM algorithm to detect operational shifts.
python CUSUM_demo.py- Expectation: An interactive plot showing sensor readings with red markers highlighting detected anomalies.
- Outputs: Visual results are saved to the
CUSUM_results/directory.
This script trains a neural network to predict water level readings, identifying potential attacks when predictions deviate significantly from actual values.
python MLP_demo.py- Expectation: Multiple visualizations illustrating system behavior, training convergence, and an "Attack Scenario" where the model identifies a synthetic data mutation attack.
- Outputs: Plots and the trained model (
LIT101.h5) are saved to theMLP_results/directory.
- Baseline Establishment: Utilizing historical data to define "secure" and "normal" operational states.
- Threshold Configuration: Defining safety limits and sensitivity parameters for anomaly detection.
- Attack Simulation: Demonstrating how Man-in-the-Middle (MitM) data mutation attacks can be identified through behavioral analysis.
- Reproducibility: Implementing fixed stochastic seeds (Seed 14) to ensure verifiable and consistent research results.
© 2026 iTrust SUTD. All Rights Reserved.
These scripts and materials are provided strictly for educational and research purposes. This code should not be utilized in production environments or for commercial applications without explicit authorization.
Created for MSSD Class 51.508: Secure Cyber-Physical Systems