A Cyber-Physical Anomaly Detection for Wide-Area Protection using Machine Learning
ABSTARCT :
Wide-area protection scheme (WAPS) provides system-wide protection by detecting and mitigating small and large-scale disturbances that are difficult to resolve using local protection schemes. As this protection scheme is evolving from a substation-based distributed remedial action scheme (DRAS) to the control center-based centralized RAS (CRAS), it presents severe challenges to their cybersecurity because of its heavy reliance on an insecure grid communication, and its compromise would lead to system failure.This paper presents an architecture and methodology for developing a cyber-physical anomaly detection system (CPADS) that utilizes synchrophasor measurements and properties of network packets to detect data integrity and communication failure attacks on measurement and control signals in CRAS.The proposed machine leaning-based methodology applies a rules-based approach to select relevant input features, utilizes variational mode decomposition (VMD) and decision tree (DT) algorithms to develop multiple classification models, and performs final event identification using a rules-based decision logic. We have evaluated the proposed methodology of CPADS using the IEEE 39 bus system for several performance measures (accuracy, recall, precision, and F-measure) in a cyber-physical testbed environment. Our experimental results reveal that the proposed algorithm (VMD-DT) of CPADS outperforms the existing machine learning classifiers during noisy and noise-free measurements while incurring an acceptable processing overhead.
EXISTING SYSTEM :
? In the case of cyber-attacks against a power system, human judgment is less certain since there is an overt attempt to disguise the attack and deceive the operators as to the true state of the system.
? To enable the human decision maker, we explore the viability of machine learning as a means for discriminating types of power system disturbances, and focus specifically on detecting cyber-attacks where deception is a core tenet of the event.
? We evaluate various machine learning methods as disturbance discriminators and discuss the practical implications for deploying machine learning systems as an enhancement to existing power system architectures.
DISADVANTAGE :
? They have developed a system to identify different types of anomalies in a distribution system.
? They used an artificial neural network based approach to detect abnormal operation behaviors in the system. Further, dimensional reduction techniques such as principal component analysis was used to decompose the real-time monitoring and control data.
? A future direction for this research is to explore classification schemes and learner configuration to more thoroughly address this issue, including the possibility of staging learners for optimum classification performance.
PROPOSED SYSTEM :
• The Chee-Wooi Ten IDS is host-based thus only identifies attacks against a single IED in the substation using sequential events recorded in the log from that IED.
• Another IDS proposed by Chen et al. in provides a protection mechanism for smart household appliances.
• Chen et al. created security rules for individual appliances by proposing homogeneous functions that models three factors of the appliance: device security, usability and electricity pricing.
• More advanced IDS of this type will consider behaviors of multiple devices within the system to obtain system level detection
ADVANTAGE :
? IREST used unsupervised learning for training the cyber and physical ML anomaly detection algorithms.
? The results showed that unsupervised learning provided comparable performance with respect to supervised approaches, with the added benefit that abnormal behavior data is not required for training.
? This is important as unsupervised learning offers several advantages over supervised methods.
? In our case, unsupervised learning is especially useful as no attack data is needed for training.
|