Kuchan Park,Mansi Girdhar,Junho Hong,Wencong Su,Akila Herath,Chen-Ching Liu

2024-11-12

Abstract:Substation Automation Systems (SAS) that adhere to the International Electrotechnical Commission (IEC) 61850 standard have already been widely implemented across various on-site local substations. However, the digitalization of substations, which involves the use of cyber system, inherently increases their vulnerability to cyberattacks. This paper proposes the detection of cyberattacks through an anomaly-based approach utilizing Machine Learning (ML) methods within central control systems of the power system network. Furthermore, when an anomaly is identified, mitigation and restoration strategies employing concurrent Intelligent Electronic Devices (CIEDs) are utilized to ensure robust substation automation system operations. The proposed ML model is trained using Sampled Value (SV) and Generic Object Oriented Substation Event (GOOSE) data from each substation within the entire transmission system. As a result, the trained ML models can classify cyberattacks and normal faults, while the use of CIEDs contributes to cyberattack mitigation, and substation restoration.

Systems and Control

Sheng Xu,Yongxiang Xia,Hui-Liang Shen

DOI: https://doi.org/10.1109/tcsii.2020.2999875

2020-01-01

Abstract:In this brief, we analyze the damage caused by malware-induced cyber attacks in Cyber-Physical Power Systems (CPPSs). Incubation period and detection probability of the malware are considered in our analytical framework. From attacker's perspective, the trade-off between attack effectiveness and detection risk is studied to help choose the best attack timing and obtain the maximum payoff. Moreover, we conduct case studies in CPPSs formed by coupling IEEE 118-Bus System with scale-free communication networks. Simulation results reveal that the maximum expected payoff for the attacker is affected by the coupling pattern and the structure of communication network in CPPSs.

Kang-Di Lu,Zheng-Guang Wu

DOI: https://doi.org/10.1109/icarm54641.2022.9959185

2022-01-01

Abstract:The cyber-physical power system (CPPS) is evolved from the traditional power system by the deployment of information networks with control systems, computational units, and communication networks. However, their integration into CPPS introduces new challenges in maintaining security. Various malicious cyber-attacks are drawn much attention recently after the discovery of the impact on CPPS state estimation. Thus, it is of great significance for operators to detect cyber-attacks and identify the types of attacks in CPPS to make decisions appropriately. This problem can be viewed as a multi-class classification problem from the perspective of machine learning. Accordingly, this paper proposes an ensemble learning-based cyber-attacks detection model for CPPS state estimation. In the proposed model, we use the subspace features and then send the data to the classifier for ensemble, where decision trees and random vector functional link networks are introduced as the basic classifier. The proposed model is validated by employing simulated data on IEEE 14-bus and 30-bus systems. Simulation results demonstrate the performance of the proposed cyber-attacks detection model.

Diane Tuyizere,Remy Ihabwikuzo

2023-07-07

Abstract:This research proposes a machine learning-based attack detection model for power systems, specifically targeting smart grids. By utilizing data and logs collected from Phasor Measuring Devices (PMUs), the model aims to learn system behaviors and effectively identify potential security boundaries. The proposed approach involves crucial stages including dataset pre-processing, feature selection, model creation, and evaluation. To validate our approach, we used a dataset used, consist of 15 separate datasets obtained from different PMUs, relay snort alarms and logs. Three machine learning models: Random Forest, Logistic Regression, and K-Nearest Neighbour were built and evaluated using various performance metrics. The findings indicate that the Random Forest model achieves the highest performance with an accuracy of 90.56% in detecting power system disturbances and has the potential in assisting operators in decision-making processes.

Machine Learning,Systems and Control

Tianzhixi Yin,Syed Ahsan Raza Naqvi,Sai Pushpak Nandanoori,Soumya Kundu

2024-11-05

Abstract:This paper explores the detection and localization of cyber-attacks on time-series measurements data in power systems, focusing on comparing conventional machine learning (ML) like k-means, deep learning method like autoencoder, and graph neural network (GNN)-based techniques. We assess the detection accuracy of these approaches and their potential to pinpoint the locations of specific sensor measurements under attack. Given the demonstrated success of GNNs in other time-series anomaly detection applications, we aim to evaluate their performance within the context of power systems cyber-attacks on sensor measurements. Utilizing the IEEE 68-bus system, we simulated four types of false data attacks, including scaling attacks, additive attacks, and their combinations, to test the selected approaches. Our results indicate that GNN-based methods outperform k-means and autoencoder in detection. Additionally, GNNs show promise in accurately localizing attacks for simple scenarios, although they still face challenges in more complex cases, especially ones that involve combinations of scaling and additive attacks.

