Обнаружение кибератак на интеллектуальные энергосистемы с использованием неконтролируемых моделей глубокого обучения

Обложка

Цитировать

Полный текст

Аннотация

Современные интеллектуальные энергосети объединяют передовые информационные и коммуникационные технологии в традиционные энергосистемы для более эффективного и устойчивого снабжения электроэнергией, что создаёт уязвимости в их системах безопасности, которые могут быть использованы злоумышленниками для проведения кибератак, вызывающих серьезные последствия, такие как массовые перебои в подаче электроэнергии и повреждение инфраструктуры. Существующие методы машинного обучения для обнаружения кибератак в интеллектуальных энергетических сетях в основном используют классические алгоритмы классификации, которые требуют разметки данных, что иногда сложно, а то и невозможно. В данной статье представлен новый метод обнаружения кибератак в интеллектуальных энергетических сетях, основанный на слабых методах машинного обучения для обнаружения аномалий. Полуконтролируемое обнаружение аномалий использует только экземпляры обычных событий для обучения моделей обнаружения, что делает его подходящим для поиска неизвестных событий атак. В ходе исследования был проанализирован ряд популярных методов обнаружения аномалий с полууправляемыми алгоритмами с использованием общедоступных наборов данных о кибератаках на энергосистемы для определения наиболее эффективных из них. Сравнение производительности с популярными управляемыми алгоритмами показывает, что полууправляемые алгоритмы лучше способны обнаруживать события атак, чем управляемые алгоритмы. Наши результаты также показывают, что производительность полуконтролируемых алгоритмов обнаружения аномалий может быть дополнительно улучшена за счёт усовершенствования модели глубокого автоэнкодера.

Полный текст

1. Introduction There are many problems in traditional power grids, such as the lack of automated analysis and situational awareness, poor visibility and slow response time, which makes them unable to meet the significantly increased demand and consumption of electricity in the 21st century [1]. With the help of modern information and communication technologies, intelligent networks provide a bidirectional flow of electricity and information, which ensures a more efficient and stable supply of electricity and better demand management [2, 3]. The intelligent energy network consists of four main components: generation, transmission, distribution and consumption, which are connected through a three-level hierarchical structured communication network [4] (see figure 1). The first level of the communication network is the home network, which is responsible for communication at the consumption stage to connect smart devices in consumers’ homes to the smart grid with smart meters for more efficient energy management and demand response. The second level of the communication network, the district network, is responsible for communication at the distribution stage, which collects data from smart meters and sends back control commands for advanced accounting applications. Figure 1. Diagram of smart grid energy consumption system At the last level, the global network connects with utility management centers, forming the basis of an intelligent network for the communication needs of the stages of electricity production and transmission. Although the integration of advanced ICTs into traditional power grids brings significant benefits for the delivery and management of electricity, it also creates new vulnerabilities in security systems [5]. Cyber-attacks can target any of the four components of a smart grid - from smart home gateways in HAN to control rooms in the global network [6]. In this work, we used measurements from the Power Measurement Units (PMU) to detect cyber-attacks. PMU is a sensor device deployed at the global network level of the smart grid network, which provides real-time measurements of the state of the power system for a wide range of monitoring, protection and control. In the Global Monitoring System (GMS), several PMUs are connected to a phasor data hub. The GMS central authority then collects information from the PDCS. PMU measurements combine both physical and cyber domains, making them a suitable choice for detecting cyber-attacks targeting the physical domain of an intelligent network, such as False Data Entry (FDE) attacks and malicious shutdown attacks. In most widely used models have been built to detect cyber-attacks in intelligent networks using controlled learning algorithms. To train supervised algorithms, both normal and attacking data are required. However, collecting representative instances of various attack events is usually a difficult task, if not impossible, which can lead to poor model performance when detecting certain attacks, especially types of attacks not represented in the training data. In this article, we proposed a method for detecting cyber-attacks in power smart grids with semi-supervised anomaly detection. Unlike supervised models, semi-supervised anomaly detection algorithms use only data from normal events to train a detection model that is capable of detecting unknown types of attacks. We have investigated a number of anomaly detection algorithms and identified the most effective ones for detecting cyber-attacks in smart energy grids. The performance of semi-supervised algorithms was compared with the characteristics of popular supervised algorithms to show their superiority in finding attack events. We have also supplemented semisupervised anomaly detection with deep learning to extract features to further improve attack detection performance. 2. Related work Traditional approaches use PMU measurements to assess the state of the power system and compare the difference between the observed and estimated measurements with a threshold for detecting cyber-attacks. A lightweight scheme was proposed in the paper [4], which explores the spatial-temporal correlations between network state estimates and applies confidence voting to detect abnormal state estimates in intelligent networks caused by real-time FDI attacks. Recently, machine learning has been widely used to detect cyber-attacks in smart grids, where most of the proposed approaches are based on supervised learning algorithms. In the paper [7] a number of supervised learning algorithms were investigated for recognizing violations in the power system and cyber-attacks. A One-Class SVM (OC-SVM) was used in [8] to create an intrusion detection module for detecting malicious attacks in a dispatch control system and data collection system using network traces. The paper [9] applied several popular supervised algorithms, including perceptron,
×

