skip to main content

Explore Research Products in the NSF-PAR

Title: Network Intrusion Detection in Smart Grids for Imbalanced Attack Types Using Machine Learning Models
Smart grid has evolved as the next generation power grid paradigm which enables the transfer of real time information between the utility company and the consumer via smart meter and advanced metering infrastructure (AMI). These information facilitate many services for both, such as automatic meter reading, demand side management, and time-of-use (TOU) pricing. However, there have been growing security and privacy concerns over smart grid systems, which are built with both smart and legacy information and operational technologies. Intrusion detection is a critical security service for smart grid systems, alerting the system operator for the presence of ongoing attacks. Hence, there has been lots of research conducted on intrusion detection in the past, especially anomaly-based intrusion detection. Problems emerge when common approaches of pattern recognition are used for imbalanced data which represent much more data instances belonging to normal behaviors than to attack ones, and these approaches cause low detection rates for minority classes. In this paper, we study various machine learning models to overcome this drawback by using CIC-IDS2018 dataset [1].  more » « less
Award ID(s):
1757207
NSF-PAR ID:
10132370
Author(s) / Creator(s):
;
Date Published:
Journal Name:
2019 International Conference on Information and Communication Technology Convergence (ICTC)
Page Range / eLocation ID:
576 to 581
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; ( , ACM Transactions on Privacy and Security)
    null (Ed.)
    Spurious power consumption data reported from compromised meters controlled by organized adversaries in the Advanced Metering Infrastructure (AMI) may have drastic consequences on a smart grid’s operations. While existing research on data falsification in smart grids mostly defends against isolated electricity theft, we introduce a taxonomy of various data falsification attack types, when smart meters are compromised by organized or strategic rivals. To counter these attacks, we first propose a coarse-grained and a fine-grained anomaly-based security event detection technique that uses indicators such as deviation and directional change in the time series of the proposed anomaly detection metrics to indicate: (i) occurrence, (ii) type of attack, and (iii) attack strategy used, collectively known as attack context . Leveraging the attack context information, we propose three attack response metrics to the inferred attack context: (a) an unbiased mean indicating a robust location parameter; (b) a median absolute deviation indicating a robust scale parameter; and (c) an attack probability time ratio metric indicating the active time horizon of attacks. Subsequently, we propose a trust scoring model based on Kullback-Leibler (KL) divergence, that embeds the appropriate unbiased mean, the median absolute deviation, and the attack probability ratio metric at runtime to produce trust scores for each smart meter. These trust scores help classify compromised smart meters from the non-compromised ones. The embedding of the attack context, into the trust scoring model, facilitates accurate and rapid classification of compromised meters, even under large fractions of compromised meters, generalize across various attack strategies and margins of false data. Using real datasets collected from two different AMIs, experimental results show that our proposed framework has a high true positive detection rate, while the average false alarm and missed detection rates are much lesser than 10% for most attack combinations for two different real AMI micro-grid datasets. Finally, we also establish fundamental theoretical limits of the proposed method, which will help assess the applicability of our method to other domains. 
    more » « less
  2. ; ; ; ( , CSEE Journal of Power and Energy Systems)
    The growing integration of distributed energy resources (DERs) in distribution grids raises various reliability issues due to DER's uncertain and complex behaviors. With large-scale DER penetration in distribution grids, traditional outage detection methods, which rely on customers report and smart meters' “last gasp” signals, will have poor performance, because renewable generators and storage and the mesh structure in urban distribution grids can continue supplying power after line outages. To address these challenges, we propose a data-driven outage monitoring approach based on the stochastic time series analysis with a theoretical guarantee. Specifically, we prove via power flow analysis that dependency of time-series voltage measurements exhibits significant statistical changes after line outages. This makes the theory on optimal change-point detection suitable to identify line outages. However, existing change point detection methods require post-outage voltage distribution, which are unknown in distribution systems. Therefore, we design a maximum likelihood estimator to directly learn distribution pa-rameters from voltage data. We prove the estimated parameters-based detection also achieves optimal performance, making it extremely useful for fast distribution grid outage identifications. Furthermore, since smart meters have been widely installed in distribution grids and advanced infrastructure (e.g., PMU) has not widely been available, our approach only requires voltage magnitude for quick outage identification. Simulation results show highly accurate outage identification in eight distribution grids with 17 configurations with and without DERs using smart meter data. 
