Hoeffding Tree Algorithms for Anomaly Detection in Streaming Datasets: A Survey

This survey aims to deliver an extensive and well-constructed overview of using machine learning for the problem of detecting anomalies in streaming datasets. The objective is to provide the effectiveness of using Hoeffding Trees as a machine learning algorithm solution for the problem of detecting anomalies in streaming cyber datasets. In this survey we categorize the existing research works of Hoeffding Trees which can be feasible for this type of study into the following: surveying distributed Hoeffding Trees, surveying ensembles of Hoeffding Trees and surveying existing techniques using Hoeffding Trees for anomaly detection. These categories are referred to as compositions within this paper and were selected based on their relation to streaming data and the flexibility of their techniques for use within different domains of streaming data. We discuss the relevance of how combining the techniques of the proposed research works within these compositions can be used to address the anomaly detection problem in streaming cyber datasets. The goal is to show how a combination of techniques from different compositions can solve a prominent problem, anomaly detection

Deep Learning-Based, Passive Fault Tolerant Control Facilitated by a Taxonomy of Cyber-Attack Effects

In the interest of improving the resilience of cyber-physical control systems to better operate in the presence of various cyber-attacks and/or faults, this dissertation presents a novel controller design based on deep-learning networks. This research lays out a controller design that does not rely on fault or cyber-attack detection. Being passive, the controller’s routine operating process is to take in data from the various components of the physical system, holistically assess the state of the physical system using deep-learning networks and decide the subsequent round of commands from the controller. This use of deep-learning methods in passive fault tolerant control (FTC) is unique in the research literature. The proposed controller is applied to both linear and nonlinear systems. Additionally, the application and testing are accomplished with both actuators and sensors being affected by attacks and /or faults

Comprehensive Survey and Taxonomies of False Injection Attacks in Smart Grid: Attack Models, Targets, and Impacts

Smart Grid has rapidly transformed the centrally controlled power system into a massively interconnected cyber-physical system that benefits from the revolutions happening in the communications (e.g. 5G) and the growing proliferation of the Internet of Things devices (such as smart metres and intelligent electronic devices). While the convergence of a significant number of cyber-physical elements has enabled the Smart Grid to be far more efficient and competitive in addressing the growing global energy challenges, it has also introduced a large number of vulnerabilities culminating in violations of data availability, integrity, and confidentiality. Recently, false data injection (FDI) has become one of the most critical cyberattacks, and appears to be a focal point of interest for both research and industry. To this end, this paper presents a comprehensive review in the recent advances of the FDI attacks, with particular emphasis on 1) adversarial models, 2) attack targets, and 3) impacts in the Smart Grid infrastructure. This review paper aims to provide a thorough understanding of the incumbent threats affecting the entire spectrum of the Smart Grid. Related literature are analysed and compared in terms of their theoretical and practical implications to the Smart Grid cybersecurity. In conclusion, a range of technical limitations of existing false data attack research is identified, and a number of future research directions is recommended.Comment: Double-column of 24 pages, prepared based on IEEE Transaction articl

