skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Detecting load redistribution attacks via support vector models
A machine learning-based detection framework is proposed to detect a class of cyber-attacks that redistribute loads by modifying measurements. The detection framework consists of a multi-output support vector regression (SVR) load predictor and a subsequent support vector machine (SVM) attack detector to determine the existence of load redistribution (LR) attacks utilizing loads predicted by the SVR predictor. Historical load data for training the SVR are obtained from the publicly available PJM zonal loads and are mapped to the IEEE 30-bus system. The features to predict loads are carefully extracted from the historical load data capturing both temporal and spatial correlations. The SVM attack detector is trained using normal data and randomly created LR attacks, so that it can maximally explore the attack space. An algorithm to create random LR attacks is introduced. The results show that the SVM detector trained merely using random attacks can effectively detect not only random attacks, but also intelligently designed attacks. Moreover, using the SVR predicted loads to re-dispatch generation when attacks are detected can significantly mitigate the attack consequences.  more » « less
Award ID(s):
1934766 1449080
PAR ID:
10185964
Author(s) / Creator(s):
; ;
Date Published:
Journal Name:
IET smart grid
ISSN:
2515-2947
Page Range / eLocation ID:
1-10
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; ; ; ; (, 2019 Resilience Week (RWS))
    Recent advances in machine learning enable wider applications of prediction models in cyber-physical systems. Smart grids are increasingly using distributed sensor settings for distributed sensor fusion and information processing. Load forecasting systems use these sensors to predict future loads to incorporate into dynamic pricing of power and grid maintenance. However, these inference predictors are highly complex and thus vulnerable to adversarial attacks. Moreover, the adversarial attacks are synthetic norm-bounded modifications to a limited number of sensors that can greatly affect the accuracy of the overall predictor. It can be much cheaper and effective to incorporate elements of security and resilience at the earliest stages of design. In this paper, we demonstrate how to analyze the security and resilience of learning-based prediction models in power distribution networks by utilizing a domain-specific deep-learning and testing framework. This framework is developed using DeepForge and enables rapid design and analysis of attack scenarios against distributed smart meters in a power distribution network. It runs the attack simulations in the cloud backend. In addition to the predictor model, we have integrated an anomaly detector to detect adversarial attacks targeting the predictor. We formulate the stealthy adversarial attacks as an optimization problem to maximize prediction loss while minimizing the required perturbations. Under the worst-case setting, where the attacker has full knowledge of both the predictor and the detector, an iterative attack method has been developed to solve for the adversarial perturbation. We demonstrate the framework capabilities using a GridLAB-D based power distribution network model and show how stealthy adversarial attacks can affect smart grid prediction systems even with a partial control of network. 
    more » « less
  2. ; (, 2022 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS))
    A centralized Software-defined Network (SDN) controller, due to its nature, faces many issues such as a single point of failure, computational complexity growth, different types of attacks, reliability challenges and scalability concerns. One of the most common fifth generation cyber-attacks is the Distributed Denial of Service (DDoS) attack. Having a single SDN controller can lead to a plethora of issues with respect to latency, computational complexity in the control plane, reachability, and scalability as the network scale increases. To address these issues, state-of-the-art approaches have investigated multiple SDN controllers in the network. The placement of these multiple controllers has drawn more attention in recent studies. In our previous work, we evaluated an Entropy-based technique and a machine learning-based Support Vector Machine (SVM) to detect DDoS using a single SDN controller. In this paper, we extend our previous work to further decrease the impact of the DDoS attacks on the SDN controller. Our new technique called Hierarchical Classic Controllers (HCC) uses SVM and Entropy methods to detect abnormal traffic which can lead to network failures caused by overwhelming a single controller. Determining the number of controllers and their best placement are major contributions in our new method. Our results show that the combination of the above three methods (HCC with SVM and Entropy), in the case of a network with 3 controllers provides greater accuracy and improves the DDoS attack detection rate to 86.12% compared to 79.03% and 81.33% using Entropy-based HCC and SVM-based HCC, respectively. 
    more » « less
  3. ; ; ; ; (, IEEE Electro/Information Technology Conference)
    As more aircraft are using the Automatic Dependent Surveillance-Broadcast (ADS-B) devices for navigation and surveillance, the risks of injection attacks are highly increasing. The exchanged ADS-B messages are neither encrypted nor authenticated while containing valuable operational information, which imposes high risk on the safety of the airspace. For this reason, we propose in this paper an SVM-based ADS-B message injection attack detection technique for UAV onboard implementation. First, we simulated several message injection attacks on real raw ADS-B data. Then, three Support Vector Machine (SVM) models were examined in terms of two types of assessment criteria, detection efficiency and model performance. The results show that the C-SVM model is the best fit for our application, with an accuracy of 95.32%. 
    more » « less
  4. ; ; ; (, IET Renewable Power Generation)
    Abstract This paper addresses the cybersecurity of hierarchical control of AC microgrids with distributed secondary control. The false data injection (FDI) cyberattack is assumed to alter the operating frequency of inverter‐based distributed generators (DGs) in an islanded microgrid. For the microgrids consisting of the grid‐forming inverters with the secondary control operating in a distributed manner, the attack on one DG deteriorates not only the corresponding DG but also the other DGs that receive the corrupted information via the distributed communication network. To this end, an FDI attack detection algorithm based on a combination of Gaussian process regression and one‐class support vector machine (OC‐SVM) anomaly detection is introduced. This algorithm is unsupervised in the sense that it does not require labelled abnormal data for training which is difficult to collect. The Gaussian process model predicts the response of the DG, and its prediction error and estimated variances provide input to an OC‐SVM anomaly detector. This algorithm returns enhanced detection performance than the standalone OC‐SVM. The proposed cyberattack detector is trained and tested with the data collected from a 4 DG microgrid test model and is validated in both simulation and hardware‐in‐the‐loop testbeds. 
    more » « less
  5. ; ; ; (, Proceedings of the 2023 8th International Conference on Intelligent Information Technology)
    In recent years, web-based platforms and business applications have been rising in popularity deeming themselves indispensable as they constitute the main backbone of business processes and in- formation sharing. However, the unprecedented increased number of cyber-attacks have been threatening their day-to-day opera- tions. In particular, the Standard Query Language Injection Attack (SQLIA) remains one of the most prevalent cyber attacks targeting web-based applications. As a consequence, the SQLIA detection techniques need to be constantly revamped and stay up-to-date in order to achieve the full potential of mitigating such threats. In this paper, we propose an artificial intelligence model based on super- vised machine learning techniques to detect SQLIA. As part of the proposed model, we introduce an input string validation technique as a primary anomaly identifier using pattern matching for SQL Query data with anomalies-injections. To evaluate our approach we injected one type of SQLIA that is tautology attacks and measured the performance of our model. We used three main classifiers in our model and our findings indicate a model prediction accuracy of 98.3605% for Support Vector Machine (SVM), 96.296% for K-Nearest Neighbors (KNN), and 97.530% for Random Forest. The approach proposed in this paper has the potential of being used to integrate an automated SQL Injection detection mechanism with Intrusion Detection Systems (IDS) and Intrusion Protection Systems (IPS). 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email