Dan Li,Paritosh Ramanan,Nagi Gebraeel,Kamran Paynabar

DOI: https://doi.org/10.1109/icmla51294.2020.00075

2020-12-01

Abstract:Cybersecurity of Industrial Control Systems (ICS) is drawing significant concerns as data communication increasingly leverages wireless networks. A lot of data-driven methods were developed for detecting cyberattacks, but few are focused on distinguishing them from equipment faults. In this paper, we develop a data-driven framework that can be used to detect, diagnose, and localize a type of cyberattack called covert attacks on smart grids. The framework has a hybrid design that combines an autoencoder, a recurrent neural network (RNN) with a Long-Short-Term-Memory (LSTM) layer, and a Deep Neural Network (DNN). This data-driven framework considers the temporal behavior of a generic physical system that extracts features from the time series of the sensor measurements that can be used for detecting covert attacks, distinguishing them from equipment faults, as well as localize the attack/fault. We evaluate the performance of the proposed method through a realistic simulation study on the IEEE 14-bus model as a typical example of ICS. We compare the performance of the proposed method with the traditional model-based method to show its applicability and efficacy.

Daniel Fährmann,Naser Damer,Florian Kirchbuchner,Arjan Kuijper

DOI: https://doi.org/10.3390/s22082886

IF: 3.9

2022-04-09

Sensors

Abstract:Heterogeneous cyberattacks against industrial control systems (ICSs) have had a strong impact on the physical world in recent decades. Connecting devices to the internet enables new attack surfaces for attackers. The intrusion of ICSs, such as the manipulation of industrial sensory or actuator data, can be the cause for anomalous ICS behaviors. This poses a threat to the infrastructure that is critical for the operation of a modern city. Nowadays, the best techniques for detecting anomalies in ICSs are based on machine learning and, more recently, deep learning. Cybersecurity in ICSs is still an emerging field, and industrial datasets that can be used to develop anomaly detection techniques are rare. In this paper, we propose an unsupervised deep learning methodology for anomaly detection in ICSs, specifically, a lightweight long short-term memory variational auto-encoder (LW-LSTM-VAE) architecture. We successfully demonstrate our solution under two ICS applications, namely, water purification and water distribution plants. Our proposed method proves to be efficient in detecting anomalies in these applications and improves upon reconstruction-based anomaly detection methods presented in previous work. For example, we successfully detected 82.16% of the anomalies in the scenario of the widely used Secure Water Treatment (SWaT) benchmark. The deep learning architecture we propose has the added advantage of being extremely lightweight.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Abdulrahman Al-Abassi,Hadis Karimipour,Ali Dehghantanha,Reza M. Parizi

DOI: https://doi.org/10.48550/arXiv.2005.00936

IF: 4.729

2020-05-02

Signal Processing

Abstract:The integration of communication networks and the Internet of Things (IoT) in Industrial Control Systems (ICSs) increases their vulnerability towards cyber-attacks, causing devastating outcomes. Traditional Intrusion Detection Systems (IDSs), which are mainly developed to support Information Technology (IT) systems, count vastly on predefined models and are trained mostly on specific cyber-attacks. Besides, most IDSs do not consider the imbalanced nature of ICS datasets, thereby suffering from low accuracy and high false positive on real datasets. In this paper, we propose a deep representation learning model to construct new balanced representations of the imbalanced dataset. The new representations are fed into an ensemble deep learning attack detection model specifically designed for an ICS environment. The proposed attack detection model leverages Deep Neural Network (DNN) and Decision Tree (DT) classifiers to detect cyber-attacks from the new representations. The performance of the proposed model is evaluated based on 10-fold cross-validation on two real ICS datasets. The results show that the proposed method outperforms conventional classifiers, including Random Forest (RF), DNN, and AdaBoost, as well as recent existing models in the literature. The proposed approach is a generalized technique, which can be implemented in existing ICS infrastructures with minimum changes.

