top of page
  • Writer's pictureAnil Lamba

SGO: Smart Grids Onlooker-Based Cyber-Attack Detection using DRNN-GRU

In this research-based article, we investigate the cyber security problem for large scale smart grid systems under false data injection attack. An observer-based algorithm is proposed to detect and isolate the cyber-attack by using real-time synchro phasor measurements. Combining the smart grid system with graph theory, the system is divided into several different coupled areas via sparsity of the connection topology.

According to the partition, the system is decomposed equivalently into several areas. Then, the output of the smart grid system can be gotten through wide area measurement system based on PMUs, and the asymmetric weighted Laplacian can be obtained by running a nonlinear least-square estimation algorithm.

By designing a modified observer, the residual is computed, and the adaptive residual threshold, used to detect and isolate the attack in the areas of the system, is also shown with considering the system model uncertainties. Then, an iterative algorithm detecting and isolating the cyber-attack is proposed based on the calculated residual threshold. Finally, some deep learning techniques are provided to illustrate the effectiveness of the cyber-attack detection.

Cyber-Security in Smart Grids - Smart grid is an electricity supply network which is based on a digital technology. It uses a two-way digital communication to establish a communication path between the supplier and consumers. This allows the smart grid system to monitor, analysis and control the efficiency, cost, reliability and the sustainability of the production and distribution of electricity.

As this next generation power grid strongly depends on digital technology, it is vulnerable to different types of security issues. In recent time different research have been conducted to explore and solve the security issues and challenges of smart grid network. Because the power grid is a critical infrastructure, it is a tempting target for sophisticated and well-equipped attackers.

Cyber-attacks are usually based on Malicious Software (malware) that must communicate with a controlling entity over the network to coordinate and propagate.The concept of smart grid consists of its infrastructure, components, framework etc. The infrastructure of smart grid mainly consists of two major systems; the management system and the protection system.

The management system provides advanced management and control services such as improving energy efficiency, demand profile, utility, cost and emission, based on the infrastructure by using optimization, machine learning, and game theory. The protection system provides advanced grid reliability analysis, failure protection as well as security and privacy protection services. The security of smart grid infrastructure is very crucial to ensure uninterrupted and reliable power supply to the users during emergency situations.

1. Artificial Neutral Network in Network Security - The artificial neural network is playing an increasingly important role in network management. Most of the research in the area of intrusion detection system relies extensively on AI techniques to design, implement and enhance security monitoring system. Studies have shown that the current anomaly detection IDSs fail to reach adequate detection rate while having few false alarm.

In this article, the commercial and research tools, and a new way to improve false alarm detection using neural network approach in IDS and the merits and demerits are presented. IDS will achieve a certain, well defined level of security and an adaptive AI system will make it more flexible for upcoming new challenges.

2. Advantages of Neural Network in Cyber-Security - Several case studies emphasize that the use of Artificial Neural Networks (ANN) can establish g pattern recognition and identify attack in situations where rules are not known. A neural network approach can be adapted to certain constraints; to recognize patterns and compare recent actions happened with the usual behavior which allows resolving many issues even without human intervention.

The technology promises not only to detect misuse and improve the recognition of malicious events with more consistency. A neural network is able to detect any possibility of misuse happened, which allows the system administrator to protect their entire organization through enhanced flexibility against intrusions. The experts believe that NN will function with more reliability and accuracy in identifying intrusions of insecure networks.

3. Current State of Deep Learning Systems in InfoSec - Deep learning is not a silver bullet that can solve all the InfoSec problems because it needs extensive labeled datasets. Unfortunately, no such labeled datasets are readily available. However, there are several InfoSec that use cases where the deep learning networks make significant improvements to the existing solutions. Malware detection and network intrusion detection are two such areas where deep learning has shown significant improvements over the rule-based and classic machine learning-based solutions.

4. Recurrent Neural Network in Network Security - Traditional Recurrent Neural Networks (RNN) are known to be capable of learning complex temporal sequence. Although RNNs have proven to be successful in many tasks such as text generation and speech recognition, it is difficult for RNNs to learn and train on long temporal sequence.

This is due to the vanishing and exploding gradient problem that propagates through the multiple layers of the RNN. This in turn causes the network not to be able to learn effectively. LSTM solves above mentioned limitation by containing “memory cells” that allow the network to learn when to forget previous memory states or when to update the hidden states when new information is provided.

Based on the prediction of the LSTM-RNN, we then calculate the difference between the predicted outputs and the actual sensor data. The idea is to identify any deviations between the actual sensor data and the outputs of the trained model that predicts what the ideal sensor value should be under normal behaviour.

