skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Physics-Assisted Explainable Anomaly Detection in Power Systems
Detection of cyber-attacks in power systems is crucial for rapid corrective actions like isolation, disinfection and asset restoration. For real-time deployment, detection methods must not only be accurate and computationally efficient, but also interpretable for further action. While physics models can reliably detect cyber-attacks, diagnosing where and how assets were attacked is computationally demanding. To supplement detection models, we propose Physics-Assisted Statistics for Anomaly Localization (PASAL), a domain-informed data-driven method that directly identifies anomalous devices. PASAL leverages domain knowledge of the grid topology and incorporates correlation and variance statistics to model inter-sensor causal relationships. Consequently, PASAL offers inherent interpretability and computational efficiency. Our study demonstrates that PASAL swiftly localizes data integrity attacks with minimal false positives and has the potential to identify the type of attack.  more » « less
Award ID(s):
2229876
PAR ID:
10663583
Author(s) / Creator(s):
 ;  ;  ;  ;  ;  ;  
Publisher / Repository:
IOS Press
Date Published:
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; (, 2018 IEEE International Conference on Information Reuse and Integration (IRI))
    As cyber attacks are growing with an unprecedented rate in the recent years, organizations are seeking an efficient and scalable solution towards a holistic protection system. As the adversaries are becoming more skilled and organized, traditional rule based detection systems have been proved to be quite ineffective against the continuously evolving cyber attacks. Consequently, security researchers are focusing on applying machine learning techniques and big data analytics to defend against cyber attacks. Over the recent years, several anomaly detection systems have been claimed to be quite successful against the sophisticated cyber attacks including the previously unseen zero-day attacks. But often, these systems do not consider the adversary's adaptive attacking behavior for bypassing the detection procedure. As a result, deploying these systems in active real-world scenarios fails to provide significant benefits in the presence of intelligent adversaries that are carefully manipulating the attack vectors. In this work, we analyze the adversarial impact on anomaly detection models that are built upon centroid-based clustering from game-theoretic aspect and propose adversarial anomaly detection technique for these models. The experimental results show that our game-theoretic anomaly detection models can withstand attacks more effectively compared to the traditional models. 
    more » « less
  2. ; ; ; (, New generation)
    Smart grids are facing many challenges including cyber-attacks which can cause devastating damages to the grids. Existing machine learning based approaches for detecting cyber-attacks in smart grids are mainly based on supervised learning, which needs representative instances from various attack types to obtain good detection models. In this paper, we investigated semi-supervised outlier detection algorithms for this problem which only use instances of normal events for model training. Data collected by phasor measurement units (PMUs) was used for training the detection model. The semi-supervised outlier detection algorithms were augmented with deep feature extraction for enhanced detection performance. Our results show that semi-supervised outlier detection algorithms can perform better than popular supervised algorithms. Deep feature extraction can significantly improve the performance of semi-supervised algorithms for detecting cyber-attacks in smart grids 
    more » « less
  3. ; ; ; (, 17th International Conference on Information Technology–New Generations (ITNG 2020))
    Smart grids are facing many challenges including cyber-attacks which can cause devastating damages to the grids. Existing machine learning based approaches for detecting cyber-attacks in smart grids are mainly based on supervised learning, which needs representative instances from various attack types to obtain good detection models. In this paper, we investigated semi-supervised outlier detection algorithms for this problem which only use instances of normal events for model training. Data collected by phasor measurement units (PMUs) was used for training the detection model. The semi-supervised outlier detection algorithms were augmented with deep feature extraction for enhanced detection performance. Our results show that semi-supervised outlier detection algorithms can perform better than popular supervised algorithms. Deep feature extraction can significantly improve the performance of semi-supervised algorithms for detecting cyber-attacks in smart grids. 
    more » « less
  4. ; (, IEEE)
    Cyber Physical Systems (CPS) consist of integration of cyber and physical spaces through computing, communication, and control operations. In vehicular CPS, modern vehicles with multiple Electronic Control Units (ECUs) and networking with other vehicles help autonomous driving. Vehicular CPS is vulner-able to multitude of cyber attacks, including false data injection attacks. This paper presents an Asynchronous Federated Learning (AFL) with a Gated Recurrent Unit (GRU) model for identifying False Data Injection (FDI) attacks in a VCPS. The AFL model continuously monitors the network and constructs a digital twin using the data obtained from a VCPS for intrusion detection. The proposed model is evaluated using different evaluation metrics. Numerical results show that the AFL model outperforms other existing models. 
    more » « less
  5. (, Transportation Research Board Annual Meeting 2019)
    Connected vehicle (CV) systems are cognizant of potential cyber attacks because of increasing connectivity between its different components such as vehicles, roadside infrastructure and traffic management centers. However, it is a challenge to detect security threats in real-time and develop appropriate/effective countermeasures for a CV system because of the dynamic behavior of such attacks, high computational power requirement and a historical data requirement for training detection models. To address these challenges, statistical models, especially change point models, have potentials for real-time anomaly detections. Thus, the objective of this study is to investigate the efficacy of two change point models, Expectation Maximization (EM) and two forms of Cumulative Summation (CUSUM) algorithms (i.e., typical and adaptive), for real-time V2I cyber attack detection in a CV Environment. To prove the efficacy of these models, we evaluated these two models for three different type of cyber attack, denial of service (DOS), impersonation, and false information, using basic safety messages (BSMs) generated from CVs through simulation. Results from numerical analysis revealed that EM, CUSUM, and adaptive CUSUM could detect these cyber attacks, DOS, impersonation, and false information, with an accuracy of (99\%, 100\%, 100\%), (98\%, 100\%, 100\%), and (100\%, 98\%, 100\%) respectively. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Text Encoded Conversion
  • XML
  • Save / Share this Record
  • Send to Email