Cyber and Physical Anomaly Detection in Smart-Grids

The inclusion of Information and Communication Technologies (ICTs) in industrial control systems (ICSs) has opened ICSs to several attack vectors, which are increasingly targeting critical infrastructure. Accurate detection and distinction between benign physical disturbances, malicious cyber-attacks, and malicious physical-attacks are necessary to protect critical infrastructure. While cyber sensors provide a useful tool to identify and mitigate cyber attacks, they often ignore the physical behavior of the system at hand. In this paper, we present a cyber-physical sensor called IREST (ICS Resilient Security Technology). The sensor takes a holistic approach in detecting anomalies by considering both cyber and physical disturbances in a complex system. The sensor was tested under different cyber-physical scenarios using the Idaho CPS SCADA Cybersecurity (ISAAC) testbed. The test scenarios capture different operational states of the CPS testbed, including various cyber and physical anomalies. The experiments show that the IREST sensor is able to detect both cyber and physical anomalies. The sensor has the benefit that training requires only normal data and is able to detect disturbances that have not been seen before. The presented approach provides a scalable framework for cyber-physical security research that can be expanded in the future.

[1]  Calin Belta,et al.  Anomaly detection in cyber-physical systems: A formal methods approach , 2014, 53rd IEEE Conference on Decision and Control.

[2]  Daniel L. Marino,et al.  Generalization of Deep Learning for Cyber-Physical System Security: A Survey , 2018, IECON 2018 - 44th Annual Conference of the IEEE Industrial Electronics Society.

[3]  Chathurika S. Wickramasinghe,et al.  Deep Self-Organizing Maps for Unsupervised Image Classification , 2019, IEEE Transactions on Industrial Informatics.

[4]  Insup Lee,et al.  Cyber-physical systems: The next computing revolution , 2010, Design Automation Conference.

[5]  Frederick T. Sheldon,et al.  ISAAC: The Idaho CPS Smart Grid Cybersecurity Testbed , 2019, 2019 IEEE Texas Power and Energy Conference (TPEC).

[6]  Frederick T. Sheldon,et al.  Attack Scenario-based Validation of the Idaho CPS Smart Grid Cybersecurity Testbed (ISAAC) , 2019, 2019 IEEE Texas Power and Energy Conference (TPEC).

[7]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[8]  Robert K. Abercrombie,et al.  Security management of cyber physical control systems using NIST SP 800-82r2 , 2017, 2017 13th International Wireless Communications and Mobile Computing Conference (IWCMC).

[9]  Daniel L. Marino,et al.  Framework for Data Driven Health Monitoring of Cyber-Physical Systems , 2018, 2018 Resilience Week (RWS).

[10]  Jay Lee,et al.  Cyber-physical Systems Architecture for Self-Aware Machines in Industry 4.0 Environment , 2015 .

[11]  Pratim Biswas,et al.  Real-Time Identification of Cyber-Physical Attacks on Water Distribution Systems via Machine Learning–Based Anomaly Detection Techniques , 2019, Journal of Water Resources Planning and Management.

[12]  Aditya Ashok,et al.  Cyber-Physical Security Testbeds: Architecture, Application, and Evaluation for Smart Grid , 2013, IEEE Transactions on Smart Grid.

[13]  Sridhar Adepu,et al.  Anomaly Detection in Cyber Physical Systems Using Recurrent Neural Networks , 2017, 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE).