Abstract
Modern power systems are continuously exposed to malicious cyber-attacks. Analyzing industrial control system (ICS) traffic data plays a central role in detecting and defending against cyber-attacks. Detection approaches based on system modeling require effectively modeling the complex behavior of the critical infrastructures, which remains a challenge, especially for large-scale systems. Alternatively, data-driven approaches which rely on data collected from the inspected system have become appealing due to the availability of big data that supports machine learning methods to achieve outstanding performance. This chapter presents an enhanced cyber-attack detection strategy using unlabeled data for ICS traffic monitoring and detecting suspicious data transmissions. Importantly, we designed two semi-supervised hybrid deep learning-based anomaly detection methods for intrusion detection in ICS traffic of smart grid. The first approach is a Gated recurrent unit (GRU)-based stacked autoencoder (AE-GRU), and the second is constructed using a generative adversarial network (GAN) model with a recurrent neural network (RNN) for both generator and discriminator that we called GAN-RNN. The employment of GRU and RNN in AE and GAN models is expected to improve the ability of these models to learn the temporal dependencies of multivariate data. These models are used for feature extraction and anomaly detection methods (Isolation forest, Local outlier factor, One-Class SVM, and Elliptical Envelope) for cyber-attack in power systems. These approaches only employ normal events data for training without labeled attack types, making them more attractive for detecting cyber-attack in practice. The detection performance of these approaches is demonstrated on IEC 60870-5-104 (aka IEC 104) control communication that is often utilized for substation control in smart grids. Results showed that GAN-GRU and AE-GRU-based LOF methods achieved enhanced detection with an averaged F1-score of 0.98, among others.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
W. Wang, Z. Lu, Cyber security in the smart grid: survey and challenges. Comput. Netw. 57(5), 1344–1371 (2013)
M.Z. Gunduz, R. Das, Cyber-security on smart grid: threats and potential solutions. Comput. Netw. 169, 107094 (2020)
R. Leszczyna, A review of standards with cybersecurity requirements for smart grid. Comput. Secur. 77, 262–276 (2018)
R.K. Pandey, M. Misra, Cyber security threats-smart grid infrastructure, in National Power Systems Conference (NPSC), vol. 2016 (IEEE, 2016), pp. 1–6
A. Teymouri, A. Mehrizi-Sani, C.-C. Liu, Cyber security risk assessment of solar pv units with reactive power capability, in IECON 2018-44th Annual Conference of the IEEE Industrial Electronics Society (IEEE, 2018), pp. 2872–2877
W. Wang, F. Harrou, B. Bouyeddou, S.-M. Senouci, Y. Sun, A stacked deep learning approach to cyber-attacks detection in industrial systems: application to power system and gas pipeline systems. Clust. Comput. 25(1), 561–578 (2022)
M. Stănculescu, S. Deleanu, P.C. Andrei, H. Andrei, A case study of an industrial power plant under cyberattack: simulation and analysis. Energies 14(9), 2568 (2021)
A.A.Z. Khan, G. Serpen, Intrusion detection and identification system design and performance evaluation for industrial scada networks (2020), arXiv preprint arXiv:2012.09707
J.R. Vacca, Cyber Security and IT Infrastructure Protection. Syngress (2013)
M. Touhiduzzaman, S.N.G. Gourisetti, C. Eppinger, A. Somani, A review of cybersecurity risk and consequences for critical infrastructure. 2019 Resilience Week (RWS) 1, 7–13 (2019)
J. Jiang, X. Zhao, S. Wallace, E. Cotilla-Sanchez, R. Bass, Mining pmu data streams to improve electric power system resilience, in Proceedings of the Fourth IEEE/ACM International Conference on Big Data Computing, Applications and Technologies (2017), pp. 95–102
