Detection of cyber-attacks on the power smart grids using semi-supervised deep learning models
- Authors: Shchetinin E.Y.1, Velieva T.R.2
-
Affiliations:
- Financial University under the Government of Russian Federation
- Peoples’ Friendship University of Russia (RUDN University)
- Issue: Vol 30, No 3 (2022)
- Pages: 258-268
- Section: Articles
- URL: https://journals.rudn.ru/miph/article/view/32206
- DOI: https://doi.org/10.22363/2658-4670-2022-30-3-258-268
Cite item
Full Text
Abstract
Modern smart energy grids combine advanced information and communication technologies into traditional energy systems for a more efficient and sustainable supply of electricity, which creates vulnerabilities in their security systems that can be used by attackers to conduct cyber-attacks that cause serious consequences, such as massive power outages and infrastructure damage. Existing machine learning methods for detecting cyber-attacks in intelligent energy networks mainly use classical classification algorithms, which require data markup, which is sometimes difficult, if not impossible. This article presents a new method for detecting cyber-attacks in intelligent energy networks based on weak machine learning methods for detecting anomalies. Semi-supervised anomaly detection uses only instances of normal events to train detection models, which makes it suitable for searching for unknown attack events. A number of popular methods for detecting anomalies with semisupervised algorithms were investigated in study using publicly available data sets on cyber-attacks on power systems to determine the most effective ones. A performance comparison with popular controlled algorithms shows that semi-controlled algorithms are more capable of detecting attack events than controlled algorithms. Our results also show that the performance of semi-supervised anomaly detection algorithms can be further improved by enhancing deep autoencoder model.
Full Text
1. Introduction There are many problems in traditional power grids, such as the lack of automated analysis and situational awareness, poor visibility and slow response time, which makes them unable to meet the significantly increased demand and consumption of electricity in the 21st century [1]. With the help of modern information and communication technologies, intelligent networks provide a bidirectional flow of electricity and information, which ensures a more efficient and stable supply of electricity and better demand management [2, 3]. The intelligent energy network consists of four main components: generation, transmission, distribution and consumption, which are connected through a three-level hierarchical structured communication network [4] (see figure 1). The first level of the communication network is the home network, which is responsible for communication at the consumption stage to connect smart devices in consumers’ homes to the smart grid with smart meters for more efficient energy management and demand response. The second level of the communication network, the district network, is responsible for communication at the distribution stage, which collects data from smart meters and sends back control commands for advanced accounting applications. Figure 1. Diagram of smart grid energy consumption system At the last level, the global network connects with utility management centers, forming the basis of an intelligent network for the communication needs of the stages of electricity production and transmission. Although the integration of advanced ICTs into traditional power grids brings significant benefits for the delivery and management of electricity, it also creates new vulnerabilities in security systems [5]. Cyber-attacks can target any of the four components of a smart grid - from smart home gateways in HAN to control rooms in the global network [6]. In this work, we used measurements from the Power Measurement Units (PMU) to detect cyber-attacks. PMU is a sensor device deployed at the global network level of the smart grid network, which provides real-time measurements of the state of the power system for a wide range of monitoring, protection and control. In the Global Monitoring System (GMS), several PMUs are connected to a phasor data hub. The GMS central authority then collects information from the PDCS. PMU measurements combine both physical and cyber domains, making them a suitable choice for detecting cyber-attacks targeting the physical domain of an intelligent network, such as False Data Entry (FDE) attacks and malicious shutdown attacks. In most widely used models have been built to detect cyber-attacks in intelligent networks using controlled learning algorithms. To train supervised algorithms, both normal and attacking data are required. However, collecting representative instances of various attack events is usually a difficult task, if not impossible, which can lead to poor model performance when detecting certain attacks, especially types of attacks not represented in the training data. In this article, we proposed a method for detecting cyber-attacks in power smart grids with semi-supervised anomaly detection. Unlike supervised models, semi-supervised anomaly detection algorithms use only data from normal events to train a detection model that is capable of detecting unknown types of attacks. We have investigated a number of anomaly detection algorithms and identified the most effective ones for detecting cyber-attacks in smart energy grids. The performance of semi-supervised algorithms was compared with the characteristics of popular supervised algorithms to show their superiority in finding attack events. We have also supplemented semisupervised anomaly detection with deep learning to extract features to further improve attack detection performance. 2. Related work Traditional approaches use PMU measurements to assess the state of the power system and compare the difference between the observed and estimated measurements with a threshold for detecting cyber-attacks. A lightweight scheme was proposed in the paper [4], which explores the spatial-temporal correlations between network state estimates and applies confidence voting to detect abnormal state estimates in intelligent networks caused by real-time FDI attacks. Recently, machine learning has been widely used to detect cyber-attacks in smart grids, where most of the proposed approaches are based on supervised learning algorithms. In the paper [7] a number of supervised learning algorithms were investigated for recognizing violations in the power system and cyber-attacks. A One-Class SVM (OC-SVM) was used in [8] to create an intrusion detection module for detecting malicious attacks in a dispatch control system and data collection system using network traces. The paper [9] applied several popular supervised algorithms, including perceptron,About the authors
Eugeny Yu. Shchetinin
Financial University under the Government of Russian Federation
Author for correspondence.
