Supervisory Control and Data Acquisition (SCADA) systems often serve as the
nervous system for substations within power grids. These systems facilitate
real-time monitoring, data acquisition, control of equipment, and ensure smooth
and efficient operation of the substation and its connected devices. Previous
work has shown that dimensionality reduction-based approaches, such as
Principal Component Analysis (PCA), can be used for accurate identification of
anomalies in SCADA systems. While not specifically applied to SCADA,
non-negative matrix factorization (NMF) has shown strong results at detecting
anomalies in wireless sensor networks. These unsupervised approaches model the
normal or expected behavior and detect the unseen types of attacks or anomalies
by identifying the events that deviate from the expected behavior. These
approaches; however, do not model the complex and multi-dimensional
interactions that are naturally present in SCADA systems. Differently,
non-negative tensor decomposition is a powerful unsupervised machine learning
(ML) method that can model the complex and multi-faceted activity details of
SCADA events. In this work, we novelly apply the tensor decomposition method
Canonical Polyadic Alternating Poisson Regression (CP-APR) with a probabilistic
framework, which has previously shown state-of-the-art anomaly detection
results on cyber network data, to identify anomalies in SCADA systems. We
showcase that the use of statistical behavior analysis of SCADA communication
with tensor decomposition improves the specificity and accuracy of identifying
anomalies in electrical grid systems. In our experiments, we model real-world
SCADA system data collected from the electrical grid operated by Los Alamos
National Laboratory (LANL) which provides transmission and distribution service
through a partnership with Los Alamos County, and detect synthetically
generated anomalies.Comment: 8 pages, 2 figures. In IEEE Military Communications Conference,
Artificial Intelligence for Cyber Workshop (MILCOM), 202