epanetCPA is an open-source object-oriented MATLAB® toolbox for modelling the hydraulic response of water distribution systems to cyber-physical attacks. epanetCPA allows users to quickly design various attack scenarios and assess their impact via simulation with EPANET, a popular public-domain model for water network analysis.
If you happen to use this code for a publication, please cite the following paper which describes epanetCPA:
Taormina, R., Galelli, S., Douglas, H.C., Tippenhauer, N. O., Salomons, E., & A. Ostfeld. A toolbox for assessing the impacts of cyber-physical attacks on water distribution systems. Environmental Modelling & Software, DOI: https://doi.org/10.1016/j.envsoft.2018.11.008.
-
EPANET2.0 If you are runinng on a 32bit OS please download the EPANET2 Programmer's Toolkit from the EPA website, and substitute the epanet2.h, epanet2.lib and epanet2.dll files in your local epanetCPA folder. Compiled librarires for a 64bit machine are included in the repository. These libraries can also be found here.
-
MATLAB The toolbox has been tested on MATLAB® R2014b, and it should work for later versions. Make sure that C++ compilers (e.g. Windows SDK 7.1 for MATLAB® R2014b) are installed and interfaced with MATLAB® so that dlls can be invoked. Feedback on using epanetCPA with other versions of MATLAB is greatly appreciated. Please contact [email protected] to provide your feedback.
-
PYTHON You need PYTHON installed only if you want to employ the provided IPython (Jupyter) notebook provided here for visualizing the results. If that is the case, please install the PYTHON modules required, reported at the beginning of the notebook.
- Edit the main.m file in the repository to specify which attack scenario you want to simulate. Five different scenarios are provided in the .cpa files contained in the repository (see following section).
- Simulate the attack scenario by runinng main.m. The results are provided as one or two csv files depending on the type of attacks.
- Use the IPython notebook for visualizing the results, unless you want to do otherwise.
(Please refer to the EPANET maps in the .inp file for details on the water networks layout and control logic)
Folder scenarios/ctown/:
- scenario01.cpa Manipulation of sensor readings arriving to PLC3. The attacker shows that tank T2 is full. The PLC closes valve V2, thus preventing the flow to reach the tank and disconnecting part of the network.
- scenario02.cpa Same as scenario01 but run using the pressure driven engine to obtain more reliable results.
- scenario03.cpa The attacker modifies the control logic of PLC5 so that some of the controlled pumps (PU10, PU11) switch on/off intermittently.
- scenario04.cpa Denial-of-service of the connection link between PLC2 and PLC1. PLC1 fails to receive updated readings of T1 water level and keeps the pumps (PU1,PU2) ON. This causes a surge in the tank T1.
- scenario05.cpa Same as scenario04 but this time the attacker conceals the tanks surge from SCADA by altering the data sent by PLC2 to SCADA.
Folder scenarios/minitown/:
- minitown_attack.cpa Denial-of-service of the connection link between PLC1 and PLC2. PLC1 fails to receive updated readings of TANK water level and keeps the pumps (PUMP1,PUMP2) ON. This causes a surge in the tank TANK. The attacker conceals the tanks surge from SCADA by altering the data sent by PLC1 to SCADA.
Riccardo Taormina is the main developer of epanetCPA. The core of the pressure driven engine was developed by Hunter C. Douglas.
epanetCPA is under the MIT license. Please read it carefully before employing the toolbox.