skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: DL-Based Distributed Anomaly Detection for Attack Resilient DER Monitoring and Control Applications
The proliferation of distributed energy resources (DERs) within modern cyber-physical power systems has transformed grid operations, while simultaneously introducing sophis-ticated cybersecurity vulnerabilities. Communication protocols such as Modbus, SunSpec Modbus, and DNP3, widely used for DER coordination, were not originally designed with robust security, rendering them susceptible to confidentiality, integrity, and availability (CIA) threats. In this paper, we propose a scalable, distributed intrusion and anomaly detection system (D-IADS) that integrates protocol-specific rule generation with deep learning (DL)-based temporal pattern recognition. Our framework employs physics-informed thresholding, rule-based mitigation logic, and a lightweight LSTM-based anomaly detection module deployed across edge-intelligent devices (EIDs) and control centers. We present a rule taxonomy for IT/OT-based attacks on SunSpec Modbus and DNP3, along with a hybrid Snort/Suricata-compatible rule engine. Case studies on the IEEE 123-bus feeder demonstrate the proposed system's ability to achieve 97.32% anomaly detection accuracy and 97.30% macro-precision against stealthy cyberattacks. This research offers a modular and deployment-ready solution for securing DER-integrated smart grids.  more » « less
Award ID(s):
2105269
PAR ID:
10667192
Author(s) / Creator(s):
 ;  
Publisher / Repository:
IEEE
Date Published:
Page Range / eLocation ID:
1 to 6
Subject(s) / Keyword(s):
Deep learning Prevention and mitigation Image edge detection Real-time systems Distributed power generation Smart grids Computer crime Anomaly detection Long short term memory Resilience CPS security DER D-IADS DNP3 Sunspec Modbus Resiliency Smart Grid
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; (, IEEE Transactions on Industrial Cyber-Physical Systems)
    With the increasing integration of electric vehicles (EVs) into the distributed energy resources (DER) system, the security of EV charging stations (EVCS) from cyber-attacks is paramount. Utilizing deep learning and recurrent neural networks (RNNs) presents promising advantages in anomaly detection within power systems. Bi-directional long-short-term memory (Bi-LSTM) emerges as a viable choice for anomaly detection, offering distinct advantages that learn from both the forward and backward sequences of the data compared to conventional deep neural networks, RNNs, and basic LSTMs. This study proposes data-driven anomaly detection (DDAD) techniques using a Bi-LSTM network. Seven statistical features are extracted from the passive parameters (voltage, current, frequency, and SoC). Then, the wrapper feature selection method is used to identify the most relevant features, enhancing the accuracy of the proposed DDAD model. We generate a dataset of normal events such as line faults, load switching, capacitor switching, and cyberattack events, including denial-of-service (DoS), spoofing, replay, and data manipulation attacks, using an extended API integrated with RT-LAB to automate the process. We demonstrated the DDAD model on a DER-integrated EVCS microgrid model on a Hardware-in-Loop (HIL)-based intelligent Cyber Physical System (iCPS) testbed environment. Comprehensive experiments are conducted to evaluate the performance of our proposed DDAD model's accuracy, precision, recall, and F1 score with the testing dataset. We compared our results against LSTM, multi-layer perception (MLP), support vector machine (SVM), and linear regression (LR) techniques. This study emphasizes the development of an efficient approach for detecting anomalies on EVCS, and our results underscore the effectiveness of our proposed methodology, achieving an average testing accuracy of 99.42%, thereby reinforcing the cyber-physical security of EVCS. 
    more » « less
  2. ; (, 2018 IEEE International Conference on Information Reuse and Integration (IRI))
    As cyber attacks are growing with an unprecedented rate in the recent years, organizations are seeking an efficient and scalable solution towards a holistic protection system. As the adversaries are becoming more skilled and organized, traditional rule based detection systems have been proved to be quite ineffective against the continuously evolving cyber attacks. Consequently, security researchers are focusing on applying machine learning techniques and big data analytics to defend against cyber attacks. Over the recent years, several anomaly detection systems have been claimed to be quite successful against the sophisticated cyber attacks including the previously unseen zero-day attacks. But often, these systems do not consider the adversary's adaptive attacking behavior for bypassing the detection procedure. As a result, deploying these systems in active real-world scenarios fails to provide significant benefits in the presence of intelligent adversaries that are carefully manipulating the attack vectors. In this work, we analyze the adversarial impact on anomaly detection models that are built upon centroid-based clustering from game-theoretic aspect and propose adversarial anomaly detection technique for these models. The experimental results show that our game-theoretic anomaly detection models can withstand attacks more effectively compared to the traditional models. 
    more » « less
  3. ; ; ; ; (, IEEE International Conference on Acoustics, Speech, and Signal Processing)
    The problem of anomaly detection among multiple processes is considered within the framework of sequential design of experiments. The objective is an active inference strategy consisting of a selection rule governing which process to probe at each time, a stopping rule on when to terminate the detection, and a decision rule on the final detection outcome. The performance measure is the Bayes risk that takes into account not only sample complexity and detection errors, but also costs associated with switching across processes. While the problem is a partially observable Markov decision process to which optimal solutions are generally intractable, a low-complexity deterministic policy is shown to be asymptotically optimal and offer significant performance improvement over existing methods in the finite regime. 
    more » « less
  4. ; ; ; (, in Proc. IEEE SmartGridCom’22, Oct. 2022.)
    The urgent need for the decarbonization of power girds has accelerated the integration of renewable energy. Con-currently the increasing distributed energy resources (DER) and advanced metering infrastructures (AMI) have transformed the power grids into a more sophisticated cyber-physical system with numerous communication devices. While these transitions provide economic and environmental value, they also impose increased risk of cyber attacks and operational challenges. This paper investigates the vulnerability of the power grids with high renewable penetration against an intraday false data injection (FDI) attack on DER dispatch signals and proposes a kernel support vector regression (SVR) based detection model as a countermeasure. The intraday FDI attack scenario and the detection model are demonstrated in a numerical experiment using the HCE 187-bus test system. 
    more » « less
  5. ; ; ; (, The Thirty-Second International Flairs Conference)
    Anomaly detection methods abound and are used extensively in streaming settings in a wide variety of domains. But a strength can also be a weakness; given the vast number of methods, how can one select the best method for their application? Unfortunately, there is no one best way for all domains. Existing literature is focused on creating new anomaly detection methods or creating large frameworks for experimenting with multiple methods at the same time. As the literature continues to grow, extensive evaluation of every available anomaly detection method is not feasible. To reduce this evaluation burden, in this paper we present a framework to intelligently choose the optimal anomaly detection methods based on the characteristics the time series displays. We provide a comprehensive experimental validation of multiple anomaly detection methods over different time series characteristics to form guidelines. Applying our framework can save time and effort by surfacing the most promising anomaly detection methods instead of experimenting extensively with a rapidly expanding library of anomaly detection methods. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Text Encoded Conversion
  • XML
  • Save / Share this Record
  • Send to Email