ASC 53 - Security Issues in Drinking Water Distribution ... - Springer Link
Security Issues in Drinking Water Distribution Networks Demetrios G. Eliades and Marios M. Polycarpou* KIOS Research Center for Intelligent Systems and Networks Dept. of Electrical and Computer Engineering University of Cyprus, CY-1678 Nicosia, Cyprus {eldemet,mpolycar}@ucy.ac.cy
Abstract. This paper formulates the security problem of sensor placement in water distribution networks for contaminant detection. An initial attempt to develop a problem formulation is presented, suitable for mathematical analysis and design. Multiple risk-related objectives are minimized in order to compute the Pareto front of a set of possible solutions; the considered objectives are the contamination impact average, worst-case and worst-cases average. A multiobjective optimization methodology suitable for considering more that one objective function is examined and solved using a multiple-objective evolutionary algorithm. Keywords: contamination, water distribution, sensor placement, multi-objective optimization, security of water systems.
1
Introduction
A drinking water distribution network is the infrastructure which facilitates delivery of water to consumers. It is comprised of pipes which are connected to other pipes at junctions or connected to tanks and reservoirs. Junctions represent points in the network where pipes are connected, with inflows and outflows. Each junction is assumed to serve a number of consumers whose aggregated water demands are the junction’s demand outflow. Reservoirs (such as lakes, rivers etc.) are assumed to have infinite water capacity which they outflow to the distribution network. Tanks are dynamic elements with finite capacity that fill, store and return water back to the network. Valves are usually installed to some of the pipes in order to adjust flow, pressure, or to close part of the network if necessary. Water quality monitoring in distribution networks involves manual sampling or placing sensors at various locations to determine the chemical concentrations of various species such as disinfectants (e.g. chlorine) or for various contaminants that can be harmful to the consumers. Distribution networks are susceptible to intrusions due to their open and uncontrolled nature. Accidental faults or intentional actions could cause a contamination, that may affect significantly the health and economic activities of a city. Contaminants are substances, usually chemical, biological or radioactive, which travel along the water flow, and may exhibit decay or growth dynamics. The concentration dynamics of a substance in a water pipe can be modelled by the first-order hyperbolic *
This work is partially supported by the Research Promotion Foundation (Cyprus) and the University of Cyprus.
E. Corchado et al. (Eds.): CISIS 2008, ASC 53, pp. 69–76, 2009. springerlink.com © Springer-Verlag Berlin Heidelberg 2009
70
D.G. Eliades and M.M. Polycarpou
equations of advection and reaction [1]. When a contaminant reaches a water consumer node, it can expose some of the population served at risk, or cause economic losses. The issue of modelling dangerous contaminant transport in water distribution networks was examined in [2], where the authors discretized the equations of contaminant transport and simulated a network under contamination. Currently, in water research an open-source hydraulic and quality numerical solver, called EPANET, is frequently used for computing the advection and reaction dynamics in discrete-time [3]. The security problem of contaminant detection in water distribution networks was first examined in [4]. The algorithmic “Battle of the Water Sensor Networks” competition in 2006 boosted research on the problem and established some benchmarks [5]. While previous research focused on specific cases of the water security problem, there has not been a unified problem formulation. In this work, we present an initial attempt to develop such a problem formulation, suitable for mathematical analysis and design. In previous research the main solution approach has been the formulation of an integer program which is solved using either evolutionary algorithms [6] or mathematical programming [7]. Various groups have worked in an operational research framework in formulating the mathematical program as in the ‘p-median’ problem [8]. Although these formulations seek to minimize one objective, it is often the case the solutions are not suitable with respect to some other objectives. In this work we propose a multi-objective optimization methodology suitable for considering more that one objective function. Some work has been conducted within a multi-objective framework, computing the Pareto fronts for conflicting objectives and finding the sets of non-dominant feasible solutions [9], [10]. However some of the objectives considered did not capture the contamination risk. The most frequently used risk objective metric is the average impact on the network. Recently, other relevant metrics have also been applied [11], [7], such as the ‘Conditional Value at Risk’ (CVaR) which corresponds to the average impact of the worst case scenarios. In this work we present a security-oriented formulation and solution of the problem when the average, the worst-case (maximum impact) and the average of worst-cases (CVaR) impact is considered. For computing the solution, we examine the use of a multi-objective evolutionary algorithm. In Section 2 the problem is formulated; in Section 3, the solution methodology is described and an algorithmic solution is presented. In Section 4 simulation results are demonstrated using a realistic water distribution network. Finally, the results are summarized and future work is discussed in Section 5.
