Two-tier data-driven intrusion detection for automatic generation control in smart grid

Muhammad Qasim Ali, Reza Yousefian, Ehab Al-Shaer, Sukumar Kamalasadan, Quanyan Zhu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Legacy energy infrastructures are being replaced by modern smart grids. Smart grids provide bi-directional communications for the purpose of efficient energy and load management. In addition, energy generation is adjusted based on the load feedback. However, due to the dependency on the cyber infrastructure for load monitoring and reporting, generation control is inherently vulnerable to attacks. Recent studies have shown that the possibility of data integrity attacks on the generation control can significantly disrupt the energy system. In this work, we present simple yet effective data-driven two-tier intrusion detection system for automatic generation control (AGC). The first tier is a short-term adaptive predictor for system variables, such as load and area control error (ACE). The first tier provides a real-time measurement predictor that adapts to the underlying changing behavior of these system variables, and flags out the abnormal behavior in these variables independently. The second tier provides deep state inspection to investigate the presence of anomalies by incorporating the overall system variable correlation using Markov models. Moreover, we expand our second tier inspection to include multi-AGC environment where a behavior of one AGC is validated against the behavior of the interconnected AGC. The combination of tier-1 light-weight prediction and tier-2 offline deep state inspection offers a great advantage to balance accuracy and real-time requirements of intrusion detection for AGC environment. Our results show high detection accuracy (95%) under different multi-attack scenarios. Second tier successfully verified all the injected intrusions.

Original languageEnglish (US)
Title of host publication2014 IEEE Conference on Communications and Network Security, CNS 2014
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages292-300
Number of pages9
ISBN (Print)9781479958900
DOIs
StatePublished - Dec 23 2014
Event2014 IEEE Conference on Communications and Network Security, CNS 2014 - San Francisco, United States
Duration: Oct 29 2014Oct 31 2014

Other

Other2014 IEEE Conference on Communications and Network Security, CNS 2014
CountryUnited States
CitySan Francisco
Period10/29/1410/31/14

Fingerprint

Intrusion detection
Inspection
Time measurement
Feedback
Monitoring
Communication

ASJC Scopus subject areas

  • Computer Networks and Communications

Cite this

Ali, M. Q., Yousefian, R., Al-Shaer, E., Kamalasadan, S., & Zhu, Q. (2014). Two-tier data-driven intrusion detection for automatic generation control in smart grid. In 2014 IEEE Conference on Communications and Network Security, CNS 2014 (pp. 292-300). [6997497] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CNS.2014.6997497

Two-tier data-driven intrusion detection for automatic generation control in smart grid. / Ali, Muhammad Qasim; Yousefian, Reza; Al-Shaer, Ehab; Kamalasadan, Sukumar; Zhu, Quanyan.

2014 IEEE Conference on Communications and Network Security, CNS 2014. Institute of Electrical and Electronics Engineers Inc., 2014. p. 292-300 6997497.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Ali, MQ, Yousefian, R, Al-Shaer, E, Kamalasadan, S & Zhu, Q 2014, Two-tier data-driven intrusion detection for automatic generation control in smart grid. in 2014 IEEE Conference on Communications and Network Security, CNS 2014., 6997497, Institute of Electrical and Electronics Engineers Inc., pp. 292-300, 2014 IEEE Conference on Communications and Network Security, CNS 2014, San Francisco, United States, 10/29/14. https://doi.org/10.1109/CNS.2014.6997497
Ali MQ, Yousefian R, Al-Shaer E, Kamalasadan S, Zhu Q. Two-tier data-driven intrusion detection for automatic generation control in smart grid. In 2014 IEEE Conference on Communications and Network Security, CNS 2014. Institute of Electrical and Electronics Engineers Inc. 2014. p. 292-300. 6997497 https://doi.org/10.1109/CNS.2014.6997497
Ali, Muhammad Qasim ; Yousefian, Reza ; Al-Shaer, Ehab ; Kamalasadan, Sukumar ; Zhu, Quanyan. / Two-tier data-driven intrusion detection for automatic generation control in smart grid. 2014 IEEE Conference on Communications and Network Security, CNS 2014. Institute of Electrical and Electronics Engineers Inc., 2014. pp. 292-300
@inproceedings{249507a26e7949239f0dbb753d5fbaf6,
title = "Two-tier data-driven intrusion detection for automatic generation control in smart grid",
abstract = "Legacy energy infrastructures are being replaced by modern smart grids. Smart grids provide bi-directional communications for the purpose of efficient energy and load management. In addition, energy generation is adjusted based on the load feedback. However, due to the dependency on the cyber infrastructure for load monitoring and reporting, generation control is inherently vulnerable to attacks. Recent studies have shown that the possibility of data integrity attacks on the generation control can significantly disrupt the energy system. In this work, we present simple yet effective data-driven two-tier intrusion detection system for automatic generation control (AGC). The first tier is a short-term adaptive predictor for system variables, such as load and area control error (ACE). The first tier provides a real-time measurement predictor that adapts to the underlying changing behavior of these system variables, and flags out the abnormal behavior in these variables independently. The second tier provides deep state inspection to investigate the presence of anomalies by incorporating the overall system variable correlation using Markov models. Moreover, we expand our second tier inspection to include multi-AGC environment where a behavior of one AGC is validated against the behavior of the interconnected AGC. The combination of tier-1 light-weight prediction and tier-2 offline deep state inspection offers a great advantage to balance accuracy and real-time requirements of intrusion detection for AGC environment. Our results show high detection accuracy (95{\%}) under different multi-attack scenarios. Second tier successfully verified all the injected intrusions.",
author = "Ali, {Muhammad Qasim} and Reza Yousefian and Ehab Al-Shaer and Sukumar Kamalasadan and Quanyan Zhu",
year = "2014",
month = "12",
day = "23",
doi = "10.1109/CNS.2014.6997497",
language = "English (US)",
isbn = "9781479958900",
pages = "292--300",
booktitle = "2014 IEEE Conference on Communications and Network Security, CNS 2014",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - GEN