C. Konstantinou, M. Sazos, M. Maniatakos, Attacking the smart grid using public information, in 17th Latin-American Test Symposium (LATS), vol. 2016. (IEEE, 2016), pp. 105–110
S. Basumallik, R. Ma, S. Eftekharnejad, Packet-data anomaly detection in pmu-based state estimator using convolutional neural network. Int. J. Electrical Power Energy Syst. 107, 690–702 (2019)
W. Wang, F. Harrou, B. Bouyeddou, S.-M. Senouci, Y. Sun, Cyber-attacks detection in industrial systems using artificial intelligence-driven methods. Int. J. Critic. Infrastruct. Protect. 100542 (2022)
A. Walker, J. Desai, D. Saleem, T. Gunda, Cybersecurity in Photovoltaic Plant Operations, National Renewable Energy Lab (NREL), Golden, CO (United States), Technical Report, 2021)
J. Ye, A. Giani, A. Elasser, S.K. Mazumder, C. Farnell, H.A. Mantooth, T. Kim, J. Liu, B. Chen, G.-S. Seo et al., A review of cyber-physical security for photovoltaic systems (IEEE J. Emerg. Select, Topics Power Electron, 2021)
C.-C. Sun, A. Hahn, C.-C. Liu, Cyber security of a power grid: state-of-the-art. Int. J. Electr. Power Energy Syst. 99, 45–56 (2018)
Z. El Mrabet, N. Kaabouch, H. El Ghazi, H. El Ghazi, Cyber-security in smart grid: survey and challenges. Comput. Electr. Eng. 67, 469–482 (2018)
F. Nejabatkhah, Y.W. Li, H. Liang, and R. Reza Ahrabi, Cyber-security of smart microgrids: a survey. Energies 14(1), 27 (2020)
Y. Zhang, L. Wang, Z. Liu, W. Wei, A cyber-insurance scheme for water distribution systems considering malicious cyberattacks. IEEE Trans. Inf. Forens. Secur. 16, 1855–1867 (2020)
A. Giani, E. Bitar, M. Garcia, M. McQueen, P. Khargonekar, K. Poolla, Smart grid data integrity attacks: characterizations and countermeasures \(\pi \), in 2011 IEEE International Conference on Smart Grid Communications (SmartGridComm) (IEEE, 2011), pp. 232–237
D. An, Q. Yang, W. Liu, Y. Zhang, Defending against data integrity attacks in smart grid: A deep reinforcement learning-based approach. IEEE Access 7, 110 835–110 845 (2019)
P. Srikantha, D. Kundur, Denial of service attacks and mitigation for stability in cyber-enabled power grid, in IEEE Power and Energy Society Innovative Smart Grid Technologies Conference (ISGT), vol. 2015 (IEEE, 2015), pp. 1–5
M.Z. Gunduz, R. Das, Analysis of cyber-attacks on smart grid applications, in 2018 International Conference on Artificial Intelligence and Data Processing (IDAP) (IEEE, 2018), pp. 1–5
A. Huseinovic, S. Mrdovic, K. Bicakci, S. Uludag, A taxonomy of the emerging denial-of-service attacks in the smart grid and countermeasures, in 26th Telecommunications Forum (TELFOR), vol. 2018 (IEEE, 2018), pp. 1–4
Z. Lu, X. Lu, W. Wang, C. Wang, Review and evaluation of security threats on the communication networks in the smart grid, in 2010-Milcom, Military Communications Conference, vol. 2010 (IEEE, 2010), pp. 1830–1835
S.A. Yadav, S.R. Kumar, S. Sharma, A. Singh, A review of possibilities and solutions of cyber attacks in smart grids, in 2016 International Conference on Innovation and Challenges in Cyber Security (ICICCS-INBUSH) (IEEE, 2016), pp. 60–63
M. Caselli, E. Zambon, F. Kargl, Sequence-aware intrusion detection in industrial control systems, in Proceedings of the 1st ACM Workshop on Cyber-Physical System Security (2015), pp. 13–24
H. Yoo, T. Shon, Novel approach for detecting network anomalies for substation automation based on iec 61850. Multimedia Tools Appl. 74(1), 303–318 (2015)
P. Maynard, K. McLaughlin, B. Haberler, Towards understanding man-in-the-middle attacks on iec 60870-5-104 scada networks, in 2nd International Symposium for ICS and SCADA Cyber Security Research 2014 (ICS-CSR 2014) 2 (2014), pp. 30–42
P. Matoušek, O. Ryšavỳ, M. Grégr, V. Havlena, Flow based monitoring of ics communication in the smart grid. J. Inf. Secur. Appl. 54, 102535 (2020)
