“…The summary features are time-windowed statistical variables, including mean, median, and standard deviation of daily power consumption. Qiu, et al [36] also introduced trend indicators to detect anomalies for power consumption. The trend indicators are calculated based on the average values of the time series.…”
In recent decades, cyber security issues in IEC 61850-compliant substation automation systems (SASs) have become growing concerns. Many researchers have developed various strategies to detect malicious behaviours of SASs during the system operational stage, such as anomaly-based detection. However, most existing anomaly-based detection methods identify an abnormal behaviour by checking every single network packet without any association. These traditional methods cannot effectively detect "stealthy" attacks which modify legitimate messages slightly while imitating patterns of benign behaviours. In this paper, we present feature selection and extraction methods to generalise and summarise critical features when detecting insider attacks triggering from untrusted control devices within SASs. By applying a sliding window-based sequential classification mechanism, our detection method can detect anomalies across multiple devices without the need to learn datasets collected from all devices. Firstly, to generalise critical features and summarise systems' behaviours so that it is unnecessary to collect all datasets, we selected and extracted six critical network features from generic object-oriented substation events (GOOSE) messages and seven summarised physical features based on the general architecture of the primary plant of distribution substations. After that, to improve detection accuracy and reduce computational costs, we applied sliding window algorithms to divide datasets into different overlapped window-based snippets. Then we applied a sequential classification model based on Bidirectional Long Short-Term Memory networks to train and test those datasets. As a result, our method can detect insider attacks across multiple devices accurately with a false-negative rate of less than 1%.
“…The summary features are time-windowed statistical variables, including mean, median, and standard deviation of daily power consumption. Qiu, et al [36] also introduced trend indicators to detect anomalies for power consumption. The trend indicators are calculated based on the average values of the time series.…”
In recent decades, cyber security issues in IEC 61850-compliant substation automation systems (SASs) have become growing concerns. Many researchers have developed various strategies to detect malicious behaviours of SASs during the system operational stage, such as anomaly-based detection. However, most existing anomaly-based detection methods identify an abnormal behaviour by checking every single network packet without any association. These traditional methods cannot effectively detect "stealthy" attacks which modify legitimate messages slightly while imitating patterns of benign behaviours. In this paper, we present feature selection and extraction methods to generalise and summarise critical features when detecting insider attacks triggering from untrusted control devices within SASs. By applying a sliding window-based sequential classification mechanism, our detection method can detect anomalies across multiple devices without the need to learn datasets collected from all devices. Firstly, to generalise critical features and summarise systems' behaviours so that it is unnecessary to collect all datasets, we selected and extracted six critical network features from generic object-oriented substation events (GOOSE) messages and seven summarised physical features based on the general architecture of the primary plant of distribution substations. After that, to improve detection accuracy and reduce computational costs, we applied sliding window algorithms to divide datasets into different overlapped window-based snippets. Then we applied a sequential classification model based on Bidirectional Long Short-Term Memory networks to train and test those datasets. As a result, our method can detect insider attacks across multiple devices accurately with a false-negative rate of less than 1%.
“…Therefore, the improvement of technical losses should be considered from the perspective of a country rather than an institution or an organization. (ii) Non-technical losses (NTLs)-NTLs, on the other hand, are specifically caused by utilizing electricity illegally, electricity theft, meter failure, or bill fraud [47,48]. Compared with technical losses, NTLs make up the most portion of electricity losses and lead to a huge amount of economic cost.…”
Section: Cloud Computingmentioning
confidence: 99%
“…To improve the capability of monitoring anomalous events, smart meters and sensors are utilized extensively. Qiu et al [48] designed a monitoring and alarm framework that describes the patterns of consumers' electricity consumption by acquiring multiple features. To improve the detection efficiency, the framework leverages the grid processing technology that chooses outliers of low-density regions.…”
Driven by industrial development and the rising population, the upward trend of electricity consumption is not going to curb. While the electricity suppliers make every endeavor to satisfy the needs of consumers, they are facing the plight of indirect losses caused by technical or non-technical factors. Technical losses are usually induced by short circuits, power outage, or grid failures. The non-technical losses result from humans’ improper behaviors, e.g., electricity burglars. Due to the restrictions of the detection methods, the detection rate in the traditional power grid is lousy. To provide better electricity service for the customers and minimize the losses for the providers, a leap in the power grid is occurring, which is referred to as the smart grid. The smart grid is envisioned to increase the detection accuracy to an acceptable level by utilizing modern technologies, such as cloud computing. With the aim of obtaining achievements of anomaly detection for electricity consumption with cloud computing, we firstly introduce the basic definition of anomaly detection for electricity consumption. Next, we conduct the surveys on the proposed framework of anomaly detection for electricity consumption and propose a new framework with cloud computing. This is followed by centralized and decentralized detection methods. Then, the applications of centralized and decentralized detection methods for the anomaly electricity consumption are listed. Finally, the open challenges of the accuracy of detection and anomaly detection for electricity consumption with edge computing are discussed.
“…On the other side, it is worth nothing that most of the anomaly detection schemes pertaining to this class are based on a short-term time-series (STTS) analysis. In this line, a log analysis of power consumption time-series patterns is conducted in [137] to detect anomalies in early warning systems. Similarly, [138], a feature extraction based abnormality detection scheme is proposed using canonical correlation.…”
Enormous amounts of data are being produced everyday by submeters and smart sensors installed in different kinds of buildings. If leveraged properly, that data could assist end-users, energy producers and utility companies in detecting anomalous power consumption and understanding the causes of each anomaly. Therefore, anomaly detection could stop a minor problem to become widespread, costly and time-consuming issue. Moreover, this will help in better decision-making to reduce wasted energy and promote sustainable and energy efficiency behavior. In this regard, this paper is proposed to indepthly review existing frameworks of anomaly detection in power consumption and provide a critical analysis of existing solutions. Specifically, a comprehensive survey is introduced, in which a novel taxonomy is introduced to classify existing algorithms based on different factors adopted in their implementation, such as the machine learning algorithm, feature extraction approach, detection level, computing platform, application scenario and privacy preservation. To the best of the authors' knowledge, this is the first review article that discusses the anomaly detection in building energy consumption. Moving forward, important findings along with domain-specific problems, difficulties and challenges that remain unresolved are thoroughly discussed, including the absence of: (i) precise definitions of anomalous power consumptions, (ii) annotated datasets, (iii) unified metrics to assess the performance of existing solutions, and (iv) platforms for reproducibility. Following, insights about current research trends that anomaly detection technology needs to target for widespreading its application and facilitate its implementation are described before deriving a set of challenging future directions attracting significant research and development attention.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.