    more » « less
  3. ; ; ; ; ( , Computing and Communication Workshop and Conference (CCWC))
    In recent years, there has been a growing interest in so-called smart cities. These cities use technology to connect and enhance the lives of their citizens. Smart cities use many Internet of Things (loT) devices, such as sensors and video cameras, that are interconnected to provide constant feedback and up-to-date information on everything that is happening. Despite the benefits of these cities, they introduce a numerous new vulnerabilities as well. These smart cities are now susceptible to cyber-attacks that aim to “alter, disrupt, deceive, degrade, or destroy computer systems.” Through the use of an educational and research-based loT test-bed with multiple networking layers and heterogeneous devices connected to simultaneously support networking research, anomaly detection, and security principles, we can pinpoint some of these vulnerabilities. This work will contribute potential solutions to these vulnerabilities that can hopefully be replicated in smart cities around the world. Specifically, in the transportation section of our educational smart city several vulnerabilities in the signal lights, street lights, and the cities train network were discovered. To conduct this research two scenarios were developed. These consisted of inside the network security and network perimeter security. For the latter we were able to find extensive vulnerabilities that would allow an attacker to map the entire smart city sub-network. Solutions to this problem are outlined that utilize an Intrusion Detection System and Port Mirroring. However, while we were able to exploit the city's Programmable Logic Controller (PLC) once inside the network, it was found that due to dated Supervisory Control and Data Acquisition (SCADA) systems, there were almost no solutions to these exploits. 
    more » « less
  4. ; ; ( , CIGRE Study Committee D2 Colloquium, Helsinki, Finland)
    The fast-growing installation of solar PVs has a significant impact on the operation of distribution systems. Grid-tied solar inverters provide reactive power capability to support the voltage profile in a distribution system. In comparison with traditional inverters, smart inverters have the capability of real time remote control through digital communication interfaces. However, cyberattack has become a major threat with the deployment of Information and Communications Technology (ICT) in a smart grid. The past cyberattack incidents have demonstrated how attackers can sabotage a power grid through digital communication systems. In the worst case, numerous electricity consumers can experience a major and extended power outage. Unfortunately, tracking techniques are not efficient for today’s advanced communication networks. Therefore, a reliable cyber protection system is a necessary defense tool for the power grid. In this paper, a signature-based Intrusion Detection System (IDS) is developed to detect cyber intrusions of a distribution system with a high level penetration of solar energy. To identify cyberattack events, an attack table is constructed based on the Temporal Failure Propagation Graph (TFPG) technique. It includes the information of potential cyberattack patterns in terms of attack types and time sequence of anomaly events. Once the detected anomaly events are matched with any of the predefined attack patterns, it is judged to be a cyberattack. Since the attack patterns are distinguishable from other system failures, it reduces the false positive rate. To study the impact of cyberattacks on solar devices and validate the performance of the proposed IDS, a realistic Cyber-Physical System (CPS) simulation environment available at Virginia Tech (VT) is used to develop an interconnection between the cyber and power system models. The CPS model demonstrates how communication system anomalies can impact the physical system. The results of two example cyberattack test cases are obtained with the IEEE 13 node test feeder system and the power system simulator, DIgSILENT PowerFactory. 
    more » « less
  5. ; ; ; ; ( , ACM Transactions on Cyber-Physical Systems)
    With the acceleration of ICT technologies and the Internet of Things (IoT) paradigm, smart residential environments , also known as smart homes are becoming increasingly common. These environments have significant potential for the development of intelligent energy management systems, and have therefore attracted significant attention from both academia and industry. An enabling building block for these systems is the ability of obtaining energy consumption at the appliance-level. This information is usually inferred from electric signals data (e.g., current) collected by a smart meter or a smart outlet, a problem known as appliance recognition . Several previous approaches for appliance recognition have proposed load disaggregation techniques for smart meter data. However, these approaches are often very inaccurate for low consumption and multi-state appliances. Recently, Machine Learning (ML) techniques have been proposed for appliance recognition. These approaches are mainly based on passive MLs, thus requiring pre-labeled data to be trained. This makes such approaches unable to rapidly adapt to the constantly changing availability and heterogeneity of appliances on the market. In a home setting scenario, it is natural to consider the involvement of users in the labeling process, as appliances’ electric signatures are collected. This type of learning falls into the category of Stream-based Active Learning (SAL). SAL has been mainly investigated assuming the presence of an expert , always available and willing to label the collected samples. Nevertheless, a home user may lack such availability, and in general present a more erratic and user-dependent behavior. In this paper, we develop a SAL algorithm, called K -Active-Neighbors (KAN), for the problem of household appliance recognition. Differently from previous approaches, KAN jointly learns the user behavior and the appliance signatures. KAN dynamically adjusts the querying strategy to increase accuracy by considering the user availability as well as the quality of the collected signatures. Such quality is defined as a combination of informativeness , representativeness , and confidence score of the signature compared to the current knowledge. To test KAN versus state-of-the-art approaches, we use real appliance data collected by a low-cost Arduino-based smart outlet as well as the ECO smart home dataset. Furthermore, we use a real dataset to model user behavior. Results show that KAN is able to achieve high accuracy with minimal data, i.e., signatures of short length and collected at low frequency. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email