J. Jarmakiewicz, K. Parobczak, K. Maślanka, Cybersecurity protection for power grid control infrastructures. Int. J. Crit. Infrastruct. Prot. 18, 20–33 (2017)
J. Hong, C.-C. Liu, M. Govindarasu, Integrated anomaly detection for cyber security of the substations. IEEE Trans. Smart Grid 5(4), 1643–1653 (2014)
A. Valdes, S. Cheung, “Communication pattern anomaly detection in process control systems, in 2009 IEEE Conference on Technologies for Homeland Security (IEEE, 2009), pp. 22–29
Y. Yang, K. McLaughlin, T. Littler, S. Sezer, B. Pranggono, H. Wang, Intrusion detection system for iec 60870-5-104 based scada networks, in IEEE Power and Energy Society General Meeting, vol. 2013 (IEEE, 2013), 1–5
C.-Y. Lin, S. Nadjm-Tehrani, Understanding iec-60870-5-104 traffic patterns in scada networks, in Proceedings of the 4th ACM Workshop on Cyber-Physical System Security (2018), pp. 51–60
A. Kleinmann, A. Wool, Automatic construction of statechart-based anomaly detection models for multi-threaded scada via spectral analysis, in Proceedings of the 2nd ACM Workshop on Cyber-Physical Systems Security and Privacy (2016), pp. 1–12
S. Shukla, S. Thakur, J.G. Breslin, Anomaly detection in smart grid network using fc-based blockchain model and linear svm, in International Conference on Machine Learning, Optimization, and Data Science (Springer, 2021), pp. 157–171
F. Harrou, Y. Sun, A.S. Hering, M. Madakyaru, A. Dairi, Unsupervised deep learning-based process monitoring methods, in Statistical Process Monitoring Using Advanced Data-Driven and Deep Learning Approaches (Elsevier, 2021), pp. 193–223
A. Dairi, F. Harrou, Y. Sun, M. Senouci, Obstacle detection for intelligent transportation systems using deep stacked autoencoder and \(k\)-nearest neighbor scheme. IEEE Sens. J. 18(12), 5122–5132 (2018)
A. Dairi, F. Harrou, M. Senouci, Y. Sun, Unsupervised obstacle detection in driving environments using deep-learning-based stereovision. Robot. Auton. Syst. 100, 287–301 (2018)
D. Charte, F. Charte, S. García, M.J. del Jesus, F. Herrera, A practical tutorial on autoencoders for nonlinear feature fusion: taxonomy, models, software and guidelines. Inf. Fus. 44, 78–96 (2018)
S. Hochreiter, J. Schmidhuber, Long short-term memory. Neural Comput. 9(8), 1735–1780 (1997)
F. Harrou, F. Kadri, Y. Sun, Forecasting of photovoltaic solar power production using lstm approach, in Advanced Statistical Modeling, Forecasting, and Fault Detection in Renewable Energy Systems (2020), p. 3
A. Zeroual, F. Harrou, A. Dairi, Y. Sun, Deep learning methods for forecasting covid-19 time-series data: a comparative study. Chaos, Solitons Fractals 140, 110121 (2020)
A. Creswell, T. White, V. Dumoulin, K. Arulkumaran, B. Sengupta, A.A. Bharath, Generative adversarial networks: an overview. IEEE Signal Process. Mag. 35(1), 53–65 (2018)
L. Zhu, Y. Chen, P. Ghamisi, J.A. Benediktsson, Generative adversarial networks for hyperspectral image classification. IEEE Trans. Geosci. Remote Sens. 56(9), 5046–5063 (2018)
I. Goodfellow, J. Pouget-Abadie, M. Mirza, B. Xu, D. Warde-Farley, S. Ozair, A. Courville, Y. Bengio, Generative adversarial networks. Commun. ACM 63(11), 139–144 (2020)
F. Kadri, A. Dairi, F. Harrou, Y. Sun, Towards accurate prediction of patient length of stay at emergency department: a gan-driven deep learning framework. J. Ambient Intell. Human. Comput. 1–15 (2022)
R.R.R. Barbosa, R. Sadre, A. Pras, Towards periodicity based anomaly detection in scada networks, in Proceedings of 2012 IEEE 17th International Conference on Emerging Technologies and Factory Automation (ETFA 2012) (IEEE, 2012), pp. 1–4
H.J. Shin, D.-H. Eom, S.-S. Kim, One-class support vector machines-an application in machine fault detection and classification. Comput. Ind. Eng. 48(2), 395–408 (2005)