Об авторах

Е. Ю. Щетинин

Финансовый университет при Правительстве Российской Федерации

Автор, ответственный за переписку.
Email: riviera-molto@mail.ru
ORCID iD: 0000-0003-3651-7629

Doctor of Physical and Mathematical Sciences, Lecturer of Department of Mathematics

Ленинградский проспект, д. 49, Москва, 125993, Россия

Т. Р. Велиева

Российский университет дружбы народов

Email: velieva-tr@rudn.ru
ORCID iD: 0000-0003-4466-8531

Candidate of Sciences in Physics and Mathematics, Senior lecturer of Department of Applied Probability and Informatics

ул. Миклухо-Маклая, д. 6, Москва, 117198, Россия

Список литературы

  1. G. Dileep, “A survey on Smart Grid technologies and applications,” Renewable Energy, vol. 146, pp. 2589-2625, 2020. doi: 10.1016/j.renene.2019.08.092.
  2. V. C. Gungor, D. Sahin, T. Kocak, S. Ergut, C. Buccella, C. Cecati, and G. P. Hancke, “Smart Grid technologies: communication technologies and standards,” IEEE Transactions on Industrial Informatics, vol. 7, no. 4, pp. 529-539, 2011. doi: 10.1109/TII.2011.2166794.
  3. T. Flick and J. Morehouse, Securing the Smart Grid: Next Generation Power Grid Security. Syngress, 2010.
  4. S. Aftergood, “Cybersecurity: the cold war online,” Nature, vol. 547, no. 7661, pp. 30-31, Jul. 2017. doi: 10.1038/547030a.
  5. C. Chio and D. Freeman, Machine learning and security: protecting systems with data and algorithms. O’Reilly Media, 2018.
  6. D. S. Berman, A. L. Buczak, J. S. Chavis, and C. L. Corbett, “A survey of deep learning methods for cyber security,” Information, vol. 10, no. 4, 2019. doi: 10.3390/info10040122.
  7. D. Wang, X. Wang, Y. Zhang, and L. Jin, “Detection of power grid disturbances and cyber-attacks based on machine learning,” Journal of Information Security and Applications, vol. 46, pp. 42-52, 2019. doi: 10.1016/j.jisa.2019.02.008.
  8. S. Ahmed, Y.-D. Lee, S.-H. Hyun, and I. Koo, “Unsupervised machine learning-based detection of covert data integrity assault in Smart Grid networks utilizing isolation forest,” IEEE Transactions on Information Forensics and Security, vol. 14, pp. 2765-2777, 2019.
  9. M. Ozay et al., “Machine learning methods for attack detection in the Smart Grid,” IEEE Transactions on Neural Networks and Learning Systems, vol. 27, pp. 1773-1786, 2016.
  10. V. K. Singh and M. Govindarasu, “Decision tree based anomaly detection for remedial action scheme in Smart Grid using PMU data,” in IEEE Power & Energy Society General Meeting PESGM, 2018, pp. 1-5. doi: 10.1109/PESGM.2018.8586159.
  11. G. Pang, C. Shen, L. Cao, and A. V. D. Hengel, “Deep learning for anomaly detection: a review,” ACM Comput. Surv., vol. 54, no. 2, 2021. doi: 10.1145/3439950.
  12. Z. E. Huma, S. Latif, J. Ahmad, Z. Idrees, A. Ibrar, Z. Zou, F. Alqahtani, and F. A. Baothman, “A hybrid deep random neural network for cyberattack detection in the Industrial Internet of Things,” IEEE Access, vol. 9, pp. 55 595-55 605, 2021. doi: 10.1109/ACCESS.2021.3071766.
  13. M. S. Minhas and J. Zelek, “Semi-supervised anomaly detection using autoencoders,” Journal of Computational Vision and Imaging Systems, vol. 5, no. 1, p. 3, 2019.
  14. M. Wieler. “Weakly supervised learning for industrial optical inspection.” (2007), [Online]. Available: https://hci.iwr.uni-heidelberg.de/node/3616.
  15. R. Qi, C. Rasband, J. Zheng, and R. Longoria, “Semi-supervised outlier detection and deep feature extraction for detecting cyber-attacks in Smart Grids using PMU data,” Advances in Intelligent Systems and Computing, vol. 1134, pp. 509-515, 2020. doi: 10.1007/978-3-03043020-7_67.
  16. E. Y. Shchetinin, “On methods of quantitative analysis of the company’s financial indicators under conditions of high risk of investments,” Discrete and Continuous Models and Applied Computational Science, vol. 28, no. 4, pp. 346-360, 2020. doi: 10.22363/2658-4670-2020-28-4-346-360.
  17. E. Y. Shchetinin, “Modeling the energy consumption of smart buildings using artificial intelligence,” in CEUR Workshop Proceedings, vol. 2407, 2019, pp. 130-140.
  18. E. Y. Shchetinin, “Development of Energy Saving Technologies for Smart Buildings by Using Computer Algebra,” Programming and Computer Software, vol. 46, pp. 324-329, 2020. doi: 10.1134/S0361768820050084.

Дополнительные файлы

Доп. файлы
Действие
1. JATS XML
Скачать

© Щетинин Е.Ю., Велиева Т.Р., 2022

Creative Commons License
Эта статья доступна по лицензии Creative Commons Attribution-NonCommercial 4.0 International License.