Published on Mon Jun 18 2018

Power-Grid Controller Anomaly Detection with Enhanced Temporal Deep Learning

Zecheng He, Aswin Raghavan, Guangyuan Hu, Sek Chai, Ruby Lee

Attackers of security-critical cyber-physical systems, like the power grid, are a very important class of computer systems. Attacks against the control code of a power-grid system, especially zero-day attacks, can be catastrophic. Earlier detection of the anomalies can prevent further damage.

0
0
0
Abstract

Controllers of security-critical cyber-physical systems, like the power grid, are a very important class of computer systems. Attacks against the control code of a power-grid system, especially zero-day attacks, can be catastrophic. Earlier detection of the anomalies can prevent further damage. However, detecting zero-day attacks is extremely challenging because they have no known code and have unknown behavior. Furthermore, if data collected from the controller is transferred to a server through networks for analysis and detection of anomalous behavior, this creates a very large attack surface and also delays detection. In order to address this problem, we propose Reconstruction Error Distribution (RED) of Hardware Performance Counters (HPCs), and a data-driven defense system based on it. Specifically, we first train a temporal deep learning model, using only normal HPC readings from legitimate processes that run daily in these power-grid systems, to model the normal behavior of the power-grid controller. Then, we run this model using real-time data from commonly available HPCs. We use the proposed RED to enhance the temporal deep learning detection of anomalous behavior, by estimating distribution deviations from the normal behavior with an effective statistical test. Experimental results on a real power-grid controller show that we can detect anomalous behavior with high accuracy (>99.9%), nearly zero false positives and short (<360ms) latency.

Fri Sep 25 2020
Machine Learning
Deep Learning based Covert Attack Identification for Industrial Control Systems
Cybersecurity of Industrial Control Systems (ICS) is drawing significant concerns as data communication increasingly leverages wireless networks. A lot of data-driven methods were developed for detecting cyberattacks, but few are focused on distinguishing them from equipment faults.
0
0
0
Fri Oct 16 2020
Artificial Intelligence
Exploiting Vulnerabilities of Deep Learning-based Energy Theft Detection in AMI through Adversarial Attacks
Effective detection of energy theft can prevent revenue losses of utility companies and is also important for smart grid security. In recent years, deep learning (DL)approaches are becoming popular in the literature to detect energy theft in the advanced metering infrastructure.
0
0
0
Thu Oct 03 2019
Machine Learning
False Data Injection Attacks in Internet of Things and Deep Learning enabled Predictive Analytics
Predictive maintenance (PdM) is an industry 4.0 solution. PdM is powered by state-of-the-art machine learning (ML) algorithms and the Internet of Things (IoT) sensors. IoT sensors and deep learning (DL) algorithms are known for vulnerabilities to cyber-attacks.
0
0
0
Wed Dec 09 2020
Machine Learning
A Deep Learning Approach to Anomaly Sequence Detection for High-Resolution Monitoring of Power Systems
A deep learning approach is proposed to detect data and system anomalies. It uses high-resolution continuous point-on-wave (CPOW) or phasor measurements. The approach deploys a uniformity test for anomaly detection at the sensor level.
0
0
0
Tue Dec 31 2019
Machine Learning
Deep Learning-Based Intrusion Detection System for Advanced Metering Infrastructure
The smart grid is exposed to a wide variety of threats that could be translated into cyber-attacks. Smart grid is an alternative solution of the conventional power grid which harnesses the power of the information technology.
0
0
0
Wed Feb 17 2021
Machine Learning
Towards Adversarial-Resilient Deep Neural Networks for False Data Injection Attack Detection in Power Grids
False data injection attack (FDIA) is a critical security issue. In recent years, machine learning (ML) techniques have been proposed in the literature for FDIA detection. However, they have not considered the risk of adversarial attacks.
0
0
0