scholarly journals Detecting Cyber Attacks in Smart Grids Using Semi-Supervised Anomaly Detection and Deep Representation Learning

Information ◽  
2021 ◽  
Vol 12 (8) ◽  
pp. 328
Author(s):  
Ruobin Qi ◽  
Craig Rasband ◽  
Jun Zheng ◽  
Raul Longoria
Keyword(s):  
Anomaly Detection ◽  
Supervised Learning ◽  
Information And Communication Technologies ◽  
Smart Grids ◽  
Representation Learning ◽  
Performance Comparison ◽  
Cyber Attacks ◽  
Training Dataset ◽  
Cyber Attack ◽  
Detection Algorithms

Smart grids integrate advanced information and communication technologies (ICTs) into traditional power grids for more efficient and resilient power delivery and management, but also introduce new security vulnerabilities that can be exploited by adversaries to launch cyber attacks, causing severe consequences such as massive blackout and infrastructure damages. Existing machine learning-based methods for detecting cyber attacks in smart grids are mostly based on supervised learning, which need the instances of both normal and attack events for training. In addition, supervised learning requires that the training dataset includes representative instances of various types of attack events to train a good model, which is sometimes hard if not impossible. This paper presents a new method for detecting cyber attacks in smart grids using PMU data, which is based on semi-supervised anomaly detection and deep representation learning. Semi-supervised anomaly detection only employs the instances of normal events to train detection models, making it suitable for finding unknown attack events. A number of popular semi-supervised anomaly detection algorithms were investigated in our study using publicly available power system cyber attack datasets to identify the best-performing ones. The performance comparison with popular supervised algorithms demonstrates that semi-supervised algorithms are more capable of finding attack events than supervised algorithms. Our results also show that the performance of semi-supervised anomaly detection algorithms can be further improved by augmenting with deep representation learning.

Alternate methods for anomaly detection in high-energy physics via semi-supervised learning

2020 ◽  
Vol 35 (23) ◽  
pp. 2050131
Author(s):  
Mohd Adli Md Ali ◽  
Nu’man Badrud’din ◽  
Hafidzul Abdullah ◽  
Faiz Kemi
Keyword(s):  
Anomaly Detection ◽  
Supervised Learning ◽  
High Energy Physics ◽  
High Energy ◽  
Classification Model ◽  
Training Dataset ◽  
Weakly Supervised Learning ◽  
Physics Community ◽  
Weakly Supervised ◽  
Energy Physics

Recently, the concept of weakly supervised learning has gained popularity in the high-energy physics community due to its ability to learn even with a noisy and impure dataset. This method is valuable in the quest to discover the elusive beyond Standard Model (BSM) particle. Nevertheless, the weakly supervised learning method still requires a learning sample that describes the features of the BSM particle truthfully to the classification model. Even with the various theoretical framework such as supersymmetry and the quantum black hole, creating a BSM sample is not a trivial task since the exact feature of the particle is unknown. Due to these difficulties, we propose an alternative classifier type called the one-class classification (OCC). OCC algorithms require only background or noise samples in its training dataset, which is already abundant in the high-energy physics community. The algorithm will flag any sample that does not fit the background feature as an abnormality. In this paper, we introduce two new algorithms called EHRA and C-EHRA, which use machine learning regression and clustering to detect anomalies in samples. We tested the algorithms’ capability to create distinct anomalous patterns in the presence of BSM samples and also compare their classification output metrics to the Isolation Forest (ISF), a well-known anomaly detection algorithm. Five Monte Carlo supersymmetry datasets with the signal to noise ratio equal to 1, 0.1, 0.01, 0.001, and 0.0001 were used to test EHRA, C-EHRA and ISF algorithm. In our study, we found that the EHRA with an artificial neural network regression has the highest ROC-AUC score at 0.7882 for the balanced dataset, while the C-EHRA has the highest precision-sensitivity score for the majority of the imbalanced datasets. These findings highlight the potential use of the EHRA, C-EHRA, and other OCC algorithms in the quest to discover BSM particles.