Instead of identifying thresholds at each sensor, we apply the Cumulative Sum (CUSUM) method to detect the deviations that corresponds to anomalies. CUSUM calculates the cumulative sum of the sequence predictions to detect small deviations over time thus reducing the number of false positives.

5. Detecting Cyber-Attacks in ICS using Convolutional Neural Networks - This article presents a study on detecting cyber-attacks on industrial control systems (ICS) using convolutional neural networks. We suggest a method for anomaly detection based on measuring the statistical deviation of the predicted value from the observed value.

1D convolutional networks can be successfully used for anomaly detection in industrial control systems and outperform recurrent networks in this setting. The findings also suggest that 1D convolutional networks are effective at time series prediction tasks which are traditionally considered to be best solved using recurrent neural networks. This observation is a promising one, as 1D convolutional neural networks are simpler, smaller, and fast than the recurrent neural networks.

6. AI-Based Approach - False data injection attacks can pose serious threats to the operation and control of power grid. The smarter the power grid gets, the more vulnerable it becomes to cyber-attacks.

Various detection methods of cyber-attacks have been proposed in the literature in recent past. However, to completely alleviate the possibility of cyber-threats, the compromised meters must be identified and secured. The AI-based method successfully identifies the compromised meters by anticipating the correct measurements in the event of the cyber-attack.

7. AI-Based Identification of Malicious Meters - It can be concluded from the previous section, that all FDI attacks, irrespective of their modelling, eventually misleads the system operator with falsified system states. Furthermore, as the targeted state variable increases, a higher number of meters are required by the adversary to launch the ‘successful’ attack.

Therefore, it is logical to design a protection scheme which is capable of detecting the attack with a minimum set of compromised meters. It can be deduced that the FDI attack is present in the measurement sample. Once the attack is successfully detected, AI-based load estimator is used to predict the load for the present sample using older correct samples, which identifies the attacked measurement sensors and alarm the system operator.

8. Restricted Boltzmann Machine - During the last years 10 years, malware landscape has changed dramatically. With more than 200.000 samples appearing daily it is impossible for anyone to analyze them by hand. That is why an automated malware classification algorithm is needed. we will use a neural network, more exactly a restricted Boltzmann machine, to create a new set of features from existing ones.

The purpose of the neural network is to increase detection rate and lower the number of false positives by finding correlations between features and transforming them from discrete values to continuous. The usage of this method brings another advantage. Even though original perceptron features are Boolean values, they can be transformed by the neural network in continuous ones by using outputted probability of the restricted Boltzmann machine as feature for the perceptron.

Conclusion -

Protection against the malicious attacks arising due to the onset of cyber and physical interconnection of power system components is considered to be of critical importance. By only increasing the security of the meters, we can increase the attack cost, but cannot assure that system will always remain hack-proof. The securing of CPS from cyber-attacks is a high priority for many governments. While many IDS exists, they focus mainly on network traffic. In addition, majority of behaviour based approaches are on specification or signature-based techniques. This article proposes an unsupervised learning approach for anomaly detection in the area of CPS.

References -

Chiheb Chebbi (2018) Mastering Machine Learning for Penetration Testing

Khanna, K., Panigrahi, B. K., & Joshi, A. (2017). AI-based approach to identify compromised meters in data integrity attacks on smart grid. IET Generation, Transmission & Distribution, 12(5), 1052-1066.

Goh, J., Adepu, S., Tan, M., & Lee, Z. S. (2017, January). Anomaly detection in cyber physical systems using recurrent neural networks. In High Assurance Systems Engineering (HASE), 2017 IEEE 18th International Symposium on (pp. 140-145). IEEE.

Kravchik, M., & Shabtai, A. (2018, October). Detecting Cyber Attacks in Industrial Control Systems Using Convolutional Neural Networks. In Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy (pp. 72-83). ACM.

#smartgrids #infosec #linkedin #riskassessment #informationsecurity #auditmanagement #informationprotection #securityaudit #cyberrisks #cybersecurity #security #cloudsecurity #trends #grc #leadership #socialmedia #networking #branding #linkedinlocal #digitization #cyberrisk #education #india #leadership #socialmedia #BigData #Hacking #CyberIntrusion #Articles #cybercrime #hacking #databreach #hackers #networking #privacy #datasecurity #passwordmanagement #identitytheft #AI #technology #IOT #Anil_Lamba

17 views0 comments
Post: Blog2_Post
bottom of page