Anomaly Detection for Power Grid Based on Network Flow

  • Lizong Zhang
  • Xiang Shen
  • Fengming Zhang
  • Minghui Ren
  • Bo LiEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11344)


As an important part of the national infrastructure, the power grid is facing more and more network security threats in the process of turning from traditional relative closure to informationization and networking. Therefore, it is necessary to develop effective anomaly detection methods to resist various threats. However, the current methods mostly use each packet in the network as the detection object, ignore the overall timing pattern of the network, cannot detect some advanced behavior attacks. In this paper, we introduce the concept of network flow, which consists of the same end-to-end network packets, besides the network flow fragmentation divides the network flow into pieces at regular intervals. We also propose a network flow anomaly detection method based on density clustering, which uses bidirectional flow statistics as features. The experimental result demonstrate that the methodology has excellent detection effect on large-scale malicious traffic and injection attacks.


Power grid Anomaly detection Network flow Density cluster 


  1. 1.
    Fang, X., Misra, S., Xue, G., et al.: Smart grid — the new and improved power grid: a survey. IEEE Commun. Surv. Tutorials 14(4), 944–980 (2012)CrossRefGoogle Scholar
  2. 2.
    E-ISAC, SANS ICS: Analysis of the Cyber Attack on the Ukrainian Power Grid, p4, 18 March 2016.
  3. 3.
    Shang, W., An, P., Wan, M., et al.: Summary of research and development of industrial control system intrusion detection technology. Appl. Res. Comput. 34(2), 328–333 (2017)Google Scholar
  4. 4.
    Khalili, A., Sami, A.: SysDetect: a systematic approach to critical state determination for Industrial intrusion detection systems using Apriori algorithm. J. Process Control 32(11), 154–160 (2015)CrossRefGoogle Scholar
  5. 5.
    Choi, S., Chang, Y., Yun, J.H., et al.: Traffic-Locality-Based Creation of Flow Whitelists for SCADA Networks (2015)Google Scholar
  6. 6.
    Yang, D., Usynin, A., Hines, J.W.: Anomaly-based intrusion detection for SCADA systems (2005)Google Scholar
  7. 7.
    Mo, Y., Chabukswar, R., Sinopoli, B.: Detecting integrity attacks on SCADA systems. IEEE Trans. Control Syst. Technol. 44(1), 11239–11244 (2011)Google Scholar
  8. 8.
    Zhang, Y., Tong, W., Zhao, Y.: Improvement of CUSUM anomaly detection algorithm and application in industrial control intrusion detection system. Metallurgical Industry Automation (2014)Google Scholar
  9. 9.
    Guo, S., Wu, M., Wang, C.: Symbolic execution of programmable logic controller code. In: ACM SIGSOFT Symposium on the Foundations of Software Engineering. ACM (2017)Google Scholar
  10. 10.
    Stephen, M., et al.: A trusted safety verifier for process controller code. In: NDSS Symposium 2014, pp. 1–3, February 2014Google Scholar
  11. 11.
    Zhou, C., Huang, S., Xiong, N., et al.: Design and analysis of multimodel-based anomaly intrusion detection systems in industrial process automation. IEEE Trans. Syst. Man Cybernet. Syst. 45(10), 1345–1360 (2017)CrossRefGoogle Scholar
  12. 12.
    Ponomarev, S., Atkison, T.: Industrial control system network intrusion detection by telemetry analysis. IEEE Trans. Dependable Secure Comput. 13(2), 252–260 (2016)CrossRefGoogle Scholar
  13. 13.
    Macdermott, A., Shi, Q., Merabti, M., et al.: Intrusion detection for critical infrastructure protection. In: The 13th Post Graduate Symposium on the Convergence of Telecommunications, Networking and Broadcasting (PGNet 2012) (2012)Google Scholar
  14. 14.
    Zhou, Z.: Machine Learning. Tsinghua University Press, Beijing (2016)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Lizong Zhang
    • 1
  • Xiang Shen
    • 1
  • Fengming Zhang
    • 1
  • Minghui Ren
    • 1
  • Bo Li
    • 2
    Email author
  1. 1.State Grid Shaoxing Power Supply CompanyZhejiangChina
  2. 2.School of Computer Science and EngineeringBeihang UniversityBeijingChina

Personalised recommendations