Machine Learning Based Detection of False Data Injection Attacks in Wide Area Monitoring Systems

The Smart Grid (SG) is an upgraded, intelligent, and a more reliable version of the traditional Power Grid due to the integration of information and communication technologies. The operation of the SG requires a dense communication network to link all its components. But such a network renders it prone to cyber attacks jeopardizing the integrity and security of the communicated data between the physical electric grid and the control centers. One of the most prominent components of the SG are Wide Area Monitoring Systems (WAMS). WAMS are a modern platform for grid-wide information, communication, and coordination that play a major role in maintaining the stability of the grid against major disturbances. In this thesis, an anomaly detection framework is proposed to identify False Data Injection (FDI) attacks in WAMS using different Machine Learning (ML) and Deep Learning (DL) techniques, i.e., Deep Autoencoders (DAE), Long-Short Term Memory (LSTM), and One-Class Support Vector Machine (OC-SVM). These algorithms leverage diverse, complex, and high-volume power measurements coming from communications between different components of the grid to detect intelligent FDI attacks. The injected false data is assumed to target several major WAMS monitoring applications, such as Voltage Stability Monitoring (VSM), and Phase Angle Monitoring (PAM). The attack vector is considered to be smartly crafted based on the power system data, so that it can pass the conventional bad data detection schemes and remain stealthy. Due to the lack of realistic attack data, machine learning-based anomaly detection techniques are used to detect FDI attacks. To demonstrate the impact of attacks on the realistic WAMS traffic and to show the effectiveness of the proposed detection framework, a Hardware-In-the-Loop (HIL) co-simulation testbed is developed. The performance of the implemented techniques is compared on the testbed data using different metrics: Accuracy, F1 score, and False Positive Rate (FPR) and False Negative Rate (FNR). The IEEE 9-bus and IEEE 39-bus systems are used as benchmarks to investigate the framework scalability. The experimental results prove the effectiveness of the proposed models in detecting FDI attacks in WAMS

Graphical Convolution Network Based Semi-Supervised Methods for Detecting PMU Data Manipulation Attacks

With the integration of information and communications technologies (ICTs) into the power grid, electricity infrastructures are gradually transformed towards smart grid and power systems become more open to and accessible from outside networks. With ubiquitous sensors, computers and communication networks, modern power systems have become complicated cyber-physical systems. The cyber security issues and the impact of potential attacks on the smart grid have become an important issue. Among these attacks, false data injection attack (FDIA) becomes a growing concern because of its varied types and impacts. Several detection algorithms have been developed in the last few years, which were model-based, trajectory prediction-based or learning-based methods. Phasor measurement units (PMUs) and supervisory control and data acquisition (SCADA) system work together to monitor the power system operation. The unsecured devices could offer opportunities to adversaries to compromise the system. In the literature review part of this thesis, the main methods are compared considering computing accuracy and complexity. Most work about PMUs ignored the reality that the number of PMUs installed in a power system is limited to realize observability because of high installing cost. Therefore, based on observable truth of PMU and the topology structure of power system, the graph convolution network (GCN) is proposed in this thesis. The main idea is using selected features to define violated PMU, and GCN is used to classify susceptible violated nodes and normal nodes. The basic detection method is introduced at first. And then the calculation process of neural network and Fourier transform are described with more details about graph convolution network. Later, the proposed detection mechanism and algorithm are introduced. Finally, the simulation results are given and analyzed

A stacked autoencoder-based convolutional and recurrent deep neural network for detecting cyberattacks in interconnected power control systems

n/

A Deep Learning based Detection Method for Combined Integrity-Availability Cyber Attacks in Power System

As one of the largest and most complex systems on earth, power grid (PG) operation and control have stepped forward as a compound analysis on both physical and cyber layers which makes it vulnerable to assaults from economic and security considerations. A new type of attack, namely as combined data Integrity-Availability attack, has been recently proposed, where the attackers can simultaneously manipulate and blind some measurements on SCADA system to mislead the control operation and keep stealthy. Compared with traditional FDIAs, this combined attack can further complicate and vitiate the model-based detection mechanism. To detect such attack, this paper proposes a novel random denoising LSTM-AE (LSTMRDAE) framework, where the spatial-temporal correlations of measurements can be explicitly captured and the unavailable data is countered by the random dropout layer. The proposed algorithm is evaluated and the performance is verified on a standard IEEE 118-bus system under various unseen attack attempts

Ensemble Feature Learning-Based Event Classification for Cyber-Physical Security of the Smart Grid

The power grids are transforming into the cyber-physical smart grid with increasing two-way communications and abundant data flows. Despite the efficiency and reliability promised by this transformation, the growing threats and incidences of cyber attacks targeting the physical power systems have exposed severe vulnerabilities. To tackle such vulnerabilities, intrusion detection systems (IDS) are proposed to monitor threats for the cyber-physical security of electrical power and energy systems in the smart grid with increasing machine-to-machine communication. However, the multi-sourced, correlated, and often noise-contained data, which record various concurring cyber and physical events, are posing significant challenges to the accurate distinction by IDS among events of inadvertent and malignant natures. Hence, in this research, an ensemble learning-based feature learning and classification for cyber-physical smart grid are designed and implemented. The contribution of this research are (i) the design, implementation and evaluation of an ensemble learning-based attack classifier using extreme gradient boosting (XGBoost) to effectively detect and identify attack threats from the heterogeneous cyber-physical information in the smart grid; (ii) the design, implementation and evaluation of stacked denoising autoencoder (SDAE) to extract highlyrepresentative feature space that allow reconstruction of a noise-free input from noise-corrupted perturbations; (iii) the design, implementation and evaluation of a novel ensemble learning-based feature extractors that combine multiple autoencoder (AE) feature extractors and random forest base classifiers, so as to enable accurate reconstruction of each feature and reliable classification against malicious events. The simulation results validate the usefulness of ensemble learning approach in detecting malicious events in the cyber-physical smart grid

A Review on the Evaluation of Feature Selection Using Machine Learning for Cyber-Attack Detection in Smart Grid

The Smart Grid is a modern power grid that relies on advanced technologies to provide reliable and sustainable electricity. However, its integration with various communication technologies and IoT devices makes it vulnerable to cyber-attacks. Such attacks can lead to significant damage, economic losses, and public safety hazards. To ensure the security of the smart grid, increasingly strong security solutions are needed. This paper provides a comprehensive analysis of the vulnerabilities of the smart grid and the different approaches for detecting cyber-attacks. It examines the different vulnerabilities of the smart grid, including system vulnerabilities and cyber-attacks, and discusses the vulnerabilities of all its elements. The paper also investigates various approaches for detecting cyber-attacks, including rule-based, signature-based, anomaly detection, and machine learning-based methods, with a focus on their effectiveness and related research. Finally, prospective cybersecurity approaches for the smart grid, such as AI approaches and blockchain, are discussed along with the challenges and future prospects of cyberattacks on the smart grid. The paper's findings can help policymakers and stakeholders make informed decisions about the security of the smart grid and develop effective strategies to protect it from cyber-attacks