Classification of Disturbances and Cyber-Attacks in Power Systems Using Heterogeneous Time-Synchronized Data

Pan, Shengyi; Morris, Thomas H.; Adhikari, Uttam

doi:10.1109/tii.2015.2420951

Cited by 127 publications

(58 citation statements)

References 28 publications

(40 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Because the critical states are generally well known and limited in number, one can enumerate them formally beforehand and predict the criticality by tracking the changes in the distance between the current system state and the critical states. Likewise, Pan et al [31] processed a sequence of critical system states using a sequential pattern mining algorithm to detect disturbances and cyberattacks in power systems. In contrast to exploiting the abnormal patterns, one can also specify the acceptable behaviors of a system, and subsequently detect attacks that cause violation to them [34], [35].…”

Section: Related Workmentioning

confidence: 99%

Detecting cyberattacks in industrial control systems using online learning algorithms

Shen

Zhao

et al. 2019

Neurocomputing

View full text Add to dashboard Cite

Industrial control systems are critical to the operation of industrial facilities, especially for critical infrastructures, such as refineries, power grids, and transportation systems. Similar to other information systems, a significant threat to industrial control systems is the attack from cyberspace-the offensive maneuvers launched by "anonymous" in the digital world that target computer-based assets with the goal of compromising a system's functions or probing for information. Owing to the importance of industrial control systems, and the possibly devastating consequences of being attacked, significant endeavors have been attempted to secure industrial control systems from cyberattacks. Among them are intrusion detection systems that serve as the first line of defense by monitoring and reporting potentially malicious activities. Classical machine-learning-based intrusion detection methods usually generate prediction models by learning modest-sized training samples all at once. Such approach is not always applicable to industrial control systems, as industrial control systems must process continuous control commands with limited computational resources in a nonstop way. To satisfy such requirements, we propose using online learning to learn prediction models from the controlling data stream. We introduce several state-of-the-art online learning algorithms categorically, and illustrate their efficacies on two typically used testbeds-power system and gas pipeline. Further, we explore a new cost-sensitive online learning algorithm to solve the class-imbalance problem that is pervasive in industrial intrusion detection systems. Our experimental results indicate that the proposed algorithm can achieve an overall improvement in the detection rate of cyberattacks in industrial control systems.

show abstract

Section: Related Workmentioning

confidence: 99%

Detecting cyberattacks in industrial control systems using online learning algorithms

Shen

Zhao

et al. 2019

Neurocomputing

View full text Add to dashboard Cite

show abstract

“…The sequence pattern mining-based detector utilizes a series of state transitions to denote the normal system behaviors and abnormal system behaviors. An effective method has been proposed in the works by the authors of [26,27], where defenders compute the number of occurrences of every state transition path and use some methods to determine whether a path is normal. In general, the larger the number of occurrences is, the larger the possibility that it is a normal path.…”

Section: Sequence Pattern Mining-based Detectormentioning

confidence: 99%

Advanced Bad Data Injection Attack and Its Migration in Cyber-Physical Systems

Deng

Yang²,

Xun

et al. 2019

Electronics

View full text Add to dashboard Cite

False data injection (FDI) attack is a hot topic in cyber-physical systems (CPSs). Attackers inject bad data into sensors or return false data to the controller to cause the inaccurate state estimation. Although there exists many detection approaches, such as bad data detector (BDD), sequence pattern mining, and machine learning methods, a smart attacker still can inject perfectly false data to go undetected. In this paper, we focus on the advanced false data injection (AFDI) attack and its detection method. An AFDI attack refers to the attack where a malicious entity accurately and successively changes sensory data, making the normal system state continuously evaluated as other legal system states, causing wrong outflow of controllers. The attack can lead to an automatic and long-term system failure/performance degradation. We first depict the AFDI attack model and analyze limitations of existing detectors for detecting AFDI. Second, we develop an approach based on machine learning, which utilizes the k-Nearest Neighbor (KNN) technique and heterogeneous data including sensory data and system commands to implement a classifier for detecting AFDI attacks. Finally, simulation experiments are given to demonstrate AFDI attack impact and the effectiveness of the proposed method for detecting AFDI attacks.

show abstract

“…The introduction of automatic discovery of common paths from the labeled data logs. Pan et al [26] presented the systematic approach for the design of hybrid IDS and learned the temporal based specifications. They proposed the common path mining algorithms for the learning.…”

Section: Related Workmentioning

confidence: 99%

“…Feature name (1) duration (2) protocol type (3) service (4) Flag (5) Src bytes (6) Dst bytes 7land (8) Wrong fragment (9) urgent (10) hot (11) Num failed logins (12) Logged.in (13) Num compromised (14) Root shell (15) Su attempted (16) Num root (17) Num file creations (18) Num shells (19) Num access files (20) Num outbound cmds (21) Is hot login (22) Is guest login (23) count (24) Srv count (25) Serror rate (26) Srv serror rate (27) Rerror (1) Gas pipeline 100,000 27 (2) Water tower 200,000 24…”

Section: S Numbermentioning

confidence: 99%

“…The comparison between proposed ARMA-IDS and traditional random forest, JRip, AdaBoost, and common path mining algorithms [26] on the parameters of accuracy, precision, recall, -measure, and the number of classes is as shown in Figure 7. The comparison yields the better results of accuracy, precision, recall, and -measure for a maximum number of classes.…”

Section: Comparative Analysismentioning

confidence: 99%

See 1 more Smart Citation

A Fusion of Multiagent Functionalities for Effective Intrusion Detection System

Sadhasivan¹,

Kannapiran²

2017

Security and Communication Networks

View full text Add to dashboard Cite

Provision of high security is one of the active research areas in the network applications. The failure in the centralized system based on the attacks provides less protection. Besides, the lack of update of new attacks arrival leads to the minimum accuracy of detection. The major focus of this paper is to improve the detection performance through the adaptive update of attacking information to the database. We propose an Adaptive Rule-Based Multiagent Intrusion Detection System (ARMA-IDS) to detect the anomalies in the real-time datasets such as KDD and SCADA. Besides, the feedback loop provides the necessary update of attacks in the database that leads to the improvement in the detection accuracy. The combination of the rules and responsibilities for multiagents effectively detects the anomaly behavior, misuse of response, or relay reports of gas/water pipeline data in KDD and SCADA, respectively. The comparative analysis of the proposed ARMA-IDS with the various existing path mining methods, namely, random forest, JRip, a combination of AdaBoost/JRip, and common path mining on the SCADA dataset conveys that the effectiveness of the proposed ARMA-IDS in the real-time fault monitoring. Moreover, the proposed ARMA-IDS offers the higher detection rate in the SCADA and KDD cup 1999 datasets.

show abstract

Classification of Disturbances and Cyber-Attacks in Power Systems Using Heterogeneous Time-Synchronized Data

Cited by 127 publications

References 28 publications

Detecting cyberattacks in industrial control systems using online learning algorithms

Detecting cyberattacks in industrial control systems using online learning algorithms

Advanced Bad Data Injection Attack and Its Migration in Cyber-Physical Systems

A Fusion of Multiagent Functionalities for Effective Intrusion Detection System

Contact Info

Product

Resources

About