scholarly journals Modeling and Detection of Future Cyber-Enabled DSM Data Attacks

Energies ◽  
2020 ◽  
Vol 13 (17) ◽  
pp. 4331
Author(s):  
Kostas Hatalis ◽  
Chengbo Zhao ◽  
Parv Venkitasubramaniam ◽  
Larry Snyder ◽  
Shalinee Kishore ◽  
...  
Keyword(s):  
Supervised Learning ◽  
Smart Grids ◽  
Communication Systems ◽  
Feedback Mechanism ◽  
Cyber Attacks ◽  
Load Management ◽  
Mathematical Framework ◽  
Dynamic Price ◽  
Advanced Metering ◽  
Price Demand

Demand-Side Management (DSM) is an essential tool to ensure power system reliability and stability. In future smart grids, certain portions of a customer’s load usage could be under the automatic control of a cyber-enabled DSM program, which selectively schedules loads as a function of electricity prices to improve power balance and grid stability. In this scenario, the security of DSM cyberinfrastructure will be critical as advanced metering infrastructure and communication systems are susceptible to cyber-attacks. Such attacks, in the form of false data injections, can manipulate customer load profiles and cause metering chaos and energy losses in the grid. The feedback mechanism between load management on the consumer side and dynamic price schemes employed by independent system operators can further exacerbate attacks. To study how this feedback mechanism may worsen attacks in future cyber-enabled DSM programs, we propose a novel mathematical framework for (i) modeling the nonlinear relationship between load management and real-time pricing, (ii) simulating residential load data and prices, (iii) creating cyber-attacks, and (iv) detecting said attacks. In this framework, we first develop time-series forecasts to model load demand and use them as inputs to an elasticity model for the price-demand relationship in the DSM loop. This work then investigates the behavior of such a feedback loop under intentional cyber-attacks. We simulate and examine load-price data under different DSM-participation levels with three types of random additive attacks: ramp, sudden, and point attacks. We conduct two investigations for the detection of DSM attacks. The first studies a supervised learning approach, with various classification models, and the second studies the performance of parametric and nonparametric change point detectors. Results conclude that higher amounts of DSM participation can exacerbate ramp and sudden attacks leading to better detection of such attacks, especially with supervised learning classifiers. We also find that nonparametric detection outperforms parametric for smaller user pools, and random point attacks are the hardest to detect with any method.

scholarly journals Intelligent Cyber Attack Detection and Classification for Network-Based Intrusion Detection Systems

2021 ◽  
Vol 11 (4) ◽  
pp. 1674
Author(s):  
Nuno Oliveira ◽  
Isabel Praça ◽  
Eva Maia ◽  
Orlando Sousa
Keyword(s):  
Intrusion Detection ◽  
Anomaly Detection ◽  
Information And Communication Technologies ◽  
Network Traffic ◽  
Short Term Memory ◽  
Attack Detection ◽  
Intrusion Detection Systems ◽  
Machine Learning Techniques ◽  
Cyber Attack ◽  
Detection Systems

With the latest advances in information and communication technologies, greater amounts of sensitive user and corporate information are shared continuously across the network, making it susceptible to an attack that can compromise data confidentiality, integrity, and availability. Intrusion Detection Systems (IDS) are important security mechanisms that can perform the timely detection of malicious events through the inspection of network traffic or host-based logs. Many machine learning techniques have proven to be successful at conducting anomaly detection throughout the years, but only a few considered the sequential nature of data. This work proposes a sequential approach and evaluates the performance of a Random Forest (RF), a Multi-Layer Perceptron (MLP), and a Long-Short Term Memory (LSTM) on the CIDDS-001 dataset. The resulting performance measures of this particular approach are compared with the ones obtained from a more traditional one, which only considers individual flow information, in order to determine which methodology best suits the concerned scenario. The experimental outcomes suggest that anomaly detection can be better addressed from a sequential perspective. The LSTM is a highly reliable model for acquiring sequential patterns in network traffic data, achieving an accuracy of 99.94% and an f1-score of 91.66%.