2
Problem Formulation
We first express the network into a generic graph with nodes and edges. We consider nodes in the graph as locations in the distribution network where water consumption can occur, such as reservoirs, pipe junctions and tanks. Pipes that transport water from one node to another are represented as edges in the graph. Let V be the set of n nodes in the network, such that V={v1,…,vn} and E be the set of m edges connecting pairs of nodes, where for e∈E, e=(vi,vj). The two sets V and E capture the topology of the water distribution network. The function g(t), g:ℜ+ a ℜ + describes the rate of
Security Issues in Drinking Water Distribution Networks
71
contaminant’s mass injection in time at a certain node. A typical example of this injection profile is a pulse signal of finite duration. A contamination event ψ i ( g v (t )) is the contaminant injection at node vi∈V with rate i
g vi (t ) . A contamination scenario s={ψ1,…,ψn} is defined as the set of contamination
events ψi at each node vi describing a possible “attack” on the network. Typically, the contamination event ψi at most nodes will be zero, since the injection will occur at a few specific nodes. The set of nodes where intrusion occurs for a scenario s is V*={vi | ψi≠0, ψi∈s}, so that V*⊆V. Let S be the set of all possible contamination scenarios w.r.t the specific water distribution system. We define the function ω̃(s,t), ω̃:S×ℜ+ a ℜ , as the impact of a contamination scenario s until time t, for s∈S. This impact is computed through ω~( s, t ) = ∑ ϕ (vi , s, t ), vi ∈V
(1)
where φ:V×S×ℜ+ a ℜ is a function that computes the impact of a specific scenario s at node vi until time t. The way to compute φ(⋅) is determined by the problem specifications; for instance it can be related to the number of people infected at each node due to contamination, or to the consumed volume of contaminated water. For edge (vi,vj)∈Ε, the function τ(vi,vj,t), τ:V×V×ℜ+ a ℜ , expresses the transport time between nodes vi and vj, when a particle departs node vi at time t. This is computed by solving the network water hydraulics with a numerical solver for a certain time-window and for a certain water demands, tank levels and hydraulic control actions. This corresponds to a time-varying weight for each edge. We further define the function τ*:S×V a ℜ so that when for a scenario s, τ*(s,vi) is the minimum transport time for the contaminant to reach node vi∈V. To compute this we consider τ * ( s, vi ) = min F (vi , v j , s ), where for each intrusion node vj∈V* during a scenario s, the v ∈V * j
function F(·) is a shortest path algorithm for which the contaminant first reaches node vi. Finally we define function ω:S×V a ℜ , in order to express the impact of a contamination scenario s until it reaches node vi, such that ω(vi,s)= ω̃(s,τ*(s,vi)). This function will be used in the optimization formulation in the next section.
