Applying Non-Nested Generalized Exemplars Classification for Cyber-Power Event and Intrusion Detection

Non-nested generalized exemplars (NNGEs) is a state of the art data mining algorithm which uses distance between a new example and a set of exemplars for classification. The state extraction method (STEM) preprocesses power system wide area measurement system data to reduce data size while maintaining critical patterns. Together NNGE+STEM make an effective event and intrusion detection system which can effectively classify power system events and cyber-attacks in real time. This paper documents the results of two experiments in which NNGE+STEM was used to classify cyber power contingency, control action, and cyber-attack events. Experimental results show that NNGE+STEM achieved greater than 94 and 97% accuracy for multiclass and binary class classification. Additionally, the NNGE+STEM false positive rate was below 0.5%, the average classification time was 0.2 ms, and the classifier had low memory requirements.

[1]  Thomas H. Morris,et al.  Developing a Hybrid Intrusion Detection System Using Data Mining for Power Systems , 2015, IEEE Transactions on Smart Grid.

[2]  Miao He,et al.  Online dynamic security assessment with missing pmu measurements: A data mining approach , 2013, IEEE Transactions on Power Systems.

[3]  Thomas H. Morris,et al.  Machine learning for power system disturbance and cyber-attack discrimination , 2014, 2014 7th International Symposium on Resilient Control Systems (ISRCS).

[4]  Jianhui Wang,et al.  Real-time intrusion detection in power system operations , 2013, IEEE Transactions on Power Systems.

[5]  S. M. Brahma,et al.  Preliminary work to classify the disturbance events recorded by phasor measurement units , 2012, 2012 IEEE Power and Energy Society General Meeting.

[6]  Huiping Cao,et al.  Comprehensive Clustering of Disturbance Events Recorded by Phasor Measurement Units , 2014, IEEE Transactions on Power Delivery.

[7]  S. Mauw,et al.  Specification-based intrusion detection for advanced metering infrastructures , 2022 .

[8]  Yang Liu,et al.  Abnormal traffic-indexed state estimation: A cyber-physical fusion approach for Smart Grid attack detection , 2015, Future Gener. Comput. Syst..

[9]  Paul Trachian Machine learning and windowed subsecond event detection on PMU data via Hadoop and the openPDC , 2010, IEEE PES General Meeting.

[10]  Thomas H. Morris,et al.  Modeling Cyber-Physical Vulnerability of the Smart Grid With Incomplete Information , 2013, IEEE Transactions on Smart Grid.

[11]  Thomas H. Morris,et al.  WAMS Cyber-Physical Test Bed for Power System, Cybersecurity Study, and Data Mining , 2017, IEEE Transactions on Smart Grid.

[12]  Roger L. King,et al.  Event stream processing for improved situational awareness in the smart grid , 2015, Expert Syst. Appl..

[13]  Roger L. King,et al.  Using artificial neural networks for load shedding to alleviate overloaded lines , 1994 .

[14]  Uttam Adhikari,et al.  Event and intrusion detection systems for cyber-physical power systems , 2015 .

[15]  Lars Nordström,et al.  Synchrophasor-based data mining for power system fault analysis , 2012, 2012 3rd IEEE PES Innovative Smart Grid Technologies Europe (ISGT Europe).

[16]  Vijay Vittal,et al.  An Online Dynamic Security Assessment Scheme Using Phasor Measurements and Decision Trees , 2007 .

[17]  Geoff Holmes,et al.  Cache Hierarchy Inspired Compression: a Novel Architecture for Data Streams , 2005, CITA.

[18]  Ing-Ray Chen,et al.  Behavior-Rule Based Intrusion Detection Systems for Safety Critical Smart Grid Applications , 2013, IEEE Transactions on Smart Grid.

[19]  Sakir Sezer,et al.  Intrusion Detection System for network security in synchrophasor systems , 2013 .

[20]  Adam Hahn,et al.  A multi-layered and kill-chain based security analysis framework for cyber-physical systems , 2015, Int. J. Crit. Infrastructure Prot..

[21]  N.D. Hatziargyriou,et al.  Decision Trees-Aided Self-Organized Maps for Corrective Dynamic Security , 2008, IEEE Transactions on Power Systems.

[22]  Mladen Kezunovic,et al.  Regression tree for stability margin prediction using synchrophasor measurements , 2013, IEEE Transactions on Power Systems.

[23]  Robert C. Green,et al.  Intrusion Detection System in A Multi-Layer Network Architecture of Smart Grids by Yichi , 2015 .

[24]  Athula D. Rajapakse,et al.  Online Monitoring of Voltage Stability Margin Using an Artificial Neural Network , 2010 .

[25]  Albert Bifet,et al.  Sentiment Knowledge Discovery in Twitter Streaming Data , 2010, Discovery Science.

[26]  I Kamwa,et al.  Development of rule-based classifiers for rapid stability assessment of wide-area post disturbance records , 2009, IEEE PES General Meeting.

[27]  Mladen Kezunovic Monitoring of Power System Topology in Real-Time , 2006, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06).

[28]  Miao He,et al.  Robust Online Dynamic Security Assessment Using Adaptive Ensemble Decision-Tree Learning , 2013, IEEE Transactions on Power Systems.

[29]  Thomas H. Morris,et al.  Classification of Disturbances and Cyber-Attacks in Power Systems Using Heterogeneous Time-Synchronized Data , 2015, IEEE Transactions on Industrial Informatics.

[30]  S. Salzberg,et al.  INSTANCE-BASED LEARNING : Nearest Neighbour with Generalisation , 1995 .