scholarly journals GridAttackSim: A Cyber Attack Simulation Framework for Smart Grids

Electronics ◽  
2020 ◽  
Vol 9 (8) ◽  
pp. 1218
Author(s):  
Tan Duy Le ◽  
Adnan Anwar ◽  
Seng W. Loke ◽  
Razvan Beuran ◽  
Yasuo Tan
Keyword(s):  
Smart Grid ◽  
Communication Networks ◽  
Smart Grids ◽  
Cyber Attacks ◽  
Cyber Attack ◽  
Grid System ◽  
Simulation Framework ◽  
Grid Security ◽  
Smart Grid Security ◽  
Smart Grid System

The smart grid system is one of the key infrastructures required to sustain our future society. It is a complex system that comprises two independent parts: power grids and communication networks. There have been several cyber attacks on smart grid systems in recent years that have caused significant consequences. Therefore, cybersecurity training specific to the smart grid system is essential in order to handle these security issues adequately. Unfortunately, concepts related to automation, ICT, smart grids, and other physical sectors are typically not covered by conventional training and education methods. These cybersecurity experiences can be achieved by conducting training using a smart grid co-simulation, which is the integration of at least two simulation models. However, there has been little effort to research attack simulation tools for smart grids. In this research, we first review the existing research in the field, and then propose a smart grid attack co-simulation framework called GridAttackSim based on the combination of GridLAB-D, ns-3, and FNCS. The proposed architecture allows us to simulate smart grid infrastructure features with various cybersecurity attacks and then visualize their consequences automatically. Furthermore, the simulator not only features a set of built-in attack profiles but also enables scientists and electric utilities interested in improving smart grid security to design new ones. Case studies were conducted to validate the key functionalities of the proposed framework. The simulation results are supported by relevant works in the field, and the system can potentially be deployed for cybersecurity training and research.

scholarly journals Detection of Cyber-Attack in Broad-Scale Smart Grids using Deep and Scalable Unsupervised Machine Learning System

2020 ◽  
Vol 9 (10) ◽  
pp. 335-344
Keyword(s):  
Anomaly Detection ◽  
Power Distribution ◽  
Smart Grids ◽  
Detection System ◽  
False Positive Rate ◽  
True Positive Rate ◽  
Statistical Correlation ◽  
Learning System ◽  
Cyber Attack ◽  
Positive Rate

The increase in the reliability, efficiency and security of the electrical grids was credited to the innovation of the smart grid. It is also a fact that the smart grids a very dependable on the digital communication technology that in turn gives rise to undiscovered weaknesses which have to be reconsidered for dependable and coherent power distribution. In this paper, we propose an unsupervised anomaly detection which is mainly focused the statistical correlation among the data. The main aim is to create a scalable anomaly detection system suitable for huge-scale smart grids, which are capable to denote a difference between a real fault from a disruption and an intelligent cyber-attack. We have presented a methodology that applies the concept of attribute extraction by the use of Symbolic Dynamic Filtering (SDF) to decrease compilation drift whilst uncovering usual interactions among subsystems. Results of simulation obtained on IEEE 39, 118 and 2848 bus systems confirm the execution of the method, proposed in this paper, under various working conditions. The results depict a precision of almost 99 percent, along with 98 percent of true positive rate and less than 2 percent of false positive rate.

