Gaussian Mixture Modeling for Detecting Integrity Attacks in Smart Grids

The thematics focusing on inserting intelligence in cyber-physical critical infrastructures (CI) have been receiving a lot of attention in the recent years. This paper presents a methodology able to differentiate between the normal state of a system composed of interdependent infrastructures and states that appear to be normal but the system (or parts of it) has been compromised. The system under attack seems to operate properly since the associated measurements are simply a variation of the normal ones created by the attacker, and intended to mislead the operator while the consequences may be of catastrophic nature. Here, we propose a holistic modeling scheme based on Gaussian mixture models estimating the probability density function of the parameters coming from linear time invariant (LTI) models. LTI models are approximating the relationships between the datastreams coming from the CI. The experimental platform includes a power grid simulator of the IEEE 30 bus model controlled by a cyber network platform. Subsequently, we implemented a wide range of integrity attacks (replay, ramp, pulse, scaling, and random) with different intensity levels. An extensive experimental campaign was designed and we report satisfying detection results.

[1]  G. Manimaran,et al.  Cybersecurity for Critical Infrastructures: Attack and Defense Modeling , 2010, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[2]  Chau Yuen,et al.  On Simple Multiple Access Networks , 2015, IEEE Journal on Selected Areas in Communications.

[3]  Chih-Jen Lin,et al.  LIBSVM: A library for support vector machines , 2011, TIST.

[4]  Mike Hibler,et al.  An integrated experimental environment for distributed systems and networks , 2002, OPSR.

[5]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[6]  Bruno Sinopoli,et al.  Detecting Integrity Attacks on SCADA Systems , 2014, IEEE Transactions on Control Systems Technology.

[7]  François Pachet,et al.  The bag-of-frames approach to audio pattern recognition: a sufficient model for urban soundscapes but not for polyphonic music. , 2007, The Journal of the Acoustical Society of America.

[8]  R D Zimmerman,et al.  MATPOWER: Steady-State Operations, Planning, and Analysis Tools for Power Systems Research and Education , 2011, IEEE Transactions on Power Systems.

[9]  Chau Yuen,et al.  Location Identification of Power Line Outages Using PMU Measurements With Bad Data , 2015, IEEE Transactions on Power Systems.

[10]  Béla Genge,et al.  EPIC: A Testbed for Scientifically Rigorous Cyber-Physical Security Experimentation , 2013, IEEE Transactions on Emerging Topics in Computing.

[11]  Zeng Xiangjun,et al.  Context Information-Based Cyber Security Defense of Protection System , 2007, IEEE Transactions on Power Delivery.

[12]  L. Ljung Convergence analysis of parametric identification methods , 1978 .

[13]  Hu Zhengbing,et al.  A Novel Network Intrusion Detection System (NIDS) Based on Signatures Search of Data Mining , 2008, First International Workshop on Knowledge Discovery and Data Mining (WKDD 2008).

[14]  Geoffrey J. McLachlan,et al.  Mixture models : inference and applications to clustering , 1989 .

[15]  A. Haslett Electronics , 1948 .

[16]  Hamid Sharif,et al.  A Survey on Smart Grid Communication Infrastructures: Motivations, Requirements and Challenges , 2013, IEEE Communications Surveys & Tutorials.

[17]  Ning Lu,et al.  Safeguarding SCADA Systems with Anomaly Detection , 2003, MMM-ACNS.

[18]  D. N. Geary Mixture Models: Inference and Applications to Clustering , 1989 .

[19]  G. Lambert-Torres,et al.  Anomaly detection in power system control center critical infrastructures using rough classification algorithm , 2009, 2009 3rd IEEE International Conference on Digital Ecosystems and Technologies.

[20]  Douglas A. Reynolds,et al.  Robust text-independent speaker identification using Gaussian mixture speaker models , 1995, IEEE Trans. Speech Audio Process..

[21]  Piero P. Bonissone,et al.  Fast meta-models for local fusion of multiple predictive models , 2011, Appl. Soft Comput..

[22]  Nikos Fakotakis,et al.  Probabilistic Novelty Detection for Acoustic Surveillance Under Real-World Conditions , 2011, IEEE Transactions on Multimedia.

[23]  Stavros Ntalampiras,et al.  Detection of Integrity Attacks in Cyber-Physical Critical Infrastructures Using Ensemble Modeling , 2015, IEEE Transactions on Industrial Informatics.

[24]  Chau Yuen,et al.  False data injection attacks with local topology information against linear state estimation , 2015, 2015 IEEE Innovative Smart Grid Technologies - Asia (ISGT ASIA).

[25]  Cesare Alippi,et al.  An HMM-based change detection method for intelligent embedded sensors , 2012, The 2012 International Joint Conference on Neural Networks (IJCNN).

[26]  Shailendra Singh,et al.  An Ensemble Approach for Cyber Attack Detection System: A Generic Framework , 2013, 2013 14th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing.

[27]  Béla Genge,et al.  AMICI: An Assessment Platform for Multi-domain Security Experimentation on Critical Infrastructures , 2012, CRITIS.

[28]  Rongxing Lu,et al.  A New Differentially Private Data Aggregation With Fault Tolerance for Smart Grid Communications , 2015, IEEE Internet of Things Journal.

[29]  G. Manimaran,et al.  Vulnerability Assessment of Cybersecurity for SCADA Systems , 2008, IEEE Transactions on Power Systems.

[30]  Cesare Alippi,et al.  A Cognitive Fault Diagnosis System for Distributed Sensor Networks , 2013, IEEE Transactions on Neural Networks and Learning Systems.

[31]  Ronnie Belmans,et al.  MatDyn, A New Matlab-Based Toolbox for Power System Dynamic Simulation , 2011, IEEE Transactions on Power Systems.

[32]  Siddharth Sridhar,et al.  Cyber–Physical System Security for the Electric Power Grid , 2012, Proceedings of the IEEE.

[33]  Stavros Ntalampiras Fault Identification in Distributed Sensor Networks Based on Universal Probabilistic Modeling , 2015, IEEE Transactions on Neural Networks and Learning Systems.

[34]  Yannis Soupionis,et al.  Faults and Cyber Attacks Detection in Critical Infrastructures , 2014, CRITIS.