F. Harrou, N. Zerrouki, A. Dairi, Y. Sun, A. Houacine, Automatic human fall detection using multiple tri-axial accelerometers, in 2021 International Conference on Innovation and Intelligence for Informatics, Computing, and Technologies (3ICT) (2021), pp. 74–78
B. Schölkopf, J.C. Platt, J. Shawe-Taylor, A.J. Smola, R.C. Williamson, Estimating the support of a high-dimensional distribution. Neural Comput. 13(7), 1443–1471 (2001)
F. Harrou, N. Zerrouki, A. Dairi, Y. Sun, A. Houacine, Automatic human fall detection using multiple tri-axial accelerometers, in 2021 International Conference on Innovation and Intelligence for Informatics, Computing, and Technologies (3ICT) (IEEE, 2021), pp. 74–78
A. Dairi, F. Harrou, Y. Sun, Deep generative learning-based 1-svm detectors for unsupervised covid-19 infection detection using blood tests. IEEE Trans. Instrum. Meas. 71, 1–11 (2021)
F. Harrou, A. Dairi, B. Taghezouit, Y. Sun, An unsupervised monitoring procedure for detecting anomalies in photovoltaic systems using a one-class support vector machine. Sol. Energy 179, 48–58 (2019)
F.T. Liu, K.M. Ting, Z.-H. Zhou, Isolation forest, in Eighth IEEE International Conference on Data Mining, vol. 2008 (IEEE, 2008), pp. 413–422
F.T. Liu, K.M. Ting, Z.-H. Zhou, Isolation-based anomaly detection. ACM Trans. Knowl. Discov. Data (TKDD) 6(1), 1–39 (2012)
L. Breiman, Random forests. Mach. Learn. 45(1), 5–32 (2001)
P.J. Rousseeuw, K.V. Driessen, A fast algorithm for the minimum covariance determinant estimator. Technometrics 41(3), 212–223 (1999)
M.M. Breunig, H.-P. Kriegel, R.T. Ng, J. Sander, Lof: identifying density-based local outliers,” in Proceedings of the 2000 ACM SIGMOD International Conference on Management of Data (2000), pp. 93–104
C.-Y. Lin, S. Nadjm-Tehrani, A comparative analysis of emulated and real iec-104 spontaneous traffic in power system networks, in International Workshop on Cyber-Physical Security for Critical Infrastructures Protection (Springer, 2020), pp. 207–223
G. Clarke, D. Reynders, E. Wright, Practical modern SCADA protocols: DNP3, 60870.5 and related systems. Newnes (2004)
F. Harrou, B. Khaldi, Y. Sun, F. Cherif, An efficient statistical strategy to monitor a robot swarm. IEEE Sens. J. 20(4), 2214–2223 (2019)
D.M. Powers, Evaluation: from precision, recall and f-measure to roc, informedness, markedness and correlation (2020), arXiv preprint arXiv:2010.16061
P. Matoušek, O. Ryšavý, P. Grofčík, ICS dataset for smart grid anomaly detection (2022). https://dx.doi.org/10.21227/1trw-n685
P. Matoušek, V. Havlena, L. Holík, Efficient modelling of ics communication for anomaly detection using probabilistic automata, in IFIP/IEEE International Symposium on Integrated Network Management (IM), vol. 2021 (IEEE, 2021), pp. 81–89
A. Dairi, F. Harrou, Y. Sun, S. Khadraoui, Short-term forecasting of photovoltaic solar power production using variational auto-encoder driven deep learning approach. Appl. Sci. 10(23), 8400 (2020)
F. Harrou, Y. Sun, A.S. Hering, M. Madakyaru et al., Statistical Process Monitoring Using Advanced Data-Driven and Deep Learning Approaches: Theory and Practical Applications (Elsevier, 2020)
Acknowledgements
This publication is based upon work supported by King Abdullah University of Science and Technology (KAUST), Office of Sponsored Research (OSR) under Award No: OSR-2019-CRG7-3800.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Dairi, A., Harrou, F., Bouyeddou, B., Senouci, SM., Sun, Y. (2023). Semi-supervised Deep Learning-Driven Anomaly Detection Schemes for Cyber-Attack Detection in Smart Grids. In: Haes Alhelou, H., Hatziargyriou, N., Dong, Z.Y. (eds) Power Systems Cybersecurity. Power Systems. Springer, Cham. https://doi.org/10.1007/978-3-031-20360-2_11
Download citation
DOI: https://doi.org/10.1007/978-3-031-20360-2_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-20359-6
Online ISBN: 978-3-031-20360-2
eBook Packages: EnergyEnergy (R0)