Big Data Analytics With Machine Learning and Deep Learning Methods for Detection of Anomalies in Network Traffic

2020 ◽  
pp. 317-346 ◽  
Author(s):  
Valliammal Narayan ◽  
Shanmugapriya D.
Keyword(s):  
Big Data ◽  
Deep Learning ◽  
Anomaly Detection ◽  
Traffic Flow ◽  
Cyber Security ◽  
Learning Algorithms ◽  
Cyber Attacks ◽  
Structured Data ◽  
Cyber Attack ◽  
Imbalance Problem

Information is vital for any organization to communicate through any network. The growth of internet utilization and the web users increased the cyber threats. Cyber-attacks in the network change the traffic flow of each system. Anomaly detection techniques have been developed for different types of cyber-attack or anomaly strategies. Conventional ADS protect information transferred through the network or cyber attackers. The stable prevention of anomalies by machine and deep-learning algorithms are applied for cyber-security. Big data solutions handle voluminous data in a short span of time. Big data management is the organization and manipulation of huge volumes of structured data, semi-structured data and unstructured data, but it does not handle a data imbalance problem during the training process. Big data-based machine and deep-learning algorithms for anomaly detection involve the classification of decision boundary between normal traffic flow and anomaly traffic flow. The performance of anomaly detection is efficiently increased by different algorithms.

scholarly journals Intelligent Cyber-Attack Detection and Classification for Network-based Intrusion Detection Systems

2020 ◽  
Author(s):  
Nuno Oliveira ◽  
Isabel Praça ◽  
Eva Maia ◽  
Orlando Sousa
Keyword(s):  
Intrusion Detection ◽  
Anomaly Detection ◽  
Information And Communication Technologies ◽  
Network Traffic ◽  
Short Term Memory ◽  
Attack Detection ◽  
Intrusion Detection Systems ◽  
Machine Learning Techniques ◽  
Cyber Attack ◽  
Detection Systems

With the latest advances in information and communication technologies, greater amounts of sensitive user and corporate information are constantly shared across the network making it susceptible to an attack that can compromise data confidentiality, integrity and availability. Intrusion Detection Systems (IDS) are important security mechanisms that can perform a timely detection of malicious events through the inspection of network traffic or host-based logs. Throughout the years, many machine learning techniques have proven to be successful at conducting anomaly detection but only a few considered the sequential nature of data. This work proposes a sequential approach and evaluates the performance of a Random Forest (RF), a Multi-Layer Perceptron (MLP) and a Long-Short Term Memory (LSTM) on the CIDDS-001 dataset. The resulting performance measures of this particular approach are compared with the ones obtained from a more traditional one, that only considers individual flow information, in order to determine which methodology best suits the concerned scenario. The experimental outcomes lead to believe that anomaly detection can be better addressed from a sequential perspective and that the LSTM is a very reliable model for acquiring sequential patterns in network traffic data, achieving an accuracy of 99.94% and a f1-score of 91.66%.

scholarly journals Optimization of network traffic anomaly detection using machine learning

2021 ◽  
Vol 11 (3) ◽  
pp. 2360
Author(s):  
ChoXuan Do ◽  
Nguyen Quang Dam ◽  
Nguyen Tung Lam
Keyword(s):  
Random Forest ◽  
Detection Method ◽  
Information Gain ◽  
Principal Component ◽  
Attack Detection ◽  
Cyber Attacks ◽  
Abnormal Behavior ◽  
Cyber Attack ◽  
Detection Algorithms ◽  
Abnormal Behavior Detection

In this paper, to optimize the process of detecting cyber-attacks, we choose to propose 2 main optimization solutions: Optimizing the detection method and optimizing features. Both of these two optimization solutions are to ensure the aim is to increase accuracy and reduce the time for analysis and detection. Accordingly, for the detection method, we recommend using the Random Forest supervised classification algorithm. The experimental results in section 4.1 have proven that our proposal that use the Random Forest algorithm for abnormal behavior detection is completely correct because the results of this algorithm are much better than some other detection algorithms on all measures. For the feature optimization solution, we propose to use some data dimensional reduction techniques such as information gain, principal component analysis, and correlation coefficient method. The results of the research proposed in our paper have proven that to optimize the cyber-attack detection process, it is not necessary to use advanced algorithms with complex and cumbersome computational requirements, it must depend on the monitoring data for selecting the reasonable feature extraction and optimization algorithm as well as the appropriate attack classification and detection algorithms.

Sign in / Sign up

Export Citation Format

Share Document