Intrusion Detection of NSM Based DoS Attacks Using Data Mining in Smart Grid (original) (raw)
Related papers
A Performance Comparison of Data Mining Algorithms Based Intrusion Detection System for Smart Grid
2019
Smart grid is an emerging and promising technology. It uses the power of information technologies to deliver intelligently the electrical power to customers, and it allows the integration of green technology to meet the environmental requirements. Unfortunately, information technologies have inherent vulnerabilities and weaknesses that expose the smart grid to a wide variety of security risks. The Intrusion detection system (IDS) plays an important role in securing smart grid networks and detecting malicious activity, yet it suffers from several limitations. Many research papers have been published to address these issues using several algorithms and techniques. Therefore, a detailed comparison between these algorithms is needed. This paper presents an overview of four data mining algorithms used by IDS in Smart Grid. A performance evaluation of these algorithms is conducted based on several metrics including the probability of detection, probability of false alarm, probability of m...
An Anomaly-Based Intrusion Detection System for the Smart Grid Based on CART Decision Tree
2018
The Smart Grid (SG) paradigm constitutes the new technological evolution of the traditional electrical grid, providing remote monitoring and controlling capabilities among all its operations through computing services. These new capabilities offer a lot of benefits, such as better energy management, increased reliability and security, as well as more economical pricing. However, despite these advantages, it introduces significant security challenges, as the computing systems and the corresponding communications are characterized by several cybersecurity threats. An efficient solution against cyberattacks is the Intrusion Detection Systems (IDS). These systems usually operate as a second line of defence and have the ability to detect or even prevent cyberattacks in near real-time. In this paper, we present a new IDS for the Advanced Metering Infrastructure (AMI) utilizing machine learning capabilities based on a decision tree. Decision trees have been used for multiple classification problems like the distinguishment between the normal and malicious activities. The experimental evaluation demonstrates the efficiency of the proposed IDS, as the Accuracy and the True Positive Rate of our IDS reach 0:996 and 0:993 respectively.
Symmetry, 2021
Increased connectivity is required to implement novel coordination and control schemes. IEC 61850-based communication solutions have become popular due to many reasons—object-oriented modeling capability, interoperable connectivity and strong communication protocols, to name a few. However, communication infrastructure is not well-equipped with cybersecurity mechanisms for secure operation. Unlike online banking systems that have been running such security systems for decades, smart grid cybersecurity is an emerging field. To achieve security at all levels, operational technology-based security is also needed. To address this need, this paper develops an intrusion detection system for smart grids utilizing IEC 61850’s Generic Object-Oriented Substation Event (GOOSE) messages. The system is developed with machine learning and is able to monitor the communication traffic of a given power system and distinguish normal events from abnormal ones, i.e., attacks. The designed system is imp...
Towards an Implementation of Data Analytics for Smart Grid Security
2017
Given the recent increase in frequency, sophistication and success of cyber-attacks against critical IT infrastructure, such as the Smart Grid, the urgent need for advanced cybersecurity solutions is clearly evident. This paper presents a security information analytics (SIA) framework, using various data analytics methods to detect anomalies in metered data, that may indicate attacks. The implementation of the SIA tool has been applied to a live micro-grid test-bed for the modeling of normal behaviour and for performance analysis. Furthermore, the framework is scalable, allowing additional analysis tools and resilient control solutions to be incorporated, further enhancing the reliability of the system. Keywords–Cyber-physical systems; Intrusion detection; Cybersecurity
Operational Data Based Intrusion Detection System for Smart Grid
2019
With the rapid progression of Information and Communication Technology (ICT) and especially of Internet of Things (IoT), the conventional electrical grid is transformed into a new intelligent paradigm, known as Smart Grid (SG). SG provides significant benefits both for utility companies and energy consumers such as the two-way communication (both electricity and information), distributed generation, remote monitoring, self-healing and pervasive control. However, at the same time, this dependence introduces new security challenges, since SG inherits the vulnerabilities of multiple heterogeneous, co-existing legacy and smart technologies, such as IoT and Industrial Control Systems (ICS). An effective countermeasure against the various cyberthreats in SG is the Intrusion Detection System (IDS), informing the operator timely about the possible cyberattacks and anomalies. In this paper, we provide an anomaly-based IDS especially designed for SG utilising operational data from a real power plant. In particular, many machine learning and deep learning models were deployed, introducing novel parameters and feature representations in a comparative study. The evaluation analysis demonstrated the efficacy of the proposed IDS and the improvement due to the suggested complex data representation.
