Detecting Cyber Attacks in Smart Grids Using Semi-Supervised Anomaly Detection and Deep Representation Learning

Qi, Ruobin; Rasband, Craig; Zheng, Jun; Longoria, Raul G.

doi:10.3390/info12080328

Cited by 27 publications

(19 citation statements)

References 43 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Table 3 depicts the comparison between OCC-PCA and TOCC models. Both [15] and [23]'s models employed the PCA classifier, although their findings were less conclusive than in this study. In [15], which provided the SIMCA and OCSVM models.…”

Section: Analysis and Evaluate The Resultscontrasting

confidence: 83%

See 1 more Smart Citation

Effective One-Class Classifier Model for Memory Dump Malware Detection

Al–Qudah¹,

Ashi²,

Alnabhan³

et al. 2022

Preprint

View full text Add to dashboard Cite

Malware complexity is rapidly increasing, causing catastrophic impacts on computer systems. Memory dump malware is gaining increased attention due to its ability to expose plaintext passwords or key encryption files. This paper presents an enhanced classification model based on One class SVM (OCSVM) classifier that can identify any deviation from the normal memory dump file patterns and detect it as malware. The proposed model integrates OCSVM and Principal Component Analysis (PCA) for increased model sensitivity and efficiency. An up-to-date dataset known as “MALMEMANALYSIS-2022” was utilized during the evaluation phase of this study. The accuracy achieved by the traditional one-class classification (TOCC) model was 55%, compared to 99.4% in the one-class classification with PCA (OCC-PCA) model. Such results have confirmed the increased performance achieved by the proposed model.

show abstract

Section: Analysis and Evaluate The Resultscontrasting

confidence: 83%

“…This model did not apply dimensionality reduction automatically on their datasets. Furthermore, in [23], a unique method for exploiting PMU data to detect cyberattacks on smart grids was suggested and built. It uses publicly accessible datasets on power system hacks and is based on semi-supervised anomaly identification.…”

Section: Literature Reviewmentioning

confidence: 99%

Effective One-Class Classifier Model for Memory Dump Malware Detection

Al–Qudah¹,

Ashi²,

Alnabhan³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…The recall is also very high (it is actually perfect for cryptomining execution detection), while the FPR has a relatively low value of 0.014 for both of the evaluated attacks. For benchmarking, we compared our two-step method with a variety of classical one-step algorithms widely used for anomaly and novelty detection in general [42], [87]- [90], and for IoT attack detection in particular [19], [91]. Two of these algorithms are the building blocks of CADeSH (namely, AE and k-means clustering, which we used to implement F ilter m 1 and F ilter m 2 , respectively).…”

Section: Overall Results and Benchmarkingmentioning

confidence: 99%

CADeSH: Collaborative Anomaly Detection for Smart Homes

Avraham

Libhaber

Shabtai

2023

IEEE Internet Things J.

View full text Add to dashboard Cite

Although home IoT (Internet of Things) devices are typically plain and task oriented, the context of their daily use may affect their traffic patterns. That is, a given IoT device will probably not generate the exact same traffic data when operated by different people in different environments and when connected to different networks with different topologies and communication components. For this reason, anomaly-based intrusion detection systems tend to suffer from a high false positive rate (FPR). To overcome this, we propose a two-step collaborative anomaly detection method which first uses an autoencoder to differentiate frequent ('benign') and infrequent (possibly 'malicious') traffic flows. Clustering is then used to analyze only the infrequent flows and classify them as either known ('rare yet benign') or unknown ('malicious'). Our method is collaborative, in that (1) normal behaviors are characterized more robustly, as they take into account a variety of user interactions and network topologies, and (2) several features are computed based on a pool of identical devices rather than just the inspected device.We evaluated our method empirically, using 21 days of real-world traffic data that emanated from eight identical IoT devices deployed on various networks, one of which was located in our controlled lab where we implemented two popular IoT-related cyber-attacks. Our collaborative anomaly detection method achieved a macro-average area under the precision-recall curve of 0.841, an F1 score of 0.929, and an FPR of only 0.014. These promising results were obtained by using labeled traffic data from our lab as the test set, while training the models on the traffic of devices deployed outside the lab, and thus demonstrate a high level of generalizability. In addition to its high generalizability and promising performance, our proposed method also offers benefits such as privacy preservation, resource savings, and model poisoning mitigation. On top of that, as a contribution to the scientific community, our novel dataset is available online.

show abstract

“…A similar application [126] helps detect stealthy FDIA on four IEEE distribution network models. But in [127], compared with supervised learning algorithms, Isolation Forest shows worse performance with the higher false-positive rate on a reduced-dimension dataset which includes both natural contingencies and attack events.…”

Section: Data-driven Approach: Unsupervised Learning Methodsmentioning

confidence: 97%

A Comprehensive Review of Cybersecurity in Inverter-Based Smart Power System Amid the Boom of Renewable Energy

et al. 2022

View full text Add to dashboard Cite

The blossom of renewable energy worldwide and its uncertain nature have driven the need for a more intelligent power system with the deep integration of smart power electronics. The smart inverter is one of the most critical components for the optimal operation of Smart Grid. However, due to the deep information and communication technology (ICT) infrastructure implementation that most inverter-based smart power systems tend to have, they are vulnerable to severe external threats such as cyberattacks by

show abstract

Detecting Cyber Attacks in Smart Grids Using Semi-Supervised Anomaly Detection and Deep Representation Learning

Cited by 27 publications

References 43 publications

Effective One-Class Classifier Model for Memory Dump Malware Detection

Effective One-Class Classifier Model for Memory Dump Malware Detection

CADeSH: Collaborative Anomaly Detection for Smart Homes

A Comprehensive Review of Cybersecurity in Inverter-Based Smart Power System Amid the Boom of Renewable Energy

Contact Info

Product

Resources

About