Hajar Hameed Addeen,Yang Xiao,Tieshan Li

DOI: https://doi.org/10.1109/access.2024.3384295

IF: 3.9

2024-04-09

IEEE Access

Abstract:Modern technologies adopt Internet of Things (IoT) devices to increase water management efficiency and enhance water quality services. However, the limitations of IoT devices, such as small sizes and poor security, weaken the Water Distribution System (WDS) security, and many attackers compromise the critical components of WDS. Cyber-physical attacks (CPAs) are considered one of the biggest challenges that decrease the security factors in WDS by disrupting normal operations and tampering with the critical data of the water system. For instance, an attacker can change the water pump's speed, disrupting the service. An attacker can also alter the data of water quality parameters to contaminate the water. It is important to propose solutions to increase security in the WDS and defend against CPAs and security threats. Although several intrusion detection methods were proposed in the literature to detect WDS CPAs, many issues still need solutions, such as detecting attacks with smaller false alarms, minimizing the time to disclose the attacks, determining the location of the compromising components, and recovering solutions for the attacked components. Therefore, this paper proposes a model based on a deep learning algorithm called a Conditional variational Autoencoder (CVAE) to disclose CPAs and mitigate their bad effects on WDS. The proposed method consists of a neural network, an encoder to compress data, and a decoder to decompress data. The objective goal is to minimize the reconstruction error between the encoded-decoded data and the initial data. We apply the CVAE on some well-known datasets. The experiment results show that our proposed CVAE method performs better than others. After analyzing the CVAE model with other existing models, we get the highest performance by reaching %98 accuracy.

computer science, information systems,telecommunications,engineering, electrical & electronic

Cai, Feiyang,Koutsoukos, Xenofon

DOI: https://doi.org/10.1007/s10207-023-00677-z

2023-03-30

International Journal of Information Security

Abstract:Detection of deception attacks is pivotal to ensure the safe and reliable operation of cyber-physical systems (CPS). Detection of such attacks needs to consider time-series sequences and is very challenging especially for autonomous vehicles that rely on high-dimensional observations from camera sensors. The paper presents an approach to detect deception attacks in real-time utilizing sensor observations, with a special focus on high-dimensional observations. The approach is based on inductive conformal anomaly detection (ICAD) and utilizes a novel generative model which consists of a variational autoencoder (VAE) and a recurrent neural network (RNN) that is used to learn both spatial and temporal features of the normal dynamic behavior of the system. The model can be used to predict the observations for multiple time steps, and the predictions are then compared with actual observations to efficiently quantify the nonconformity of a sequence under attack relative to the expected normal behavior, thereby enabling real-time detection of attacks using high-dimensional sequential data. We evaluate the approach empirically using two simulation case studies of an advanced emergency braking system and an autonomous car racing example, as well as a real-world secure water treatment dataset. The experiments show that the proposed method outperforms other detection methods, and in most experiments, both false positive and false negative rates are less than 10%. Furthermore, execution times measured on both powerful cloud machines and embedded devices are relatively short, thereby enabling real-time detection.

computer science, information systems, theory & methods, software engineering

Mehdi Jabbari Zideh,Sarika Khushalani Solanki

2023-12-08

Abstract:The growing trend toward the modernization of power distribution systems has facilitated the installation of advanced measurement units and promotion of the cyber communication systems. However, these infrastructures are still prone to stealth cyber attacks. The existing data-driven anomaly detection methods suffer from a lack of knowledge about the system's physics, lack of interpretability, and scalability issues hindering their practical applications in real-world scenarios. To address these concerns, physics-informed neural networks (PINNs) were introduced. This paper proposes a multivariate physics-informed convolutional autoencoder (PIConvAE) to detect stealthy cyber-attacks in power distribution grids. The proposed model integrates the physical principles into the loss function of the neural network by applying Kirchhoff's law. Simulations are performed on the modified IEEE 13-bus and 123-bus systems using OpenDSS software to validate the efficacy of the proposed model for stealth attacks. The numerical results prove the superior performance of the proposed PIConvAE in three aspects: a) it provides more accurate results compared to the data-driven ConvAE model, b) it requires less training time to converge c) the model excels in effectively detecting a wide range of attack magnitudes making it powerful in detecting stealth attacks.

