Noise Resilient Learning for Attack Detection in Smart Grid Pmu Infrastructure

Falsified data from compromised Phasor Measurement Units (PMUs) in a smart grid induce Energy Management Systems (EMS) to have an inaccurate estimation of the state of the grid, disrupting various operations of the power grid. Moreover, the PMUs deployed at the distribution layer of a smart grid show dynamic fluctuations in their data streams, which make it extremely challenging to design effective learning frameworks for anomaly-based attack detection. In this paper, we propose a noise resilient learning framework for anomaly-based attack detection specifically for distribution layer PMU infrastructure, that show real time indicators of data falsifications attacks while offsetting the effect of false alarms caused by the noise. Specifically, we propose a feature extraction framework that uses some Pythagorean Means of the active power from a cluster of PMUs, reducing multi-dimensional nature of the PMU data streams via quick big data summarization. We also propose a robust and noise resilient methodology for learning thresholds based on generalized robust estimation theory of our invariant feature. We experimentally validate our approach and demonstrate improved reliability performance using two completely different datasets collected from real distribution level PMU infrastructures

Active Learning Augmented Folded Gaussian Model for Anomaly Detection in Smart Transportation

Smart transportation networks have become instrumental in smart city applications with the potential to enhance road safety, improve the traffic management system and driving experience. A Traffic Message Channel (TMC) is an IoT device that records the data collected from the vehicles and forwards it to the Roadside Units (RSUs). This data is further processed and shared with the vehicles to inquire the fastest route and incidents that can cause significant delays. The failure of the TMC sensors can have adverse effects on the transportation network. In this paper, we propose a Gaussian distribution-based trust scoring model to identify anomalous TMC devices. Then we propose a semi-supervised active learning approach that reduces the manual labeling cost to determine the threshold to classify the honest and malicious devices. Extensive simulation results using real-world vehicular data from Nashville are provided to verify the accuracy of the proposed method

Robustness against attacks and uncertainties in smart cyber-physical systems

Cyber-Physical Systems (CPS) are sensing, processing, and communicating platforms, embedded with physical devices that provide real-time monitoring and control. Security challenges in CPS necessitate solutions that are robust against attacks and uncertainties and provide a seamless operation, especially when used in real-time applications to monitor and secure critical infrastructures. CPS mainly consists of a physical component for sensing or monitoring and a cyber component for processing and communicating. The quality of interactions between physical and cyber systems has direct impacts on the system’s performance and reliability. CPS plays a major role in smart services and applications within a smart living environment, such as smart cities, smart energy management systems, traffic control, critical infrastructure protection, and many defense-related systems. Such smart CPS are integrating sensing, communication, computation, and control aim to achieve stability, high performance, robustness, and efficiency. This thesis concentrates on three aspects of CPS robustness and security. First, we investigate the security of smart grid systems against adversarial attacks and how reliable automation of smart grids depends on decisions based on situational awareness extracted via real-time system monitoring. Second, we take a crowdsourcing vehicular network environment to identify potential security concerns, specifically that impacts the quantification of aggregate truthfulness of events (quality of information or QoI). Finally, we generalize the CPS system to create a large-scale network to investigate how information propagates in the CPS network and possible ways to control and mitigate the information spread. In all these cases, we identify the attack strategies that can be employed by an intelligent adversarial entity to disrupt the operation of the application and how different measures can be developed to make the system more robust and resilient against attacks and uncertainties”--Abstract, page iii

Real Time Stream Mining based Attack Detection in Distribution Level PMUs for Smart Grids

Reliable automation of smart grids depends on decisions based on situational awareness extracted via real time system monitoring and accurate state estimation. The Phasor Measurement Units (PMU) at distribution and transmission layers of the smart grid provide high velocity real time information on voltage and current magnitudes and angles in a three phase electrical grid. Naturally, the authenticity of the PMU data is of utmost operational importance. Data falsification attacks on PMU data can cause the Energy Management Systems (EMS) to take wrong decisions, potentially having drastic consequences on the power grid\u27s operation. The need for an automated data falsification attack detection and isolation is key for EMS protection from PMU data falsification. In this paper, we propose an automated distributed stream mining approach to time series anomaly based attack detection that identifies attacks while distinguishing from legitimate changes in PMU data trends. Specifically, we provide a real time learning invariant that reduces the multi-dimensional nature of the PMU data streams for quick big data summarization using a Pythagorean means of the active power from a cluster of PMUs. Thereafter, we propose a methodology that learns thresholds of the invariant automatically, to prove the predictive power of distinguishing between small attacks versus legitimate changes. Extensive simulation results using real PMU data are provided to verify the accuracy of the proposed method

Influence Spread Control in Complex Networks via Removal of Feed Forward Loops

Selective removal of certain subgraphs called motifs based on the spread function value is one of the most powerful approaches to curb the overall influence spread in any complex network. In this paper, we first prove that any general spread function preserves both monotonicity and submodularity properties even under motif removal operations. Next, we propose a scoring mechanism as a novel spread function that quantifies the relative importance of a given motif within the overall influence spread dynamics on the complex network. We design a novel algorithm that eliminates motifs with high spread scores to curb influence spread. We evaluate the performance of our proposed spread control algorithm using simulation experiments in the context of 3-node motifs called feed forward loops (FFLs) in both real and synthetic network topologies. We demonstrate that high-scoring motifs intercept a high number of short paths from the pre-assigned source and sinks, because of which their elimination results in a significant effect on curbing the influence spread. Furthermore, we empirically evaluate the run-time and cost versus performance trade-off of the proposed algorithm

Resilience Against Bad Mouthing Attacks in Mobile Crowdsensing Systems via Cyber Deception

Mobile Crowdsensing System (MCS) applications deploy rating feedback mechanisms to help quantify the trustworthiness of published events which over time improve decision accuracy and establish user reputation. In this paper, we first show that factors such as sparseness, inherent error probabilities of rating feedback labelers, and prior knowledge of the event trust scoring models, can be used by strategic adversaries to hijack the feedback labeling mechanism itself with bad mouthing attacks. Then, we propose a randomized rating sub-sampling technique inspired from moving target defense and cyber deception to mitigate the degradation in the resulting event trust scores of truthful events. We offer a game theoretic strategy under various knowledge levels of an adversary and the MCS in regards to picking an optimal sub-sample size for bad mouthing attacks and event trust calculations respectively, by using a vehicular crowdsensing as a proof-of-concept