3
Solution Methodology
Since the set of all possible scenarios S is comprised of infinite elements, an increased computational complexity is imposed to the problem; moreover, contaminations in certain nodes are unrealistic or have trivial impacts. We can relax the problem by considering S0 as a representative finite subset of S, such that S0⊂S. In the simulations that follow, we assume that a scenario s∈S0 has a non-zero element for ψi and zero elements for all ψj for which i≠j. We further assume that the non-zero contamination event is ψi=g0(t,θ), where g0(·) is a known signal structure and θ is a parameter vector in the bounded parameter space Θ, θ∈Θ. Since Θ has infinite elements, we perform grid sampling and the selected parameter samples constitute a finite set Θ0⊂Θ. We assume that the parameter vector θ of a contamination event ψi also belongs to Θ0,
72
D.G. Eliades and M.M. Polycarpou
such that θ∈Θ0. Therefore, a scenario s∈S0 is comprised of one contamination event with parameter θ∈Θ0; the finite scenario set S0 is comprised of |V|·|Θ0| elements. 3.1 Optimization Problem In relation to the sensor placement problem, when there is more than one sensor in the network, the impact of a fault scenario s∈S0 is the minimum impact among all the impacts computed for each node/sensor; essentially it corresponds to the sensor that detects the fault first. We define three objective functions fi:X a ℜ , i={1,2,3}, that map a set of nodes X⊂V to a real number. Specifically, f1(X) is the average impact of S0, such that f1 ( X ) =
1 ∑ min ω ( x, s). | S 0 | s∈S0 x∈X
(2)
Function f2(X) is the maximum impact of the set of all scenarios, such that
f 2 ( X ) = max min ω ( x, s). s∈S0
x∈X
(3)
Finally, function f3(X) corresponds to the CVaR risk metric and is the average impact * S 0 of the scenarios in the set ⊂S0 with impact larger that αf2(X), where α∈[0,1], ⎫⎪ ⎧⎪ 1 f3 ( X ) = ⎨ min ω ( x, s ) :s ∈ S 0* ⇔ min ω ( x, s ) ≥ αf 2 ( X ) ⎬ . ∑ x∈X ⎪⎭ ⎪⎩| S 0* | x∈S0* x∈X
(4)
The multi-objective optimization problem is formulated as
min{ f1 ( X ), f 2 ( X ), f 3 ( X )} , X
(5)
subject to X⊂V' and |X|=N, where V'⊆V is the set of feasible nodes and N the number of sensors to be placed. Minimizing an objective function may result in maximizing others; it is thus not possible to find one optimal solution that satisfies all objectives at the same time. It is possible however to find a set of solutions, laying on a Pareto front, where each solution is no worse that the other. 3.2 Algorithmic Solution In general a feasible solution X is called Pareto optimal if for a set of objectives Γ and i,j∈Γ, there exists no other feasible solution X' such that fi(X')≤fi(X) with fj(X')
Abstract. This paper formulates the security problem of sensor placement in water distribution networks for contaminant detection. An initial attempt to develop a problem formulation is presented, suitable for mathematical analysis and design. Multiple risk-related objectives are minimized in order to compute the Pareto front of a set of possible solutions; the considered objectives are the contamination impact average, worst-case and worst-cases average. A multiobjective optimization methodology suitable for considering more that one objective function is examined and solved using a multiple-objective evolutionary algorithm. Keywords: contamination, water distribution, sensor placement, multi-objective optimization, security of water systems.
1
Introduction
A drinking water distribution network is the infrastructure which facilitates delivery of water to consumers. It is comprised of pipes which are connected to other pipes at junctions or connected to tanks and reservoirs. Junctions represent points in the network where pipes are connected, with inflows and outflows. Each junction is assumed to serve a number of consumers whose aggregated water demands are the junction’s demand outflow. Reservoirs (such as lakes, rivers etc.) are assumed to have infinite water capacity which they outflow to the distribution network. Tanks are dynamic elements with finite capacity that fill, store and return water back to the network. Valves are usually installed to some of the pipes in order to adjust flow, pressure, or to close part of the network if necessary. Water quality monitoring in distribution networks involves manual sampling or placing sensors at various locations to determine the chemical concentrations of various species such as disinfectants (e.g. chlorine) or for various contaminants that can be harmful to the consumers. Distribution networks are susceptible to intrusions due to their open and uncontrolled nature. Accidental faults or intentional actions could cause a contamination, that may affect significantly the health and economic activities of a city. Contaminants are substances, usually chemical, biological or radioactive, which travel along the water flow, and may exhibit decay or growth dynamics. The concentration dynamics of a substance in a water pipe can be modelled by the first-order hyperbolic *
This work is partially supported by the Research Promotion Foundation (Cyprus) and the University of Cyprus.