Systems and Control

Zhenyong Zhang,Ke Zuo,Ruilong Deng,Fei Teng,Mingyang Sun

DOI: https://doi.org/10.1109/jiot.2023.3264492

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Machine learning-based intelligent systems enhanced with Internet of Things (IoT) technologies have been widely developed and exploited to enable the real-time stability assessment of a large-scale electricity grid. However, it has been extensively recognized that the IoT-enabled communication network of power systems is vulnerable to cyberattacks. In particular, system operating states, critical attributes that act as input to the data-driven stability assessment, can be manipulated by malicious actors to mislead the system operator into making disastrous decisions and thus cause major blackouts and cascading events. In this article, we explore the vulnerability of the data-driven power system stability assessment, with a special emphasis on decision tree-based stability assessment (DTSA) approaches, and investigate the feasibility of constructing a physics-constrained adversarial attack (PCAA) to undermine the DTSA. The PCAA is formulated as a nonlinear programming problem considering the misclassification constraint, power limits, and bad data detection, computing potential adversarial perturbations that reverse the “stable/unstable” prediction of the real-time input while remaining invisible/stealthy. Extensive experiments based on the IEEE 68-bus system are conducted to evaluate the impact of PCAAs on predictions of DTSA and their transferability.

Aidong Xu,Xingpu Cai,Mengya Li,Yang Cao,Huajun Chen,Wei Ding,Chao Hong,Zhibing Wu,Qi Wang

DOI: https://doi.org/10.1109/cyber46603.2019.9066579

2019-01-01

Abstract:With the development of information and communication technology, power system has integrated deeply with communication system, which is a typical cyber physical system. While the development of smart grid makes the power side control more accurate and efficient, it also poses potential cyber attack risks. Attackers can cause grid faults and further power outages by disguising the attack behaviors as natural faults. When the grid is on operation, a large amount of data is generated on both the power side and the information side. Therefore, identifying the cause of the grid faults correctly through data mining can be helpful to take correct countermeasures in time to prevent the fault from expanding. In this paper, an identification method is proposed based on the collaborative characteristic sequence of a certain event and is verified on a four-machine two-zone system. The results show that method is effective and reliable.

Mohammad Kamrul Hasan,Rabiu Aliyu Abdulkadir,Shayla Islam,Thippa Reddy Gadekallu,Nurhizam Safie

DOI: https://doi.org/10.1016/j.egyr.2023.12.040

IF: 5.2

2024-01-12

Energy Reports

Abstract:The smart grid (SG) is an advanced cyber-physical system (CPS) that integrates power grid infrastructure with information and communication technologies (ICT). This integration enables real-time monitoring, control, and optimization of electricity demand and supply. However, the increasing reliance on ICT infrastructures has made the SG-CPS more vulnerable to cyberattacks. Hence, securing the SG-CPS from these threats is crucial for its reliable operation. In recent literature, machine learning (ML) techniques and, more recently, deep learning (DL) techniques have been used by several studies to implement cybersecurity countermeasures against cyberattacks in SG-CPS. Nevertheless, the achieving high performance of these state-of-the-art techniques is constrained by certain challenges, including hyperparameter optimization, feature extraction and selection, lack of models' transparency, data privacy, and lack of real-time attack data. This paper reviews the advancement in using ML and DL techniques for cybersecurity countermeasures in SG-CPS. It analyzes the constraints that need to be addressed to improve performance and achieve real-time implementation. The various types of cyberattacks, cybersecurity requirements, and security standards and protocols are also discussed to establish a comprehensive understanding of the cybersecurity context in SG-CPS. This paper will serve as a comprehensive guide for new and experienced researchers.

