skip to main content


Title: Network Intrusion Detection in Smart Grids for Imbalanced Attack Types Using Machine Learning Models
Smart grid has evolved as the next generation power grid paradigm which enables the transfer of real time information between the utility company and the consumer via smart meter and advanced metering infrastructure (AMI). These information facilitate many services for both, such as automatic meter reading, demand side management, and time-of-use (TOU) pricing. However, there have been growing security and privacy concerns over smart grid systems, which are built with both smart and legacy information and operational technologies. Intrusion detection is a critical security service for smart grid systems, alerting the system operator for the presence of ongoing attacks. Hence, there has been lots of research conducted on intrusion detection in the past, especially anomaly-based intrusion detection. Problems emerge when common approaches of pattern recognition are used for imbalanced data which represent much more data instances belonging to normal behaviors than to attack ones, and these approaches cause low detection rates for minority classes. In this paper, we study various machine learning models to overcome this drawback by using CIC-IDS2018 dataset [1].  more » « less
Award ID(s):
1757207
NSF-PAR ID:
10132370
Author(s) / Creator(s):
;
Date Published:
Journal Name:
2019 International Conference on Information and Communication Technology Convergence (ICTC)
Page Range / eLocation ID:
576 to 581
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. In recent years, there has been a growing interest in so-called smart cities. These cities use technology to connect and enhance the lives of their citizens. Smart cities use many Internet of Things (loT) devices, such as sensors and video cameras, that are interconnected to provide constant feedback and up-to-date information on everything that is happening. Despite the benefits of these cities, they introduce a numerous new vulnerabilities as well. These smart cities are now susceptible to cyber-attacks that aim to “alter, disrupt, deceive, degrade, or destroy computer systems.” Through the use of an educational and research-based loT test-bed with multiple networking layers and heterogeneous devices connected to simultaneously support networking research, anomaly detection, and security principles, we can pinpoint some of these vulnerabilities. This work will contribute potential solutions to these vulnerabilities that can hopefully be replicated in smart cities around the world. Specifically, in the transportation section of our educational smart city several vulnerabilities in the signal lights, street lights, and the cities train network were discovered. To conduct this research two scenarios were developed. These consisted of inside the network security and network perimeter security. For the latter we were able to find extensive vulnerabilities that would allow an attacker to map the entire smart city sub-network. Solutions to this problem are outlined that utilize an Intrusion Detection System and Port Mirroring. However, while we were able to exploit the city's Programmable Logic Controller (PLC) once inside the network, it was found that due to dated Supervisory Control and Data Acquisition (SCADA) systems, there were almost no solutions to these exploits. 
    more » « less
  2. Advanced metering infrastructure (AMI)is a critical part of a modern smart grid that performs the bidirectional data flow of sensitive power information such as smart metering data and control commands. The real-time monitoring and control of the grid are ensured through AMI. While smart meter data helps to improve the overall performance of the grid in terms of efficient energy management, it has also made the AMI an attractive target of cyber attackers with a goal of stealing energy. This is performed through the physical or cyber tampering of the meters, as well as by manipulating the network infrastructure to alter collected data. Proper technology is required for the identification of energy fraud. In this paper, we propose a novel technique to detect fraudulent data from smart meters based on the energy consumption patterns of the consumers by utilizing deep learning techniques. We also propose a method for detecting the suspicious relay nodes in the AMI infrastructure that may manipulate the data while forwarding it to the aggregators. We present the performance of our proposed technique, which shows the correctness of the models in identifying the suspicious smart meter data. 
    more » « less
  3. Security and trust of Information Systems are critical in its design as they directly influence users' view and acceptance of such systems. Security can be said to be a contextual and dynamic term as there has not been a holistic, universal, and eternal security measure to date. Recent years have seen a lot of confidential and sensitive information being sent, received, and analyzed on the Internet, and a plethora of investigations on ways of developing comprehensive security solutions like encryptions, pattern recognition, and anomaly detection. This work reviews the human inspired algorithms that are particularly employed in pattern recognition and anomaly detection problems. The work discusses the components of the immune system that inspired the artificial Immune System (AIS) based algorithms for pattern and intrusion detection (IDS) problems. A detailed comparison is made between negative selection, clonal selection, and dendritic cell algorithms (danger theory) which are the three major AIS algorithms. AIS is ubiquitous in computer and information security because it is based on the theories developed through years of study and understanding of the human immune system by immunologist. The strengths and weaknesses of these algorithms are also discussed, and possible improvement suggested. 
    more » « less
  4. Integration of complex and high-speed electronic components in the state of art electric power system enhances the need for improved security infrastructure and resilience against invasive and non-invasive attacks on the smart grid. A modern smart grid system integrates a variety of instruments and standards to achieve cost-effective and time-effective energy measurement and management. As the fundamental component in the smart grid, the smart meter supports real-time monitoring, automatic control, and high-speed communication along with power consumption recording. However, the wide use of smart meters also increases privacy and security concerns. In this paper, we demonstrate the vulnerability of side-channel attacks on secure communication in smart grids for software-based and hardware-based implementations. 
    more » « less
  5. null (Ed.)
    Spurious power consumption data reported from compromised meters controlled by organized adversaries in the Advanced Metering Infrastructure (AMI) may have drastic consequences on a smart grid’s operations. While existing research on data falsification in smart grids mostly defends against isolated electricity theft, we introduce a taxonomy of various data falsification attack types, when smart meters are compromised by organized or strategic rivals. To counter these attacks, we first propose a coarse-grained and a fine-grained anomaly-based security event detection technique that uses indicators such as deviation and directional change in the time series of the proposed anomaly detection metrics to indicate: (i) occurrence, (ii) type of attack, and (iii) attack strategy used, collectively known as attack context . Leveraging the attack context information, we propose three attack response metrics to the inferred attack context: (a) an unbiased mean indicating a robust location parameter; (b) a median absolute deviation indicating a robust scale parameter; and (c) an attack probability time ratio metric indicating the active time horizon of attacks. Subsequently, we propose a trust scoring model based on Kullback-Leibler (KL) divergence, that embeds the appropriate unbiased mean, the median absolute deviation, and the attack probability ratio metric at runtime to produce trust scores for each smart meter. These trust scores help classify compromised smart meters from the non-compromised ones. The embedding of the attack context, into the trust scoring model, facilitates accurate and rapid classification of compromised meters, even under large fractions of compromised meters, generalize across various attack strategies and margins of false data. Using real datasets collected from two different AMIs, experimental results show that our proposed framework has a high true positive detection rate, while the average false alarm and missed detection rates are much lesser than 10% for most attack combinations for two different real AMI micro-grid datasets. Finally, we also establish fundamental theoretical limits of the proposed method, which will help assess the applicability of our method to other domains. 
    more » « less