E. Corchado et al. (Eds.): CISIS 2008, ASC 53, pp. 69–76, 2009. springerlink.com © Springer-Verlag Berlin Heidelberg 2009
70
D.G. Eliades and M.M. Polycarpou
equations of advection and reaction [1]. When a contaminant reaches a water consumer node, it can expose some of the population served at risk, or cause economic losses. The issue of modelling dangerous contaminant transport in water distribution networks was examined in [2], where the authors discretized the equations of contaminant transport and simulated a network under contamination. Currently, in water research an open-source hydraulic and quality numerical solver, called EPANET, is frequently used for computing the advection and reaction dynamics in discrete-time [3]. The security problem of contaminant detection in water distribution networks was first examined in [4]. The algorithmic “Battle of the Water Sensor Networks” competition in 2006 boosted research on the problem and established some benchmarks [5]. While previous research focused on specific cases of the water security problem, there has not been a unified problem formulation. In this work, we present an initial attempt to develop such a problem formulation, suitable for mathematical analysis and design. In previous research the main solution approach has been the formulation of an integer program which is solved using either evolutionary algorithms [6] or mathematical programming [7]. Various groups have worked in an operational research framework in formulating the mathematical program as in the ‘p-median’ problem [8]. Although these formulations seek to minimize one objective, it is often the case the solutions are not suitable with respect to some other objectives. In this work we propose a multi-objective optimization methodology suitable for considering more that one objective function. Some work has been conducted within a multi-objective framework, computing the Pareto fronts for conflicting objectives and finding the sets of non-dominant feasible solutions [9], [10]. However some of the objectives considered did not capture the contamination risk. The most frequently used risk objective metric is the average impact on the network. Recently, other relevant metrics have also been applied [11], [7], such as the ‘Conditional Value at Risk’ (CVaR) which corresponds to the average impact of the worst case scenarios. In this work we present a security-oriented formulation and solution of the problem when the average, the worst-case (maximum impact) and the average of worst-cases (CVaR) impact is considered. For computing the solution, we examine the use of a multi-objective evolutionary algorithm. In Section 2 the problem is formulated; in Section 3, the solution methodology is described and an algorithmic solution is presented. In Section 4 simulation results are demonstrated using a realistic water distribution network. Finally, the results are summarized and future work is discussed in Section 5.
2
Problem Formulation
We first express the network into a generic graph with nodes and edges. We consider nodes in the graph as locations in the distribution network where water consumption can occur, such as reservoirs, pipe junctions and tanks. Pipes that transport water from one node to another are represented as edges in the graph. Let V be the set of n nodes in the network, such that V={v1,…,vn} and E be the set of m edges connecting pairs of nodes, where for e∈E, e=(vi,vj). The two sets V and E capture the topology of the water distribution network. The function g(t), g:ℜ+ a ℜ + describes the rate of
Security Issues in Drinking Water Distribution Networks
71
contaminant’s mass injection in time at a certain node. A typical example of this injection profile is a pulse signal of finite duration. A contamination event ψ i ( g v (t )) is the contaminant injection at node vi∈V with rate i
g vi (t ) . A contamination scenario s={ψ1,…,ψn} is defined as the set of contamination
events ψi at each node vi describing a possible “attack” on the network. Typically, the contamination event ψi at most nodes will be zero, since the injection will occur at a few specific nodes. The set of nodes where intrusion occurs for a scenario s is V*={vi | ψi≠0, ψi∈s}, so that V*⊆V. Let S be the set of all possible contamination scenarios w.r.t the specific water distribution system. We define the function ω̃(s,t), ω̃:S×ℜ+ a ℜ , as the impact of a contamination scenario s until time t, for s∈S. This impact is computed through ω~( s, t ) = ∑ ϕ (vi , s, t ), vi ∈V
(1)
where φ:V×S×ℜ+ a ℜ is a function that computes the impact of a specific scenario s at node vi until time t. The way to compute φ(⋅) is determined by the problem specifications; for instance it can be related to the number of people infected at each node due to contamination, or to the consumed volume of contaminated water. For edge (vi,vj)∈Ε, the function τ(vi,vj,t), τ:V×V×ℜ+ a ℜ , expresses the transport time between nodes vi and vj, when a particle departs node vi at time t. This is computed by solving the network water hydraulics with a numerical solver for a certain time-window and for a certain water demands, tank levels and hydraulic control actions. This corresponds to a time-varying weight for each edge. We further define the function τ*:S×V a ℜ so that when for a scenario s, τ*(s,vi) is the minimum transport time for the contaminant to reach node vi∈V. To compute this we consider τ * ( s, vi ) = min F (vi , v j , s ), where for each intrusion node vj∈V* during a scenario s, the v ∈V * j
function F(·) is a shortest path algorithm for which the contaminant first reaches node vi. Finally we define function ω:S×V a ℜ , in order to express the impact of a contamination scenario s until it reaches node vi, such that ω(vi,s)= ω̃(s,τ*(s,vi)). This function will be used in the optimization formulation in the next section.