energy & fuels

Sungmoon Kwon,Hyunguk Yoo,Taeshik Shon

DOI: https://doi.org/10.1109/access.2020.2989770

IF: 3.9

2020-01-01

IEEE Access

Abstract:The introduction of the cyber-physical system (CPS) into power systems has created a variety of communication requirements and functions that existing legacy systems do not support. To this end, the IEEE 1815.1 standard defines the mapping between existing distributed network protocol networks and IEC 61850 networks that reflect new requirements. However, advanced CPS cyberattacks have been reported, and in order to address cyberattacks, security research on new power systems that use network devices and heterogeneous communication is necessary. In this study, we propose an intrusion detection system for an IEEE 1815.1-based power system using CPS. We 1) analyze an IEEE 1815.1-based power system network and propose a suitable application method for an intrusion detection system, 2) suggest a bidirectional recurrent neural network-based anomaly detection system for an IEEE 1815.1-based network, and 3) demonstrate the verification of the proposed technique using various power system-specific attack data, including real power system using CPS network traffic, CPS malware behavior (CMB), false data injection (FDI), and disabling reassembly (DR) attacks. Proposed technique successfully detected five types of CMB attacks, three types of FDI and DR attacks.

computer science, information systems,telecommunications,engineering, electrical & electronic

Abdulaziz Almalaq,Saleh Albadran,Mohamed A. Mohamed

DOI: https://doi.org/10.3390/math10152574

IF: 2.4

2022-07-26

Mathematics

Abstract:Modern intelligent energy grids enable energy supply and consumption to be efficiently managed while simultaneously avoiding a variety of security risks. System disturbances can be caused by both naturally occurring and human-made events. Operators should be aware of the different kinds and causes of disturbances in the energy systems to make informed decisions and respond accordingly. This study addresses this problem by proposing an attack detection model on the basis of deep learning for energy systems, which could be trained utilizing data and logs gathered through phasor measurement units (PMUs). Property or specification making is used to create features, and data are sent to various machine learning methods, of which random forest has been selected as the basic classifier of AdaBoost. Open-source simulated energy system data are used to test the model containing 37 energy system event case studies. In the end, the suggested model has been compared with other layouts according to various assessment metrics. The simulation outcomes showed that this model achieves a detection rate of 93.6% and an accuracy rate of 93.91%, which is greater compared to the existing methods.

mathematics

Prashanth Krishnamurthy,Ali Rasteh,Ramesh Karri,Farshad Khorrami

2024-06-18

Abstract:Increased connectivity and remote reprogrammability/reconfigurability features of embedded devices in current-day power systems (including interconnections between information technology -- IT -- and operational technology -- OT -- networks) enable greater agility, reduced operator workload, and enhanced power system performance and capabilities. However, these features also expose a wider cyber-attack surface, underscoring need for robust real-time monitoring and anomaly detection in power systems, and more generally in Cyber-Physical Systems (CPS). The increasingly complex, diverse, and potentially untrustworthy software and hardware supply chains also make need for robust security tools more stringent. We propose a novel framework for real-time monitoring and anomaly detection in CPS, specifically smart grid substations and SCADA systems. The proposed method enables real-time signal temporal logic condition-based anomaly monitoring by processing raw captured packets from the communication network through a hierarchical semantic extraction and tag processing pipeline into time series of semantic events and observations, that are then evaluated against expected temporal properties to detect and localize anomalies. We demonstrate efficacy of our methodology on a hardware in the loop testbed, including multiple physical power equipment (real-time automation controllers and relays) and simulated devices (Phasor Measurement Units -- PMUs, relays, Phasor Data Concentrators -- PDCs), interfaced to a dynamic power system simulator. The performance and accuracy of the proposed system is evaluated on multiple attack scenarios on our testbed.

