Data-driven Stochastic Anomaly Detection on Smart-Grid communications using Mixture Poisson Distributions

Characterizing communications in smart-grid distributed control systems is fundamental for understanding the expected behavior and identify abnormal scenarios. In this paper, we present a stochastic data-driven approach to model the the communication network in smart-grid systems. Our approach uses Mixture Poisson distributions to model the packet communication between the network devices. The network is modeled using a directed graph, where each edge represents a Poisson distribution of the packets being transmitted. Parameters are learned using mini-batch Expectation Maximization in order to scale to large datasets. The advantages of the presented approach are 1) unsupervised data-driven discovery of representative communication patterns, 2) intuitive visualization of the expected behavior, 3) scalability to large datasets, and 4) coherent and interpretable model. Tests were conducted in a simulated SCADA microgrid distributed control system environment.

[1]  Daniel L. Marino,et al.  Generalization of Deep Learning for Cyber-Physical System Security: A Survey , 2018, IECON 2018 - 44th Annual Conference of the IEEE Industrial Electronics Society.

[2]  Calin Belta,et al.  Anomaly detection in cyber-physical systems: A formal methods approach , 2014, 53rd IEEE Conference on Decision and Control.

[3]  Xinkai Zhu,et al.  Estimation of biomass in wheat using random forest regression algorithm and remote sensing data , 2016 .

[4]  Urbashi Mitra,et al.  Parametric Methods for Anomaly Detection in Aggregate Traffic , 2011, IEEE/ACM Transactions on Networking.

[5]  Mohammad Zulkernine,et al.  Random-Forests-Based Network Intrusion Detection Systems , 2008, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[6]  Chih-Jen Lin,et al.  LIBSVM: A library for support vector machines , 2011, TIST.

[7]  Frederick T. Sheldon,et al.  ISAAC: The Idaho CPS Smart Grid Cybersecurity Testbed , 2019, 2019 IEEE Texas Power and Energy Conference (TPEC).

[8]  Ananthram Swami,et al.  Practical Black-Box Attacks against Machine Learning , 2016, AsiaCCS.

[9]  Xavier Clotet,et al.  A real-time anomaly-based IDS for cyber-attack detection at the industrial process level of Critical Infrastructures , 2018, Int. J. Crit. Infrastructure Prot..

[10]  Thomas H. Morris,et al.  Machine learning for power system disturbance and cyber-attack discrimination , 2014, 2014 7th International Symposium on Resilient Control Systems (ISRCS).

[11]  Frederick T. Sheldon,et al.  Attack Scenario-based Validation of the Idaho CPS Smart Grid Cybersecurity Testbed (ISAAC) , 2019, 2019 IEEE Texas Power and Energy Conference (TPEC).

[12]  Jimmy Ba,et al.  Adam: A Method for Stochastic Optimization , 2014, ICLR.

[13]  Aditya Ashok,et al.  Cyber-Physical Security Testbeds: Architecture, Application, and Evaluation for Smart Grid , 2013, IEEE Transactions on Smart Grid.

[14]  Lenin Mookiah,et al.  Graph-Based Anomaly Detection on Smart Grid Data , 2017, FLAIRS Conference.

[15]  Bart Vanrumste,et al.  Anomaly Detection Using the Poisson Process Limit for Extremes , 2014, 2014 IEEE International Conference on Data Mining.

[16]  Robert P. Sheridan,et al.  Random Forest: A Classification and Regression Tool for Compound Classification and QSAR Modeling , 2003, J. Chem. Inf. Comput. Sci..

[17]  Sridhar Adepu,et al.  Anomaly Detection in Cyber Physical Systems Using Recurrent Neural Networks , 2017, 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE).

[18]  Padhraic Smyth,et al.  Adaptive event detection with time-varying poisson processes , 2006, KDD '06.

[19]  Daniel L. Marino,et al.  Framework for Data Driven Health Monitoring of Cyber-Physical Systems , 2018, 2018 Resilience Week (RWS).

[20]  Naiqi Wu,et al.  SVM-DT-based adaptive and collaborative intrusion detection , 2018, IEEE/CAA Journal of Automatica Sinica.

[21]  Yu Peng,et al.  Review on cyber-physical systems , 2017, IEEE/CAA Journal of Automatica Sinica.

[22]  Eyuphan Bulut,et al.  Data Driven Hourly Taxi Drop-offs Prediction using TLC Trip Record Data , 2019, 2019 12th International Conference on Human System Interaction (HSI).