4,677 research outputs found
Fast Sequence Component Analysis for Attack Detection in Synchrophasor Networks
Modern power systems have begun integrating synchrophasor technologies into
part of daily operations. Given the amount of solutions offered and the
maturity rate of application development it is not a matter of "if" but a
matter of "when" in regards to these technologies becoming ubiquitous in
control centers around the world. While the benefits are numerous, the
functionality of operator-level applications can easily be nullified by
injection of deceptive data signals disguised as genuine measurements. Such
deceptive action is a common precursor to nefarious, often malicious activity.
A correlation coefficient characterization and machine learning methodology are
proposed to detect and identify injection of spoofed data signals. The proposed
method utilizes statistical relationships intrinsic to power system parameters,
which are quantified and presented. Several spoofing schemes have been
developed to qualitatively and quantitatively demonstrate detection
capabilities.Comment: 8 pages, 4 figures, submitted to IEEE Transaction
Building an Emulation Environment for Cyber Security Analyses of Complex Networked Systems
Computer networks are undergoing a phenomenal growth, driven by the rapidly
increasing number of nodes constituting the networks. At the same time, the
number of security threats on Internet and intranet networks is constantly
growing, and the testing and experimentation of cyber defense solutions
requires the availability of separate, test environments that best emulate the
complexity of a real system. Such environments support the deployment and
monitoring of complex mission-driven network scenarios, thus enabling the study
of cyber defense strategies under real and controllable traffic and attack
scenarios. In this paper, we propose a methodology that makes use of a
combination of techniques of network and security assessment, and the use of
cloud technologies to build an emulation environment with adjustable degree of
affinity with respect to actual reference networks or planned systems. As a
byproduct, starting from a specific study case, we collected a dataset
consisting of complete network traces comprising benign and malicious traffic,
which is feature-rich and publicly available
Cybersecurity Strategy against Cyber Attacks towards Smart Grids with PVs
Cyber attacks threaten the security of distribution power grids, such as smart grids. The emerging renewable energy sources such as photovoltaics (PVs) with power electronics controllers introduce new potential vulnerabilities. Based on the electric waveform data measured by waveform sensors in the smart grids, we propose a novel cyber attack detection and identification approach. Firstly, we analyze the cyber attack impacts (including cyber attacks on the solar inverter causing unusual harmonics) on electric waveforms in distribution power grids. Then, we propose a novel deep learning based mechanism including attack detection and attack diagnosis. By leveraging the electric waveform sensor data structure, our approach does not need the training stage for both detection and the root cause diagnosis, which is needed for machine learning/deep learning-based methods. For comparison, we have evaluated classic data-driven methods, including -nearest neighbor (KNN), decision tree (DT), support vector machine (SVM), artificial neural network (ANN), and convolutional neural network (CNN). Comparison results verify the performance of the proposed method for detection and diagnosis of various cyber attacks on PV systems
Time is of the Essence: Machine Learning-based Intrusion Detection in Industrial Time Series Data
The Industrial Internet of Things drastically increases connectivity of
devices in industrial applications. In addition to the benefits in efficiency,
scalability and ease of use, this creates novel attack surfaces. Historically,
industrial networks and protocols do not contain means of security, such as
authentication and encryption, that are made necessary by this development.
Thus, industrial IT-security is needed. In this work, emulated industrial
network data is transformed into a time series and analysed with three
different algorithms. The data contains labeled attacks, so the performance can
be evaluated. Matrix Profiles perform well with almost no parameterisation
needed. Seasonal Autoregressive Integrated Moving Average performs well in the
presence of noise, requiring parameterisation effort. Long Short Term
Memory-based neural networks perform mediocre while requiring a high training-
and parameterisation effort.Comment: Extended version of a publication in the 2018 IEEE International
Conference on Data Mining Workshops (ICDMW
- …