Systems and Control

K. Gokulraj,C. B. Venkatramanan

DOI: https://doi.org/10.1080/15325008.2024.2346790

IF: 1.276

2024-05-09

Electric Power Components and Systems

Abstract:In a landscape dominated by the digitalization of energy networks, safeguarding cyber-physical microgrids and against breaches anomalies emerges as a critical imperative. This study pioneers inventive methodologies for Intelligent Detection of Intrusions and Anomalies in Inverter-centric Cyber-Physical Microgrids, leveraging state-of-the-art machine learning paradigms. Using the combined power of LSTM and Convolutional Neural Networks, our suggested approach finds breaches and aberrations in microgrid structures with remarkable accuracy and efficiency. Additionally, we integrate the effectiveness of Gradient Boosting Machines to enhance the overall detection capabilities. Experimental findings underscore the efficacy of our machine learning-driven approach, with CNN achieving a precision of 95%, recall of 92%, and F1-score of 93% in intrusion detection, while LSTM attains a precision of 93%, recall of 91%, and F1-score of 92% in anomaly identification. Furthermore, GBM contributes to achieving an overall efficiency of 96%. Our approach not only bolsters microgrid resilience but also lays the foundation for a secure energy future. In an increasingly interconnected world, the integration of these sophisticated techniques not only bolsters microgrid resilience but also lays the foundation for a secure energy future. By embracing innovation at the convergence of machine learning and energy systems, we stride toward fortified and dependable cyber-physical microgrids.

engineering, electrical & electronic

Weijie Hao,Tao Yang,Qiang Yang

DOI: https://doi.org/10.1109/tase.2021.3073396

IF: 6.636

2023-01-01

IEEE Transactions on Automation Science and Engineering

Abstract:Critical industrial infrastructures are currently facing increasing cyberspace threats in their underlying information and communication systems. The advanced monitoring, control, and management functionalities of the industrial systems firmly rely on the reliable and secure operations of the industrial control system (ICS) network. This article characterizes the ICS network traffic and presents a scalable and efficient solution for real-time ICS network traffic anomaly detection, considering various forms of ICS anomaly events. The events due to the cyberattacks, malicious operating behaviors, and network anomalies can be effectively detected without sophisticated computational requirements and retrieval of communication protocols. The proposed hybrid statistical-machine learning model integrates a seasonal autoregressive integration moving average (SARIMA)-based dynamic threshold model and a long short-term memory (LSTM) model to jointly identify the abnormal traffic patterns with low false omission rates. The proposed solution is extensively evaluated at a realistic ICS cyber–physical system (CPS) testbed, and the numerical results confirm its high detection accuracy and low computational complexity. Note to Practitioners—This article was motivated by the challenge of real-time anomaly detection in industrial cyber–physical systems (CPSs). The existing industrial control system (ICS) network anomaly detection solutions are generally carried out based on a single model based on the historian database and cannot dynamically classify the abnormal conditions in a real-time fashion. A novel hybrid statistical-machine learning model is developed that integrates a seasonal autoregressive integration moving average (SARIMA)-based dynamic threshold model and a long short-term memory (LSTM) model to jointly identify the anomalous events through traffic pattern analysis. The proposed anomaly detection solution can efficiently provide accurate detection for cyberattacks, malicious operating behaviors, and network anomalies while meeting the real-time requirements of ICS networks. The proposed solution can be deployed in the realistic ICS CPSs, e.g., the power generation system, gas pipeline systems, and urban railway transportation systems. The preliminary numerical results obtained from the ICS-CPS testbed suggested that it can provide high detection accuracy with low computational complexity and, hence, can be adopted with minimal deployment hurdles.

Sayawu Yakubu Diaba,Miadreza Shafie-Khah,Mohammed Elmusrati

DOI: https://doi.org/10.1109/access.2023.3247193

IF: 3.9

2023-03-04

IEEE Access

Abstract:Supervisory Control and Data Acquisition system linked to Intelligent Electronic Devices over a communication network keeps an eye on smart grids' performance and safety. The lack of algorithms protecting the power system communication protocols makes them vulnerable to cyberattacks, which can result in a hacker introducing false data into the operational network. This can result in delayed attack detection, which might harm the infrastructure, cause financial loss, or even result in fatalities. Similarly, attackers may be able to feed the system with fake information to hoax the operator and the algorithm into making bad decisions at crucial moments. This paper attempts to identify and classify such cyber-attacks by using numerous deep learning algorithms and optimizing the data features with a metaheuristic algorithm. We proposed a Restricted Boltzmann Machine-based nature-inspired artificial root foraging optimization algorithm. Using a publicly available dataset produced in Mississippi State University's Oak Ridge National Laboratory, simulations are run on the Jupiter Notebook. Traditional supervised machine learning algorithms like Artificial Neural Networks, Convolutional Neural Networks, and Support Vector Machines are measured with the proposed algorithm to demonstrate the effectiveness of the algorithms. Simulations show that the proposed algorithm produced superior results, with an accuracy of 97.8% for binary classification, 95.6% for three-class classification, and 94.3% for multi-class classification. Thereby outperforming its counterpart algorithms in terms of accuracy, precision, recall, and f1 score.