3
Solution Methodology
Since the set of all possible scenarios S is comprised of infinite elements, an increased computational complexity is imposed to the problem; moreover, contaminations in certain nodes are unrealistic or have trivial impacts. We can relax the problem by considering S0 as a representative finite subset of S, such that S0⊂S. In the simulations that follow, we assume that a scenario s∈S0 has a non-zero element for ψi and zero elements for all ψj for which i≠j. We further assume that the non-zero contamination event is ψi=g0(t,θ), where g0(·) is a known signal structure and θ is a parameter vector in the bounded parameter space Θ, θ∈Θ. Since Θ has infinite elements, we perform grid sampling and the selected parameter samples constitute a finite set Θ0⊂Θ. We assume that the parameter vector θ of a contamination event ψi also belongs to Θ0,
72
D.G. Eliades and M.M. Polycarpou
such that θ∈Θ0. Therefore, a scenario s∈S0 is comprised of one contamination event with parameter θ∈Θ0; the finite scenario set S0 is comprised of |V|·|Θ0| elements. 3.1 Optimization Problem In relation to the sensor placement problem, when there is more than one sensor in the network, the impact of a fault scenario s∈S0 is the minimum impact among all the impacts computed for each node/sensor; essentially it corresponds to the sensor that detects the fault first. We define three objective functions fi:X a ℜ , i={1,2,3}, that map a set of nodes X⊂V to a real number. Specifically, f1(X) is the average impact of S0, such that f1 ( X ) =
1 ∑ min ω ( x, s). | S 0 | s∈S0 x∈X
(2)
Function f2(X) is the maximum impact of the set of all scenarios, such that
f 2 ( X ) = max min ω ( x, s). s∈S0
x∈X
(3)
Finally, function f3(X) corresponds to the CVaR risk metric and is the average impact * S 0 of the scenarios in the set ⊂S0 with impact larger that αf2(X), where α∈[0,1], ⎫⎪ ⎧⎪ 1 f3 ( X ) = ⎨ min ω ( x, s ) :s ∈ S 0* ⇔ min ω ( x, s ) ≥ αf 2 ( X ) ⎬ . ∑ x∈X ⎪⎭ ⎪⎩| S 0* | x∈S0* x∈X
(4)
The multi-objective optimization problem is formulated as
min{ f1 ( X ), f 2 ( X ), f 3 ( X )} , X
(5)
subject to X⊂V' and |X|=N, where V'⊆V is the set of feasible nodes and N the number of sensors to be placed. Minimizing an objective function may result in maximizing others; it is thus not possible to find one optimal solution that satisfies all objectives at the same time. It is possible however to find a set of solutions, laying on a Pareto front, where each solution is no worse that the other. 3.2 Algorithmic Solution In general a feasible solution X is called Pareto optimal if for a set of objectives Γ and i,j∈Γ, there exists no other feasible solution X' such that fi(X')≤fi(X) with fj(X')
