TY - GEN
T1 - Two-tier data-driven intrusion detection for automatic generation control in smart grid
AU - Ali, Muhammad Qasim
AU - Yousefian, Reza
AU - Al-Shaer, Ehab
AU - Kamalasadan, Sukumar
AU - Zhu, Quanyan
N1 - Publisher Copyright:
© 2014 IEEE.
PY - 2014/12/23
Y1 - 2014/12/23
N2 - Legacy energy infrastructures are being replaced by modern smart grids. Smart grids provide bi-directional communications for the purpose of efficient energy and load management. In addition, energy generation is adjusted based on the load feedback. However, due to the dependency on the cyber infrastructure for load monitoring and reporting, generation control is inherently vulnerable to attacks. Recent studies have shown that the possibility of data integrity attacks on the generation control can significantly disrupt the energy system. In this work, we present simple yet effective data-driven two-tier intrusion detection system for automatic generation control (AGC). The first tier is a short-term adaptive predictor for system variables, such as load and area control error (ACE). The first tier provides a real-time measurement predictor that adapts to the underlying changing behavior of these system variables, and flags out the abnormal behavior in these variables independently. The second tier provides deep state inspection to investigate the presence of anomalies by incorporating the overall system variable correlation using Markov models. Moreover, we expand our second tier inspection to include multi-AGC environment where a behavior of one AGC is validated against the behavior of the interconnected AGC. The combination of tier-1 light-weight prediction and tier-2 offline deep state inspection offers a great advantage to balance accuracy and real-time requirements of intrusion detection for AGC environment. Our results show high detection accuracy (95%) under different multi-attack scenarios. Second tier successfully verified all the injected intrusions.
AB - Legacy energy infrastructures are being replaced by modern smart grids. Smart grids provide bi-directional communications for the purpose of efficient energy and load management. In addition, energy generation is adjusted based on the load feedback. However, due to the dependency on the cyber infrastructure for load monitoring and reporting, generation control is inherently vulnerable to attacks. Recent studies have shown that the possibility of data integrity attacks on the generation control can significantly disrupt the energy system. In this work, we present simple yet effective data-driven two-tier intrusion detection system for automatic generation control (AGC). The first tier is a short-term adaptive predictor for system variables, such as load and area control error (ACE). The first tier provides a real-time measurement predictor that adapts to the underlying changing behavior of these system variables, and flags out the abnormal behavior in these variables independently. The second tier provides deep state inspection to investigate the presence of anomalies by incorporating the overall system variable correlation using Markov models. Moreover, we expand our second tier inspection to include multi-AGC environment where a behavior of one AGC is validated against the behavior of the interconnected AGC. The combination of tier-1 light-weight prediction and tier-2 offline deep state inspection offers a great advantage to balance accuracy and real-time requirements of intrusion detection for AGC environment. Our results show high detection accuracy (95%) under different multi-attack scenarios. Second tier successfully verified all the injected intrusions.
UR - http://www.scopus.com/inward/record.url?scp=84921532176&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84921532176&partnerID=8YFLogxK
U2 - 10.1109/CNS.2014.6997497
DO - 10.1109/CNS.2014.6997497
M3 - Conference contribution
AN - SCOPUS:84921532176
T3 - 2014 IEEE Conference on Communications and Network Security, CNS 2014
SP - 292
EP - 300
BT - 2014 IEEE Conference on Communications and Network Security, CNS 2014
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2014 IEEE Conference on Communications and Network Security, CNS 2014
Y2 - 29 October 2014 through 31 October 2014
ER -