Systems and Control,Cryptography and Security,Machine Learning

Jie Wang,Pengfei Li,Weiqiang Kong,Ran An

DOI: https://doi.org/10.3390/math10162872

IF: 2.4

2022-08-12

Mathematics

Abstract:With the rapid development of network technologies, the network security of industrial control systems has aroused widespread concern. As a defense mechanism, an ideal intrusion detection system (IDS) can effectively detect abnormal behaviors in a system without affecting the performance of the industrial control system (ICS). Many deep learning methods are used to build an IDS, which rely on massive numbers of variously labeled samples for model training. However, network traffic is imbalanced, and it is difficult for researchers to obtain sufficient attack samples. In addition, the attack variants are rich, and constructing all possible attack types in advance is impossible. In order to overcome these challenges and improve the performance of an IDS, this paper presents a novel intrusion detection approach which integrates a one-dimensional convolutional autoencoder (1DCAE) and support vector data description (SVDD) for the first time. For the two-stage training process, 1DCAE fails to retain the key features of intrusion detection and SVDD has to add restrictions, so a joint optimization solution is introduced. A three-stage optimization process is proposed to obtain better performance. Experiments on the benchmark intrusion detection dataset NSL-KDD show that the proposed method can effectively detect various unknown attacks, learning with only normal traffic. Compared with the recent state-of-art intrusion detection baselines, the proposed method is improved in most metrics.

mathematics

Cheng Feng,Tingting Li,Zhanxing Zhu,Deeph Chana

DOI: https://doi.org/10.48550/arXiv.1709.06397

2017-09-19

Cryptography and Security

Abstract:Industrial control systems (ICS), which in many cases are components of critical national infrastructure, are increasingly being connected to other networks and the wider internet motivated by factors such as enhanced operational functionality and improved efficiency. However, set in this context, it is easy to see that the cyber attack surface of these systems is expanding, making it more important than ever that innovative solutions for securing ICS be developed and that the limitations of these solutions are well understood. The development of anomaly based intrusion detection techniques has provided capability for protecting ICS from the serious physical damage that cyber breaches are capable of delivering to them by monitoring sensor and control signals for abnormal activity. Recently, the use of so-called stealthy attacks has been demonstrated where the injection of false sensor measurements can be used to mimic normal control system signals, thereby defeating anomaly detectors whilst still delivering attack objectives. In this paper we define a deep learning-based framework which allows an attacker to conduct stealthy attacks with minimal a-priori knowledge of the target ICS. Specifically, we show that by intercepting the sensor and/or control signals in an ICS for a period of time, a malicious program is able to automatically learn to generate high-quality stealthy attacks which can achieve specific attack goals whilst bypassing a black box anomaly detector. Furthermore, we demonstrate the effectiveness of our framework for conducting stealthy attacks using two real-world ICS case studies. We contend that our results motivate greater attention on this area by the security community as we demonstrate that currently assumed barriers for the successful execution of such attacks are relaxed.