Smart Grid Cyber Attacks Detection Using Supervised Learning and Heuristic Feature Selection
2019 IEEE 7th International Conference on Smart Energy Grid Engineering (SEGE)
False Data Injection (FDI) attacks are a common form of Cyber-attack targetting smart grids. Detection of stealthy FDI attacks is impossible by the current bad data detection systems. Machine learning is one of the alternative methods proposed to detect FDI attacks. This paper analyzes three various supervised learning techniques, each to be used with three different feature selection (FS) techniques. These methods are tested on the IEEE 14-bus, 57-bus, and 118-bus systems for evaluation of versatility. Accuracy of the classification is used as the main evaluation method for each detection technique. Simulation study clarify the supervised learning combined with heuristic FS methods result in an improved performance of the classification algorithms for FDI attack detection.
An efficient Intrusion Detection System against cyber-physical attacks in the smart grid
Computers & Electrical Engineering, 2018
Without robust security mechanisms, the smart grid remains vulnerable to many attacks that can cause serious damages. Since state estimation is a critical entity to monitor and control electricity production and distribution, intruders are more attracted by this entity in order to disrupt the smart grid reliability. In this context, we propose an Intrusion Detection System (IDS) architecture to detect lethal attacks with a focus on two smart grid security issues: (i) Firstly, against integrity issue with price manipulation attack, we propose a Cumulative Sum (CUSUM) algorithm that detects this attack even with granular price changes; (ii) Secondly, the availability issue with Denial of Service (DoS) attack against which we develop an efficient method to monitor and detect any misbehaving node. Performance evaluations show the robustness of the proposed IDS system compared to existing mechanisms. The achieved detection rate is above 95% and the false positive rate is below 5%.
International Journal of Critical Infrastructure Protection, 2022
The smart grid has gained a reputation as the advanced paradigm of the power grid. It is a complicated cyber-physical system that combines information and communication technology (ICT) with a traditional grid that can remotely control operations. It provides the medium for exchanging real-time data between the company and users through the advanced metering infrastructure (AMI) and smart meters. However, smart grids have many security and privacy concerns, such as intruding sensitive data, firmware hijacking, and modifying data due to the high reliance on ICT. To protect the power-grid system from these counteracts and for reliable and efficient power distribution, early and accurate identification of these issues needs to be addressed. The intrusion detection in a smart grid system plays an essential role in providing a secure service and transmitting the high priority alert message to the system admin about the detection of adversary attacks. This paper proposes an intelligent intrusion detection scheme to accurately classify various attacks on smart power grid systems. The proposed scheme used the binary grey wolf optimization-based feature selection. It optimized the ensemble classification approach to learn the non-linear, overlapping, and complex electrical grid features taken from publicly available Mississippi State University and Oak Ridge National Laboratory (MSU-ORNL) dataset. The experimental results using a 10-fold cross-validation setup and selected feature subset for two class and three class problems reveal the proposed method's promising performance. Further, the significantly superior performance compared to the existing benchmark methods justified the robustness of the proposed scheme.
A Characterisation of Smart Grid DoS Attacks
Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
Traditional power grids are evolving to keep pace with the demands of the modern age. Smart grids contain integrated IT systems for better management and efficiency, but in doing so, also inherit a plethora of cyber-security threats and vulnerabilities. Denial-of-Service (DoS) is one such threat. At the same time, the smart grid has particular characteristics (e.g. minimal delay tolerance), which can influence the nature of threats and so require special consideration. In this paper, we identify a set of possible smart grid-specific DoS scenarios based on current research, and analyse them in the context of the grid components they target. Based on this, we propose a novel target-based classification scheme and further characterise each scenario by qualitatively exploring it in the context of the underlying grid infrastructure. This culminates in a smart grid-centric analysis of the threat to reveal the nature of DoS in this environment.
Applied Sciences
Advancement in network technology has vastly increased the usage of the Internet. Consequently, there has been a rise in traffic volume and data sharing. This has made securing a network from sophisticated intrusion attacks very important to preserve users’ information and privacy. Our research focuses on combating and detecting intrusion attacks and preserving the integrity of online systems. In our research we first create a benchmark model for detecting intrusions and then employ various combinations of feature selection techniques based upon ensemble machine learning algorithms to improve the performance of the intrusion detection system. The performance of our model was investigated using three evaluation metrics namely: elimination time, accuracy and F1-score. The results of the experiment indicated that the random forest feature selection technique had the minimum elimination time, whereas the support vector machine model had the best accuracy and F1-score. Therefore, conclus...