Applying Hoeffding Adaptive Trees for Real-Time Cyber-Power Event and Intrusion Classification

Electricity transmission systems are networked cyber physical systems that are subject to many well-known control, weather, and equipment failure related contingencies which can disrupt power delivery. Cyber-attacks against electric transmission systems are another class of contingency which can disrupt power delivery. Wide area monitoring systems (WAMSs) enhanced with phasor measurement units provide high volume and high velocity power system sensor data which can be combined with traditional power system data sources and cyber data sources to enable real time detection of both types of contingencies. This paper describes research toward a cyber-power event and intrusion detection system (EIDS) which can be used for multiclass or binary-class classification of traditional power system contingencies and cyber-attacks. The continuous streams of high speed data from WAMS pose significant challenges in data storage, management, and handling. Data stream mining addresses the continuous data problem and can deal with very large data sizes. Hoeffding adaptive trees (HAT) augmented with the drift detection method (DDM) and adaptive windowing (ADWIN) can effectively be used to classify traditional and cyber contingencies in real time. Experiments performed for this paper demonstrate HAT + DDM + ADWIN provides classification accuracy of greater than 94% for multiclass and greater than 98% for binary class classification for a dataset with artifacts from 45 classes of cyber-power contingencies. Results also show that HAT + DDM + ADWIN has a small memory foot print and a fast evaluation time which enables real time EIDS.

[1]  Jianhui Wang,et al.  Real-time intrusion detection in power system operations , 2013, IEEE Transactions on Power Systems.

[2]  Miao He,et al.  Robust Online Dynamic Security Assessment Using Adaptive Ensemble Decision-Tree Learning , 2013, IEEE Transactions on Power Systems.

[3]  Geoff Holmes,et al.  Improving Adaptive Bagging Methods for Evolving Data Streams , 2009, ACML.

[4]  Haris M. Khalid,et al.  A Bayesian Algorithm to Enhance the Resilience of WAMS Applications Against Cyber Attacks , 2016, IEEE Transactions on Smart Grid.

[5]  Adam Hahn,et al.  A multi-layered and kill-chain based security analysis framework for cyber-physical systems , 2015, Int. J. Crit. Infrastructure Prot..

[6]  Lei Huang,et al.  Spatial-temporal characterization of synchrophasor measurement systems — A big data approach for smart grid system situational awareness , 2014, 2014 48th Asilomar Conference on Signals, Systems and Computers.

[7]  Arshdeep Bahga,et al.  Analyzing Massive Machine Maintenance Data in a Computing Cloud , 2012, IEEE Transactions on Parallel and Distributed Systems.

[8]  Mladen Kezunovic,et al.  Regression tree for stability margin prediction using synchrophasor measurements , 2013, IEEE Transactions on Power Systems.

[9]  Thomas H. Morris,et al.  Developing a Hybrid Intrusion Detection System Using Data Mining for Power Systems , 2015, IEEE Transactions on Smart Grid.

[10]  Alexander Apostolov,et al.  IEEE PSRC Report on Global Industry Experiences With System Integrity Protection Schemes (SIPS) , 2010, IEEE Transactions on Power Delivery.

[11]  Abraham Kandel,et al.  Real-time data mining of non-stationary data streams from sensor networks , 2008, Inf. Fusion.

[12]  J. Sim,et al.  The kappa statistic in reliability studies: use, interpretation, and sample size requirements. , 2005, Physical therapy.

[13]  João Gama,et al.  Learning with Drift Detection , 2004, SBIA.

[14]  Robert C. Green,et al.  Intrusion Detection System in A Multi-Layer Network Architecture of Smart Grids by Yichi , 2015 .

[15]  Mark A. Hall,et al.  Correlation-based Feature Selection for Discrete and Numeric Class Machine Learning , 1999, ICML.

[16]  Le Xie,et al.  Dimensionality Reduction of Synchrophasor Data for Early Event Detection: Linearized Analysis , 2014, IEEE Transactions on Power Systems.

[17]  Geoff Holmes,et al.  MOA: Massive Online Analysis , 2010, J. Mach. Learn. Res..

[18]  Thomas H. Morris,et al.  Modeling Cyber-Physical Vulnerability of the Smart Grid With Incomplete Information , 2013, IEEE Transactions on Smart Grid.

[19]  Geoff Hulten,et al.  Mining high-speed data streams , 2000, KDD '00.

[20]  Uttam Adhikari,et al.  Event and intrusion detection systems for cyber-physical power systems , 2015 .

[21]  Roger L. King,et al.  Event stream processing for improved situational awareness in the smart grid , 2015, Expert Syst. Appl..

[22]  Paul Trachian Machine learning and windowed subsecond event detection on PMU data via Hadoop and the openPDC , 2010, IEEE PES General Meeting.

[23]  Arun G. Phadke,et al.  Transient stability prediction based on apparent impedance trajectory recorded by PMUs , 2014 .

[24]  Jennifer Widom,et al.  Models and issues in data stream systems , 2002, PODS.

[25]  John R. Williams,et al.  Data-Stream-Based Intrusion Detection System for Advanced Metering Infrastructure in Smart Grid: A Feasibility Study , 2015, IEEE Systems Journal.

[26]  João Gama,et al.  Stream-Based Electricity Load Forecast , 2007, PKDD.

[27]  Shonali Krishnaswamy,et al.  Mining data streams: a review , 2005, SGMD.

[28]  Philip S. Yu,et al.  Mining concept-drifting data streams using ensemble classifiers , 2003, KDD '03.

[29]  Guigang Zhang,et al.  Deep Learning , 2016, Int. J. Semantic Comput..

[30]  Ricard Gavaldà,et al.  Adaptive Learning from Evolving Data Streams , 2009, IDA.

[31]  Lars Nordström,et al.  Synchrophasor-based data mining for power system fault analysis , 2012, 2012 3rd IEEE PES Innovative Smart Grid Technologies Europe (ISGT Europe).

[32]  Thomas H. Morris,et al.  Machine learning for power system disturbance and cyber-attack discrimination , 2014, 2014 7th International Symposium on Resilient Control Systems (ISRCS).

[33]  Huiping Cao,et al.  Comprehensive Clustering of Disturbance Events Recorded by Phasor Measurement Units , 2014, IEEE Transactions on Power Delivery.

[34]  S. Mauw,et al.  Specification-based intrusion detection for advanced metering infrastructures , 2022 .

[35]  Thomas H. Morris,et al.  WAMS Cyber-Physical Test Bed for Power System, Cybersecurity Study, and Data Mining , 2017, IEEE Transactions on Smart Grid.

[36]  Vahid Madani,et al.  Wide-Area Monitoring, Protection, and Control of Future Electric Power Networks , 2011, Proceedings of the IEEE.

[37]  Richard S. Sutton,et al.  Reinforcement Learning: An Introduction , 1998, IEEE Trans. Neural Networks.

[38]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[39]  Nand Kishor,et al.  Optimal feature and decision tree based classification of power quality disturbances in distributed generation systems , 2014, 2014 IEEE PES General Meeting | Conference & Exposition.