Kumar, Prabhat,Islam, A. K. M. Najmul

DOI: https://doi.org/10.1007/s12559-024-10309-w

IF: 4.89

2024-06-11

Cognitive Computation

Abstract:Industrial Cyber-Physical Systems (ICPSs) are becoming more and more networked and essential to modern infrastructure. This has led to an increase in the complexity of their dynamics and the challenges of protecting them from advanced cyber threats have escalated. Conventional intrusion detection systems (IDS) often struggle to interpret high-dimensional, sequential data efficiently and extract meaningful features. They are characterized by low accuracy and a high rate of false positives. In this article, we adopt the computational design science approach to design an IDS for ICPS, driven by Generative AI and cognitive computing. Initially, we designed a Long Short-Term Memory-based Sparse Variational Autoencoder (LSTM-SVAE) technique to extract relevant features from complex data patterns efficiently. Following this, a Bidirectional Recurrent Neural Network with Hierarchical Attention (BiRNN-HAID) is constructed. This stage focuses on proficiently identifying potential intrusions by processing data with enhanced focus and memory capabilities. Next, a Cognitive Enhancement for Contextual Intrusion Awareness (CE-CIA) is designed to refine the initial predictions by applying cognitive principles. This enhances the system's reliability by effectively balancing sensitivity and specificity, thereby reducing false positives. The final stage, Interpretive Assurance through Activation Insights in Detection Models (IAA-IDM), involves the visualizations of mean activations of LSTM and GRU layers for providing in-depth insights into the decision-making process for cybersecurity analysts. Our framework undergoes rigorous testing on two publicly accessible industrial datasets, ToN-IoT and Edge-IIoTset, demonstrating its superiority over both baseline methods and recent state-of-the-art approaches.

computer science, artificial intelligence,neurosciences

Mariam Elnour,Mohammad Noorizadeh,Mohammad Shakerpour,Nader Meskin,Khaled Khan,Raj Jain

DOI: https://doi.org/10.1109/access.2023.3303015

IF: 3.9

2023-08-22

IEEE Access

Abstract:In light of the advancement of the technologies used in industrial control systems, securing their operation has become crucial, primarily since their activity is consistently associated with integral elements related to the environment, the safety and health of people, the economy, and many others. This work presents a distributed, machine learning based attack detection and mitigation framework for sensor false data injection cyber-physical attacks in industrial control systems. It is developed using the system's standard operational data and validated using a hybrid testbed of a reverse osmosis plant. A MATLAB/Simulink-based simulation model of the process validated with actual data from a local plant is used. The control system is implemented using Siemens S7-1200 programmable logic controllers with 200SP Distributed Input/Output modules. The proposed solution can be adopted in the existing industrial control systems and demonstrated effective performance in real-time detection and mitigation of actual cyber-physical attacks launched by compromising the communication links between the process and the programmable logic controllers.

computer science, information systems,telecommunications,engineering, electrical & electronic

Phai Vu Dinh,Quang Uy Nguyen,Dinh Thai Hoang,Diep N. Nguyen,Son Pham Bao,Eryk Dutkiewicz

2023-12-05

Abstract:Intrusion detection systems (IDSs) play a critical role in protecting billions of IoT devices from malicious attacks. However, the IDSs for IoT devices face inherent challenges of IoT systems, including the heterogeneity of IoT data/devices, the high dimensionality of training data, and the imbalanced data. Moreover, the deployment of IDSs on IoT systems is challenging, and sometimes impossible, due to the limited resources such as memory/storage and computing capability of typical IoT devices. To tackle these challenges, this article proposes a novel deep neural network/architecture called Constrained Twin Variational Auto-Encoder (CTVAE) that can feed classifiers of IDSs with more separable/distinguishable and lower-dimensional representation data. Additionally, in comparison to the state-of-the-art neural networks used in IDSs, CTVAE requires less memory/storage and computing power, hence making it more suitable for IoT IDS systems. Extensive experiments with the 11 most popular IoT botnet datasets show that CTVAE can boost around 1% in terms of accuracy and Fscore in detection attack compared to the state-of-the-art machine learning and representation learning methods, whilst the running time for attack detection is lower than 2E-6 seconds and the model size is lower than 1 MB. We also further investigate various characteristics of CTVAE in the latent space and in the reconstruction representation to demonstrate its efficacy compared with current well-known methods.

Machine Learning,Cryptography and Security

Wei Jiang

DOI: https://doi.org/10.1155/2022/1945507

2022-03-16

Abstract:From a technological point of view, Industry 4.0 evolves and operates in a smart environment in which the real and virtual worlds come together through smart cyber-physical systems. These devices that control each other autonomously activate innovative functions that enhance the production process. However, the industrial environment in which the most modern digital automation and information technologies are integrated is an ideal target for large-scale targeted cyberattacks. Implementing an integrated and effective security strategy in the Industrial 4.0 ecosystem presupposes a vertical inspection process at regular intervals to address any new threats and vulnerabilities throughout the production line. This view should be accompanied by the deep conviction of all stakeholders that all systems of modern industrial infrastructure are a potential target of cyberattacks and that the slightest rearrangement of mechatronic systems can lead to generalized losses. Accordingly, given that there is no panacea in designing a security strategy that fully ensures the infrastructure in question, advanced high-level solutions should be adopted, effectively implementing security perimeters without direct dependence on human resources. One of the most important methods of active cybersecurity in Industry 4.0 is the detection of anomalies, i.e., the identification of objects, observations, events, or behaviors that do not conform to the expected pattern of a process. The theme of this work is the identification of defects in the production line resulting from cyberattacks with advanced machine vision methods. An original variational fuzzy autoencoder (VFA) methodology is proposed. Using fuzzy entropy and Euclidean fuzzy similarity measurement maximizes the possibility of using nonlinear transformation through deterministic functions, thus creating an entirely realistic vision system. The final finding is that the proposed system can evaluate and categorize anomalies in a highly complex environment with significant accuracy.

Zheng Zhang,Jinlin Zhu,Yang Liu,Zhiqiang Ge

DOI: https://doi.org/10.1109/ddcls49620.2020.9275274

2020-01-01

Abstract:This article proposes the recurrent Kalman variational autoencoder, an end-to-end trainable framework for process modeling and fault detection. Based on the backbone of variational autoencoder, our research focuses on the dynamic and nonlinear properties that implied in the industrial process. For the dynamics describing, the Kalman filter is integrated to estimate the hidden state uncertainty due to process noise, and hence to identify the time-domain correlation in the hidden space. While for the nonlinear evolution in the hidden mapping, the dynamic parameter network is constructed for recurrent updating, so as to further improve the inference accuracy. Finally, for process monitoring, a fault detection panel is designed in the latent and residual domains generated by the deep model. Through the simulation of the industrial benchmark Tennessee Eastman Process, the superiority of the proposed method is evaluated and discussed.

Yi Ren,Kanghui Feng,Fei Hu,Liangyin Chen,Yanru Chen

DOI: https://doi.org/10.3390/s23208407

2023-10-12

Abstract:With the gradual integration of internet technology and the industrial control field, industrial control systems (ICSs) have begun to access public networks on a large scale. Attackers use these public network interfaces to launch frequent invasions of industrial control systems, thus resulting in equipment failure and downtime, production data leakage, and other serious harm. To ensure security, ICSs urgently need a mature intrusion detection mechanism. Most of the existing research on intrusion detection in ICSs focuses on improving the accuracy of intrusion detection, thereby ignoring the problem of limited equipment resources in industrial control environments, which makes it difficult to apply excellent intrusion detection algorithms in practice. In this study, we first use the spectral residual (SR) algorithm to process the data; we then propose the improved lightweight variational autoencoder (LVA) with autoregression to reconstruct the data, and we finally perform anomaly determination based on the permutation entropy (PE) algorithm. We construct a lightweight unsupervised intrusion detection model named LVA-SP. The model as a whole adopts a lightweight design with a simpler network structure and fewer parameters, which achieves a balance between the detection accuracy and the system resource overhead. Experimental results on the ICSs dataset show that our proposed LVA-SP model achieved an F1-score of 84.81% and has advantages in terms of time and memory overhead.