computer science, information systems,telecommunications,engineering, electrical & electronic

Tarek Berghout,Mohamed Benbouzid,S.M. Muyeen

DOI: https://doi.org/10.1016/j.ijcip.2022.100547

IF: 3.683

2022-09-01

International Journal of Critical Infrastructure Protection

Abstract:In modern Smart Grids (SGs) ruled by advanced computing and networking technologies, condition monitoring relies on secure cyberphysical connectivity. Due to this connection, a portion of transported data, containing confidential information, must be protected as it is vulnerable and subject to several cyber threats. SG cyberspace adversaries attempt to gain access through networking platforms to commit several criminal activities such as disrupting or malicious manipulation of whole electricity delivery process including generation, distribution, and even customer services such as billing, leading to serious damage, including financial losses and loss of reputation. Therefore, human awareness training and software technologies are necessary precautions to ensure the reliability of data traffic and power transmission. By exploring the available literature, it is undeniable that Machine Learning (ML) has become the latest in the timeline and one of the leading artificial intelligence technologies capable of detecting, identifying, and responding by mitigating adversary attacks in SGs. In this context, the main objective of this paper is to review different ML tools used in recent years for cyberattacks analysis in SGs. It also provides important guidelines on ML model selection as a global solution when building an attack predictive model. A detailed classification is therefore developed with respect to data security triad, i.e., Confidentiality, Integrity, and Availability (CIA) within different types of cyber threats, systems, and datasets. Furthermore, this review highlights the various encountered challenges, drawbacks, and possible solutions as future prospects for ML cybersecurity applications in SGs.

engineering, multidisciplinary,computer science, information systems

Alfan Presekal,Alexandru Stefanov,Vetrivel S. Rajkumar,Peter Palensky

DOI: https://doi.org/10.1109/tsg.2023.3237011

IF: 10.275

2023-09-01

IEEE Transactions on Smart Grid

Abstract:Electrical power grids are vulnerable to cyber attacks, as seen in Ukraine in 2015 and 2016. However, existing attack detection methods are limited. Most of them are based on power system measurement anomalies that occur when an attack is successfully executed at the later stages of the cyber kill chain. In contrast, the attacks on the Ukrainian power grid show the importance of system-wide, early-stage attack detection through communication-based anomalies. Therefore, in this paper, we propose a novel method for online cyber attack situational awareness that enhances the power grid resilience. It supports power system operators in the identification and localization of active attack locations in Operational Technology (OT) networks in near real-time. The proposed method employs a hybrid deep learning model of Graph Convolutional Long Short-Term Memory (GC-LSTM) and a deep convolutional network for time series classification-based anomaly detection. It is implemented as a combination of software defined networking, anomaly detection in communication throughput, and a novel attack graph model. Results indicate that the proposed method can identify active attack locations, e.g., within substations, control center, and wide area network, with an accuracy above 96%. Hence, it outperforms existing state-of-the-art deep learning-based time series classification methods.

engineering, electrical & electronic

Smitha Joyce Pinto,Pierluigi Siano,Mimmo Parente

DOI: https://doi.org/10.3390/en16041651

IF: 3.2

2023-02-07

Energies

Abstract:In a physical microgrid system, equipment failures, manual misbehavior of equipment, and power quality can be affected by intentional cyberattacks, made more dangerous by the widespread use of established communication networks via sensors. This paper comprehensively reviews smart grid challenges on cyber-physical and cyber security systems, standard protocols, communication, and sensor technology. Existing supervised learning-based Machine Learning (ML) methods for identifying cyberattacks in smart grids mostly rely on instances of both normal and attack events for training. Additionally, for supervised learning to be effective, the training dataset must contain representative examples of various attack situations having different patterns, which is challenging. Therefore, we reviewed a novel Data Mining (DM) approach based on unsupervised rules for identifying False Data Injection Cyber Attacks (FDIA) in smart grids using Phasor Measurement Unit (PMU) data. The unsupervised algorithm is excellent for discovering unidentified assault events since it only uses examples of typical events to train the detection models. The datasets used in our study, which looked at some well-known unsupervised detection methods, helped us assess the performances of different methods. The performance comparison with popular unsupervised algorithms is better at finding attack events if compared with supervised and Deep Learning (DL) algorithms.