T1 - Two-tier data-driven intrusion detection for automatic generation control in smart grid

AU - Ali, Muhammad Qasim

AU - Yousefian, Reza

AU - Al-Shaer, Ehab

AU - Kamalasadan, Sukumar

AU - Zhu, Quanyan

PY - 2014/12/23

Y1 - 2014/12/23

N2 - Legacy energy infrastructures are being replaced by modern smart grids. Smart grids provide bi-directional communications for the purpose of efficient energy and load management. In addition, energy generation is adjusted based on the load feedback. However, due to the dependency on the cyber infrastructure for load monitoring and reporting, generation control is inherently vulnerable to attacks. Recent studies have shown that the possibility of data integrity attacks on the generation control can significantly disrupt the energy system. In this work, we present simple yet effective data-driven two-tier intrusion detection system for automatic generation control (AGC). The first tier is a short-term adaptive predictor for system variables, such as load and area control error (ACE). The first tier provides a real-time measurement predictor that adapts to the underlying changing behavior of these system variables, and flags out the abnormal behavior in these variables independently. The second tier provides deep state inspection to investigate the presence of anomalies by incorporating the overall system variable correlation using Markov models. Moreover, we expand our second tier inspection to include multi-AGC environment where a behavior of one AGC is validated against the behavior of the interconnected AGC. The combination of tier-1 light-weight prediction and tier-2 offline deep state inspection offers a great advantage to balance accuracy and real-time requirements of intrusion detection for AGC environment. Our results show high detection accuracy (95%) under different multi-attack scenarios. Second tier successfully verified all the injected intrusions.

AB - Legacy energy infrastructures are being replaced by modern smart grids. Smart grids provide bi-directional communications for the purpose of efficient energy and load management. In addition, energy generation is adjusted based on the load feedback. However, due to the dependency on the cyber infrastructure for load monitoring and reporting, generation control is inherently vulnerable to attacks. Recent studies have shown that the possibility of data integrity attacks on the generation control can significantly disrupt the energy system. In this work, we present simple yet effective data-driven two-tier intrusion detection system for automatic generation control (AGC). The first tier is a short-term adaptive predictor for system variables, such as load and area control error (ACE). The first tier provides a real-time measurement predictor that adapts to the underlying changing behavior of these system variables, and flags out the abnormal behavior in these variables independently. The second tier provides deep state inspection to investigate the presence of anomalies by incorporating the overall system variable correlation using Markov models. Moreover, we expand our second tier inspection to include multi-AGC environment where a behavior of one AGC is validated against the behavior of the interconnected AGC. The combination of tier-1 light-weight prediction and tier-2 offline deep state inspection offers a great advantage to balance accuracy and real-time requirements of intrusion detection for AGC environment. Our results show high detection accuracy (95%) under different multi-attack scenarios. Second tier successfully verified all the injected intrusions.

UR - http://www.scopus.com/inward/record.url?scp=84921532176&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84921532176&partnerID=8YFLogxK

U2 - 10.1109/CNS.2014.6997497

DO - 10.1109/CNS.2014.6997497

M3 - Conference contribution

AN - SCOPUS:84921532176

SN - 9781479958900

SP - 292

EP - 300

BT - 2014 IEEE Conference on Communications and Network Security, CNS 2014

PB - Institute of Electrical and Electronics Engineers Inc.

ER -