Kai Wang,Junghui Chen,Zhihuan Song

2019-01-01

Abstract:Deep learning models have been proved to outperform shallow methods for industrial process fault detection because of their high capacity for complex nonlinearity. However, typical deep models applied to monitoring processes are conducted in a deterministic manner. They are unable to provide a confidence level for each decision. Also, most deep learning methods often need to integrate prior conditions, such as orthogonal latent variables, constraints, and some given distributions. The consequences of these issues cause lots of trials and errors as conventional deep models are built based on experiences. In this paper, a variational auto-encoder is used to set up a framework to tackle these problems. The learned latent variables, which would be orthogonal to each other, are constrained under the specified and optimized objective. Simultaneously, considering uncertainty in data, probability density estimates of latent variables and residuals instead of point estimates are given to design distribution based monitoring indices. A numerical example validates the effectiveness of the proposed method.

Fawaz Waselallah Alsaade,Mosleh Hmoud Al-Adhaileh

DOI: https://doi.org/10.3390/s23084086

2023-04-18

Abstract:Connected and autonomous vehicles (CAVs) present exciting opportunities for the improvement of both the mobility of people and the efficiency of transportation systems. The small computers in autonomous vehicles (CAVs) are referred to as electronic control units (ECUs) and are often perceived as being a component of a broader cyber-physical system. Subsystems of ECUs are often networked together via a variety of in-vehicle networks (IVNs) so that data may be exchanged, and the vehicle can operate more efficiently. The purpose of this work is to explore the use of machine learning and deep learning methods in defence against cyber threats to autonomous cars. Our primary emphasis is on identifying erroneous information implanted in the data buses of various automobiles. In order to categorise this type of erroneous data, the gradient boosting method is used, providing a productive illustration of machine learning. To examine the performance of the proposed model, two real datasets, namely the Car-Hacking and UNSE-NB15 datasets, were used. Real automated vehicle network datasets were used in the verification process of the proposed security solution. These datasets included spoofing, flooding and replay attacks, as well as benign packets. The categorical data were transformed into numerical form via pre-processing. Machine learning and deep learning algorithms, namely k-nearest neighbour (KNN) and decision trees, long short-term memory (LSTM), and deep autoencoders, were employed to detect CAN attacks. According to the findings of the experiments, using the decision tree and KNN algorithms as machine learning approaches resulted in accuracy levels of 98.80% and 99%, respectively. On the other hand, the use of LSTM and deep autoencoder algorithms as deep learning approaches resulted in accuracy levels of 96% and 99.98%, respectively. The maximum accuracy was achieved when using the decision tree and deep autoencoder algorithms. Statistical analysis methods were used to analyse the results of the classification algorithms, and the determination coefficient measurement for the deep autoencoder was found to reach a value of R2 = 95%. The performance of all of the models that were built in this way surpassed that of those already in use, with almost perfect levels of accuracy being achieved. The system developed is able to overcome security issues in IVNs.

Bruno Paes Leao,Jagannadh Vempati,Siddharth Bhela,Tobias Ahlgrim,Daniel Arnold

2024-05-31

Abstract:Modern industrial systems face a growing threat from sophisticated cyberattacks that can cause significant operational disruptions. This work presents a novel methodology for identification of the most critical cyberattacks that may disrupt the operation of such a system. Application of the proposed framework can enable the design and development of advanced cybersecurity solutions for a wide range of industrial applications. Attacks are assessed taking into direct consideration how they impact the system operation as measured by a defined Key Performance Indicator (KPI). A simulation model (SM), of the industrial process is employed for calculation of the KPI based on operating conditions. Such SM is augmented with a layer of information describing the communication network topology, connected devices, and potential actions an adversary can take based on each device or network link. Each possible action is associated with an abstract measure of effort, which is interpreted as a cost. It is assumed that the adversary has a corresponding budget that constrains the selection of the sequence of actions defining the progression of the attack. A dynamical system comprising a set of states associated with the cyberattack (cyber-states) and transition logic for updating their values is also proposed. The resulting augmented simulation model (ASM) is then employed in an artificial intelligence-based sequential decision-making optimization to yield the most critical cyberattack scenarios as measured by their impact on the defined KPI. The methodology is successfully tested based on an electrical power distribution system use case.

