TY - GEN
T1 - Towards Robust Power Grid Attack Protection using LightGBM with Concept Drift Detection and Retraining
AU - Agrawal, Anand
AU - Sazos, Marios
AU - Al Durra, Ahmed
AU - Maniatakos, Michail
N1 - Publisher Copyright:
© 2020 ACM.
PY - 2020/11/9
Y1 - 2020/11/9
N2 - In existing literature, various machine learning models have been applied to detect cyber attacks on the power grid. None of them, however, consider the degradation of the model over time due to the distributed and dynamic nature of the power system. At the same time, they also fail to recognize natural events, such as line maintenance, since they are based on binary classification (attack/no attack). In an effort to develop a cyber security protection strategy that will work robustly for an extended period of time, we develop a methodology based on the LightGBM framework, which performs well for a) Training for multi-class events (no attack/natural event/attack), and b) Fast, dynamic retraining with concept drift detection. We use an ensemble learning-based classifier for classifying the events generated through our Real Time Digital Simulatorwith commercial devices in a Hardware-in-The-Loop setup. The proposed novel classification model outperforms binary classifier-based approaches, resulting in an over 97% effectiveness with the inclusion of concept drift detection and retraining.
AB - In existing literature, various machine learning models have been applied to detect cyber attacks on the power grid. None of them, however, consider the degradation of the model over time due to the distributed and dynamic nature of the power system. At the same time, they also fail to recognize natural events, such as line maintenance, since they are based on binary classification (attack/no attack). In an effort to develop a cyber security protection strategy that will work robustly for an extended period of time, we develop a methodology based on the LightGBM framework, which performs well for a) Training for multi-class events (no attack/natural event/attack), and b) Fast, dynamic retraining with concept drift detection. We use an ensemble learning-based classifier for classifying the events generated through our Real Time Digital Simulatorwith commercial devices in a Hardware-in-The-Loop setup. The proposed novel classification model outperforms binary classifier-based approaches, resulting in an over 97% effectiveness with the inclusion of concept drift detection and retraining.
KW - concept drift
KW - cyber attack
KW - hardware-in-The-loop
KW - lightgbm
KW - power grid
UR - http://www.scopus.com/inward/record.url?scp=85096831351&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85096831351&partnerID=8YFLogxK
U2 - 10.1145/3411498.3419964
DO - 10.1145/3411498.3419964
M3 - Conference contribution
AN - SCOPUS:85096831351
T3 - CPSIOTSEC 2020 - Proceedings of the 2020 Joint Workshop on CPS and IoT Security and Privacy
SP - 31
EP - 36
BT - CPSIOTSEC 2020 - Proceedings of the 2020 Joint Workshop on CPS and IoT Security and Privacy
PB - Association for Computing Machinery, Inc
T2 - 2020 Joint Workshop on CPS and IoT Security and Privacy, CPSIOTSEC 2020
Y2 - 9 November 2020
ER -