Email: riviera-molto@mail.ru
ORCID iD: 0000-0003-3651-7629
Doctor of Physical and Mathematical Sciences, Lecturer of Department of Mathematics
49, Leningradsky Prospect, Moscow, 125993, Russian FederationTatyana R. Velieva
Peoples’ Friendship University of Russia (RUDN University)
Email: velieva-tr@rudn.ru
ORCID iD: 0000-0003-4466-8531
Candidate of Sciences in Physics and Mathematics, Senior lecturer of Department of Applied Probability and Informatics
6, Miklukho-Maklaya St., Moscow, 117198, Russian FederationReferences
- G. Dileep, “A survey on Smart Grid technologies and applications,” Renewable Energy, vol. 146, pp. 2589-2625, 2020. doi: 10.1016/j.renene.2019.08.092.
- V. C. Gungor, D. Sahin, T. Kocak, S. Ergut, C. Buccella, C. Cecati, and G. P. Hancke, “Smart Grid technologies: communication technologies and standards,” IEEE Transactions on Industrial Informatics, vol. 7, no. 4, pp. 529-539, 2011. doi: 10.1109/TII.2011.2166794.
- T. Flick and J. Morehouse, Securing the Smart Grid: Next Generation Power Grid Security. Syngress, 2010.
- S. Aftergood, “Cybersecurity: the cold war online,” Nature, vol. 547, no. 7661, pp. 30-31, Jul. 2017. doi: 10.1038/547030a.
- C. Chio and D. Freeman, Machine learning and security: protecting systems with data and algorithms. O’Reilly Media, 2018.
- D. S. Berman, A. L. Buczak, J. S. Chavis, and C. L. Corbett, “A survey of deep learning methods for cyber security,” Information, vol. 10, no. 4, 2019. doi: 10.3390/info10040122.
- D. Wang, X. Wang, Y. Zhang, and L. Jin, “Detection of power grid disturbances and cyber-attacks based on machine learning,” Journal of Information Security and Applications, vol. 46, pp. 42-52, 2019. doi: 10.1016/j.jisa.2019.02.008.
- S. Ahmed, Y.-D. Lee, S.-H. Hyun, and I. Koo, “Unsupervised machine learning-based detection of covert data integrity assault in Smart Grid networks utilizing isolation forest,” IEEE Transactions on Information Forensics and Security, vol. 14, pp. 2765-2777, 2019.
- M. Ozay et al., “Machine learning methods for attack detection in the Smart Grid,” IEEE Transactions on Neural Networks and Learning Systems, vol. 27, pp. 1773-1786, 2016.
- V. K. Singh and M. Govindarasu, “Decision tree based anomaly detection for remedial action scheme in Smart Grid using PMU data,” in IEEE Power & Energy Society General Meeting PESGM, 2018, pp. 1-5. doi: 10.1109/PESGM.2018.8586159.
- G. Pang, C. Shen, L. Cao, and A. V. D. Hengel, “Deep learning for anomaly detection: a review,” ACM Comput. Surv., vol. 54, no. 2, 2021. doi: 10.1145/3439950.
- Z. E. Huma, S. Latif, J. Ahmad, Z. Idrees, A. Ibrar, Z. Zou, F. Alqahtani, and F. A. Baothman, “A hybrid deep random neural network for cyberattack detection in the Industrial Internet of Things,” IEEE Access, vol. 9, pp. 55 595-55 605, 2021. doi: 10.1109/ACCESS.2021.3071766.
- M. S. Minhas and J. Zelek, “Semi-supervised anomaly detection using autoencoders,” Journal of Computational Vision and Imaging Systems, vol. 5, no. 1, p. 3, 2019.
- M. Wieler. “Weakly supervised learning for industrial optical inspection.” (2007), [Online]. Available: https://hci.iwr.uni-heidelberg.de/node/3616.
- R. Qi, C. Rasband, J. Zheng, and R. Longoria, “Semi-supervised outlier detection and deep feature extraction for detecting cyber-attacks in Smart Grids using PMU data,” Advances in Intelligent Systems and Computing, vol. 1134, pp. 509-515, 2020. doi: 10.1007/978-3-03043020-7_67.
- E. Y. Shchetinin, “On methods of quantitative analysis of the company’s financial indicators under conditions of high risk of investments,” Discrete and Continuous Models and Applied Computational Science, vol. 28, no. 4, pp. 346-360, 2020. doi: 10.22363/2658-4670-2020-28-4-346-360.
- E. Y. Shchetinin, “Modeling the energy consumption of smart buildings using artificial intelligence,” in CEUR Workshop Proceedings, vol. 2407, 2019, pp. 130-140.
- E. Y. Shchetinin, “Development of Energy Saving Technologies for Smart Buildings by Using Computer Algebra,” Programming and Computer Software, vol. 46, pp. 324-329, 2020. doi: 10.1134/S0361768820050084.