Systems and Control

Anila Kousar,Saeed Ahmed,Abdullah Altamimi,Su Min Kim,Zafar A Khan

DOI: https://doi.org/10.1016/j.heliyon.2024.e38470

IF: 3.776

2024-09-27

Heliyon

Abstract:Smart grids arose as the largest cyber-physical systems with the integration of sophisticated control, computing, and state-of-the-art communications. Like all cyber-physical systems, the smart grids are vulnerable to malicious cyber assaults due to their enormous dependency on communication networks. Various machine learning-based schemes are being investigated in the industry and academia to develop robust defense mechanisms to counter cyber assaults. However, the curse of high dimensionality, which increases with the escalating evolution of an electric power system, infringes upon the efficiency of machine learning models employed to detect such assaults. To this end, this paper proposes a deep denoising autoencoder (DAE)-based framework for dimensionality reduction that learns salient feature representation for high-dimensional, multi-variant smart grid measurement data collected from the smart grids. The latent space apprehended by DAE is then fed to binary support vector machine (SVM) to determine the assaulted data. Various standard IEEE test cases are employed in simulations. The results show that the proposed scheme learns more robust features that reveal the nonlinear properties exhibited in the smart grid measurements, further leading to improved detection accuracy of the classifier as compared to existing approaches.

Weiping Wang,Chunyang Wang,Yongzhen Guo,Manman Yuan,Xiong Luo,Yang Gao

DOI: https://doi.org/10.3389/fenrg.2020.555145

IF: 3.4

2021-01-19

Frontiers in Energy Research

Abstract:Industrial control network is a direct interface between information system and physical control process. Due to the lack of authentication, encryption, and other necessary security protection designs, it has become the main target of malicious attacks under the trend of increasing openness. In order to protect the industrial control systems, we examine the detection of abnormal traffic in industrial control network and propose a method of detecting abnormal traffic in industrial control network based on autoencoder technology. What is more, a new deep autoencoder model was designed to reduce the dimensionality of traffic data in industrial control network. In this article, the Kullback–Leibler divergence was added to the loss function to improve the ability of feature extraction and the ability to recover raw data. Finally, this model was compared with the traditional data dimensionality reduction method (principal component analysis (PCA), independent component analysis, and singular value decomposition) on gas pipeline dataset. The results show that the approach designed in this article outperforms the three methods in different scenes in terms of f 1 score.

energy & fuels

Mehdi Jabbari Zideh,Mohammad Reza Khalghani,Sarika Khushalani Solanki

DOI: https://doi.org/10.1016/j.epsr.2024.110407

IF: 3.818

2024-04-22

Electric Power Systems Research

Abstract:Detection of cyber attacks in smart power distribution grids with unbalanced configurations poses challenges due to the inherent nonlinear nature of these uncertain and stochastic systems. It originates from the intermittent characteristics of the distributed energy resources (DERs) generation and load variations. Moreover, the unknown behavior of cyber attacks, especially false data injection attacks (FDIAs) in the distribution grids with complex temporal correlations and the limited amount of labeled data increases the vulnerability of the grids and imposes a high risk in the secure and reliable operation of the grids. To address these challenges, this paper proposes an unsupervised adversarial autoencoder (AAE) model to detect FDIAs in unbalanced power distribution grids integrated with DERs, i.e., PV systems and wind generation. The proposed method utilizes long short-term memory (LSTM) in the structure of the autoencoder to capture the temporal dependencies in the time-series measurements and leverages the power of generative adversarial networks (GANs) for better reconstruction of the input data. The advantage of the proposed data-driven model is that it can detect anomalous points for the system operation without reliance on abstract models or mathematical representations and data labels. To evaluate the efficacy of the approach, it is tested on IEEE 13-bus and 123-bus systems with historical meteorological data (wind speed, ambient temperature, and solar irradiance) as well as historical real-world load data under three types of data falsification functions. The comparison of the detection results of the proposed model with other data-driven methods verifies its superior performance in detecting cyber attacks in unbalanced power distribution grids.

engineering, electrical & electronic