563 research outputs found
DEEP LEARNING TECHNIQUES FOR DETECTION OF FALSE DATA INJECTION ATTACKS ON ELECTRIC POWER GRID
The electric power grid uses a set of measuring and switching devices for its operations and control. The data retrieved from the measuring instruments is assumed to be noisy, therefore a state estimator is used to estimate the correct values of state variables on which the system can take control actions. The modern electric power grid is dependent on communication networks for transferring these measurements, which are susceptible to intrusions from hackers. False data injection attacks (FDIA) are one of the most common attack strategies where an intruder tries to trick the underlying control system of the grid to cause disruptions without getting detected by native anomaly detection measures inbuilt in the state estimator. The native anomaly detection mechanism relies on threshold and residual based measure to flag a set of measurements as anomaly. Therefore, if the attack is devised in such a way that the intrusion can be performed without significantly affecting the residual error of state estimation it can go undetected. We propose a data augmented deep learning based solution to detect such attacks in real time.
We propose methods of generating realistic random and targeted attack simulations on standard IEEE architectures and methods of detecting them using deep learning models. We propose recurrent neural network (RNN) based architectures to detect and locate FDIAs and devices compromised in real-time. For detection we propose a supervised and an unsupervised method. Similarly, for location we propose a method to find exact devices compromised which is less practical and then move on to a more feasible and practical solution in supervised and unsupervised conditions. Being an intrusion detection system it is critical to detect all attacks which means false negatives should be penalized heavily, whereas false positives can be accommodated. Therefore, we use recall as our primary performance metric and precision recall curve to find an optimal threshold of probability score. In addition, we demonstrate how our approach is better than a residual error and other previous detection models. We also compare the performance of our models with increasing number of devices being compromised
FedEdge AI-TC: A Semi-supervised Traffic Classification Method based on Trusted Federated Deep Learning for Mobile Edge Computing
As a typical entity of MEC (Mobile Edge Computing), 5G CPE (Customer Premise
Equipment)/HGU (Home Gateway Unit) has proven to be a promising alternative to
traditional Smart Home Gateway. Network TC (Traffic Classification) is a vital
service quality assurance and security management method for communication
networks, which has become a crucial functional entity in 5G CPE/HGU. In recent
years, many researchers have applied Machine Learning or Deep Learning (DL) to
TC, namely AI-TC, to improve its performance. However, AI-TC faces challenges,
including data dependency, resource-intensive traffic labeling, and user
privacy concerns. The limited computing resources of 5G CPE further complicate
efficient classification. Moreover, the "black box" nature of AI-TC models
raises transparency and credibility issues. The paper proposes the FedEdge
AI-TC framework, leveraging Federated Learning (FL) for reliable Network TC in
5G CPE. FL ensures privacy by employing local training, model parameter
iteration, and centralized training. A semi-supervised TC algorithm based on
Variational Auto-Encoder (VAE) and convolutional neural network (CNN) reduces
data dependency while maintaining accuracy. To optimize model light-weight
deployment, the paper introduces XAI-Pruning, an AI model compression method
combined with DL model interpretability. Experimental evaluation demonstrates
FedEdge AI-TC's superiority over benchmarks in terms of accuracy and efficient
TC performance. The framework enhances user privacy and model credibility,
offering a comprehensive solution for dependable and transparent Network TC in
5G CPE, thus enhancing service quality and security.Comment: 13 pages, 13 figure
Semi-WTC: A Practical Semi-supervised Framework for Attack Categorization through Weight-Task Consistency
Supervised learning has been widely used for attack categorization, requiring
high-quality data and labels. However, the data is often imbalanced and it is
difficult to obtain sufficient annotations. Moreover, supervised models are
subject to real-world deployment issues, such as defending against unseen
artificial attacks. To tackle the challenges, we propose a semi-supervised
fine-grained attack categorization framework consisting of an encoder and a
two-branch structure and this framework can be generalized to different
supervised models. The multilayer perceptron with residual connection is used
as the encoder to extract features and reduce the complexity. The Recurrent
Prototype Module (RPM) is proposed to train the encoder effectively in a
semi-supervised manner. To alleviate the data imbalance problem, we introduce
the Weight-Task Consistency (WTC) into the iterative process of RPM by
assigning larger weights to classes with fewer samples in the loss function. In
addition, to cope with new attacks in real-world deployment, we propose an
Active Adaption Resampling (AAR) method, which can better discover the
distribution of unseen sample data and adapt the parameters of encoder.
Experimental results show that our model outperforms the state-of-the-art
semi-supervised attack detection methods with a 3% improvement in
classification accuracy and a 90% reduction in training time.Comment: Tech repor
Comparative Evaluation of VAEs, VAE-GANs and AAEs for Anomaly Detection in Network Intrusion Data
With cyberattacks growing in frequency and sophistication, effective anomaly detection is critical for securing networks and systems. This study provides a comparative evaluation of deep generative models for detecting anomalies in network intrusion data. The key objective is to determine the most accurate model architecture. Variational autoencoders (VAEs), VAE-GANs, and adversarial autoencoders (AAEs) are tested on the NSL-KDD dataset containing normal traffic and different attack types. Results show that AAEs significantly outperform VAEs and VAE-GANs, achieving AUC scores up to 0.96 and F1 scores of 0.76 on novel attacks. The adversarial regularization of AAEs enables superior generalization capabilities compared to standard VAEs. VAE-GANs exhibit better accuracy than VAEs, demonstrating the benefits of adversarial training. However, VAE-GANs have higher computational requirements. The findings provide strong evidence that AAEs are the most effective deep anomaly detection technique for intrusion detection systems. This study delivers novel insights into optimizing deep learning architectures for cyber defense. The comparative evaluation methodology and results will aid researchers and practitioners in selecting appropriate models for operational network security
- …