Event and Intrusion Detection Systems for Cyber-Physical Power Systems

High speed data from Wide Area Measurement Systems (WAMS) with Phasor Measurement Units (PMU) enables real and non-real time monitoring and control of power systems. The information and communication infrastructure used in WAMS efficiently transports information but introduces cyber security vulnerabilities. Adversaries may exploit such vulnerabilities to create cyber-attacks against the electric power grid. Control centers need to be updated to be resilient not only to well-known power system contingencies but also to cyber-attacks. Therefore, a combined event and intrusion detection systems (EIDS) is required that can provide precise classification for optimal response. This dissertation describes a WAMS cyber-physical power system test bed that was developed to generate datasets and perform cyber-physical power system research related to cyber-physical system vulnerabilities, cyber-attack impact studies, and machine learning algorithms for EIDS. The test bed integrates WAMS components with a Real Time Digital Simulator (RTDS) with hardware in the loop (HIL) and includes various sized power systems with a wide variety of implemented power system and cyber-attack scenarios. This work developed a novel data processing and compression method to address the WAMS big data problem. The State Tracking and Extraction Method (STEM) tracks system states from measurements and creates a compressed sequence of states for each observed scenario. Experiments showed STEM reduces data size significantly without losing key event information in the dataset that is useful to train EIDS and classify events. Two EIDS are proposed and evaluated in this dissertation. Non-Nested Generalized Exemplars (NNGE) is a rule based classifier that creates rules in the form of hyperrectangles to classify events. NNGE uses rule generalization to create a model that has high accuracy and fast classification time. Hoeffding adaptive trees (HAT) is a decision tree classifier and uses incremental learning which is suitable for data stream mining. HAT creates decision trees on the fly from limited number of instances, uses low memory, has fast evaluation time, and adapts to concept changes. The experiments showed NNGE and HAT with STEM make effective EIDS that have high classification accuracy, low false positives, low memory usage, and fast classification times

Event and Intrusion Detection Systems for Cyber-Physical Power Systems

High speed data from Wide Area Measurement Systems (WAMS) with Phasor Measurement Units (PMU) enables real and non-real time monitoring and control of power systems. The information and communication infrastructure used in WAMS efficiently transports information but introduces cyber security vulnerabilities. Adversaries may exploit such vulnerabilities to create cyber-attacks against the electric power grid. Control centers need to be updated to be resilient not only to well-known power system contingencies but also to cyber-attacks. Therefore, a combined event and intrusion detection systems (EIDS) is required that can provide precise classification for optimal response. This dissertation describes a WAMS cyber-physical power system test bed that was developed to generate datasets and perform cyber-physical power system research related to cyber-physical system vulnerabilities, cyber-attack impact studies, and machine learning algorithms for EIDS. The test bed integrates WAMS components with a Real Time Digital Simulator (RTDS) with hardware in the loop (HIL) and includes various sized power systems with a wide variety of implemented power system and cyber-attack scenarios. This work developed a novel data processing and compression method to address the WAMS big data problem. The State Tracking and Extraction Method (STEM) tracks system states from measurements and creates a compressed sequence of states for each observed scenario. Experiments showed STEM reduces data size significantly without losing key event information in the dataset that is useful to train EIDS and classify events. Two EIDS are proposed and evaluated in this dissertation. Non-Nested Generalized Exemplars (NNGE) is a rule based classifier that creates rules in the form of hyperrectangles to classify events. NNGE uses rule generalization to create a model that has high accuracy and fast classification time. Hoeffding adaptive trees (HAT) is a decision tree classifier and uses incremental learning which is suitable for data stream mining. HAT creates decision trees on the fly from limited number of instances, uses low memory, has fast evaluation time, and adapts to concept changes. The experiments showed NNGE and HAT with STEM make effective EIDS that have high classification accuracy, low false positives, low memory usage, and fast classification times

Smart Urban Water Networks

This book presents the paper form of the Special Issue (SI) on Smart Urban Water Networks. The number and topics of the papers in the SI confirm the growing interest of operators and researchers for the new paradigm of smart networks, as part of the more general smart city. The SI showed that digital information and communication technology (ICT), with the implementation of smart meters and other digital devices, can significantly improve the modelling and the management of urban water networks, contributing to a radical transformation of the traditional paradigm of water utilities. The paper collection in this SI includes different crucial topics such as the reliability, resilience, and performance of water networks, innovative demand management, and the novel challenge of real-time control and operation, along with their implications for cyber-security. The SI collected fourteen papers that provide a wide perspective of solutions, trends, and challenges in the contest of smart urban water networks. Some solutions have already been implemented in pilot sites (i.e., for water network partitioning, cyber-security, and water demand disaggregation and forecasting), while further investigations are required for other methods, e.g., the data-driven approaches for real time control. In all cases, a new deal between academia, industry, and governments must be embraced to start the new era of smart urban water systems