energy & fuels

Wangkun Xu,Fei Teng

DOI: https://doi.org/10.48550/arXiv.2011.01816

2020-11-03

Systems and Control

Abstract:As one of the largest and most complex systems on earth, power grid (PG) operation and control have stepped forward as a compound analysis on both physical and cyber layers which makes it vulnerable to assaults from economic and security considerations. A new type of attack, namely as combined data Integrity-Availability attack, has been recently proposed, where the attackers can simultaneously manipulate and blind some measurements on SCADA system to mislead the control operation and keep stealthy. Compared with traditional FDIAs, this combined attack can further complicate and vitiate the model-based detection mechanism. To detect such attack, this paper proposes a novel random denoising LSTM-AE (LSTMRDAE) framework, where the spatial-temporal correlations of measurements can be explicitly captured and the unavailable data is countered by the random dropout layer. The proposed algorithm is evaluated and the performance is verified on a standard IEEE 118-bus system under various unseen attack attempts.

Nakkeeran Murugesan,Anantha Narayanan Velu,Bagavathi Sivakumar Palaniappan,Balamurugan Sukumar,Md. Jahangir Hossain

DOI: https://doi.org/10.3390/en17081965

IF: 3.2

2024-04-21

Energies

Abstract:In the Industry 4.0 era of smart grids, the real-world problem of blackouts and cascading failures due to cyberattacks is a significant concern and highly challenging because the existing Intrusion Detection System (IDS) falls behind in handling missing rates, response times, and detection accuracy. Addressing this problem with an early attack detection mechanism with a reduced missing rate and decreased response time is critical. The development of an Intelligent IDS is vital to the mission-critical infrastructure of a smart grid to prevent physical sabotage and processing downtime. This paper aims to develop a robust Anomaly-based IDS using a statistical approach with a machine learning classifier to discriminate cyberattacks from natural faults and man-made events to avoid blackouts and cascading failures. The novel mechanism of a statistical approach with a machine learning (SAML) classifier based on Neighborhood Component Analysis, ExtraTrees, and AdaBoost for feature extraction, bagging, and boosting, respectively, is proposed with optimal hyperparameter tuning for the early discrimination of cyberattacks from natural faults and man-made events. The proposed model is tested using the publicly available Industrial Control Systems Cyber Attack Power System (Triple Class) dataset with a three-bus/two-line transmission system from Mississippi State University and Oak Ridge National Laboratory. Furthermore, the proposed model is evaluated for scalability and generalization using the publicly accessible IEEE 14-bus and 57-bus system datasets of False Data Injection (FDI) attacks. The test results achieved higher detection accuracy, lower missing rates, decreased false alarm rates, and reduced response time compared to the existing approaches.

energy & fuels

Yize Chen,Yushi Tan,Deepjyoti Deka

DOI: https://doi.org/10.48550/arXiv.1808.08197

2018-08-27

Abstract:Recent advances in Machine Learning(ML) have led to its broad adoption in a series of power system applications, ranging from meter data analytics, renewable/load/price forecasting to grid security assessment. Although these data-driven methods yield state-of-the-art performances in many tasks, the robustness and security of applying such algorithms in modern power grids have not been discussed. In this paper, we attempt to address the issues regarding the security of ML applications in power systems. We first show that most of the current ML algorithms proposed in power systems are vulnerable to adversarial examples, which are maliciously crafted input data. We then adopt and extend a simple yet efficient algorithm for finding subtle perturbations, which could be used for generating adversaries for both categorical(e.g., user load profile classification) and sequential applications(e.g., renewables generation forecasting). Case studies on classification of power quality disturbances and forecast of building loads demonstrate the vulnerabilities of current ML algorithms in power networks under our adversarial designs. These vulnerabilities call for design of robust and secure ML algorithms for real world applications.

Systems and Control