Attack Graph Model for Cyber-Physical Power Systems Using Hybrid Deep Learning

A. Presekal; Alexandru Stefanov; Vetrivel Subramaniam Rajkumar; P. Palensky

doi:10.1109/TSG.2023.3237011

Attack Graph Model for Cyber-Physical Power Systems Using Hybrid Deep Learning

A. Presekal^*, Alexandru Stefanov, Vetrivel Subramaniam Rajkumar, P. Palensky

^*Corresponding author for this work

Intelligent Electrical Power Grids

Research output: Contribution to journal › Article › Scientific › peer-review

20 Citations (Scopus)

74 Downloads (Pure)

Abstract

Electrical power grids are vulnerable to cyber attacks, as seen in Ukraine in 2015 and 2016. However, existing attack detection methods are limited. Most of them are based on power system measurement anomalies that occur when an attack is successfully executed at the later stages of the cyber kill chain. In contrast, the attacks on the Ukrainian power grid show the importance of system-wide, early-stage attack detection through communication-based anomalies. Therefore, in this paper, we propose a novel method for online cyber attack situational awareness that enhances the power grid resilience. It supports power system operators in the identification and localization of active attack locations in Operational Technology (OT) networks in near real-time. The proposed method employs a hybrid deep learning model of Graph Convolutional Long Short-Term Memory (GC-LSTM) and a deep convolutional network for time series classification-based anomaly detection. It is implemented as a combination of software defined networking, anomaly detection in communication throughput, and a novel attack graph model. Results indicate that the proposed method can identify active attack locations, e.g., within substations, control center, and wide area network, with an accuracy above 96%. Hence, it outperforms existing state-of-the-art deep learning-based time series classification methods.

Original language	English
Pages (from-to)	4007-4020
Number of pages	14
Journal	IEEE Transactions on Smart Grid
Volume	14
Issue number	5
DOIs	https://doi.org/10.1109/TSG.2023.3237011
Publication status	Published - 2023

Bibliographical note

Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care
Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.

Funding

This work was supported by Designing Systems for Informed Resilience Engineering (DeSIRE) Program of the 4TU Center for Resilience Engineering (4TU.RE). DeSIRE is funded by the 4TU-program High Tech for a Sustainable Future (HTSF). 4TU is the federation of the four technical universities in the Netherlands.

Keywords

Cyber Attacks
Power Grids
Anomaly Detection
Throughput
Telecommunication Traffic
Power Systems
Long Short-Term Memory
Cyber-Physical Systems
Graph Neural Networks
Network Security
Software Defined Networking
Time Series Analysis
Time Series Classification
Co-simulation
Deep Learning
Artificial Intelligence
Cyber Security

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1109/TSG.2023.3237011

Attack_Graph_Model_for_Cyber-Physical_Power_Systems_Using_Hybrid_Deep_LearningFinal published version, 3.77 MB

Cite this

@article{9995ee5b0a02493b91ae02eeb29153ad,

title = "Attack Graph Model for Cyber-Physical Power Systems Using Hybrid Deep Learning",

abstract = "Electrical power grids are vulnerable to cyber attacks, as seen in Ukraine in 2015 and 2016. However, existing attack detection methods are limited. Most of them are based on power system measurement anomalies that occur when an attack is successfully executed at the later stages of the cyber kill chain. In contrast, the attacks on the Ukrainian power grid show the importance of system-wide, early-stage attack detection through communication-based anomalies. Therefore, in this paper, we propose a novel method for online cyber attack situational awareness that enhances the power grid resilience. It supports power system operators in the identification and localization of active attack locations in Operational Technology (OT) networks in near real-time. The proposed method employs a hybrid deep learning model of Graph Convolutional Long Short-Term Memory (GC-LSTM) and a deep convolutional network for time series classification-based anomaly detection. It is implemented as a combination of software defined networking, anomaly detection in communication throughput, and a novel attack graph model. Results indicate that the proposed method can identify active attack locations, e.g., within substations, control center, and wide area network, with an accuracy above 96%. Hence, it outperforms existing state-of-the-art deep learning-based time series classification methods.",

keywords = "Cyber Attacks, Power Grids, Anomaly Detection, Throughput, Telecommunication Traffic, Power Systems, Long Short-Term Memory, Cyber-Physical Systems, Graph Neural Networks, Network Security, Software Defined Networking, Time Series Analysis, Time Series Classification, Co-simulation, Deep Learning, Artificial Intelligence, Cyber Security",

author = "A. Presekal and Alexandru Stefanov and {Subramaniam Rajkumar}, Vetrivel and P. Palensky",

note = "Green Open Access added to TU Delft Institutional Repository {\textquoteleft}You share, we take care!{\textquoteright} – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public. ",

year = "2023",

doi = "10.1109/TSG.2023.3237011",

language = "English",

volume = "14",

pages = "4007--4020",

journal = "IEEE Transactions on Smart Grid",

issn = "1949-3053",

publisher = "Institute of Electrical and Electronics Engineers (IEEE)",

number = "5",

}

TY - JOUR

T1 - Attack Graph Model for Cyber-Physical Power Systems Using Hybrid Deep Learning

AU - Presekal, A.

AU - Stefanov, Alexandru

AU - Subramaniam Rajkumar, Vetrivel

AU - Palensky, P.

N1 - Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.

PY - 2023

Y1 - 2023

N2 - Electrical power grids are vulnerable to cyber attacks, as seen in Ukraine in 2015 and 2016. However, existing attack detection methods are limited. Most of them are based on power system measurement anomalies that occur when an attack is successfully executed at the later stages of the cyber kill chain. In contrast, the attacks on the Ukrainian power grid show the importance of system-wide, early-stage attack detection through communication-based anomalies. Therefore, in this paper, we propose a novel method for online cyber attack situational awareness that enhances the power grid resilience. It supports power system operators in the identification and localization of active attack locations in Operational Technology (OT) networks in near real-time. The proposed method employs a hybrid deep learning model of Graph Convolutional Long Short-Term Memory (GC-LSTM) and a deep convolutional network for time series classification-based anomaly detection. It is implemented as a combination of software defined networking, anomaly detection in communication throughput, and a novel attack graph model. Results indicate that the proposed method can identify active attack locations, e.g., within substations, control center, and wide area network, with an accuracy above 96%. Hence, it outperforms existing state-of-the-art deep learning-based time series classification methods.

AB - Electrical power grids are vulnerable to cyber attacks, as seen in Ukraine in 2015 and 2016. However, existing attack detection methods are limited. Most of them are based on power system measurement anomalies that occur when an attack is successfully executed at the later stages of the cyber kill chain. In contrast, the attacks on the Ukrainian power grid show the importance of system-wide, early-stage attack detection through communication-based anomalies. Therefore, in this paper, we propose a novel method for online cyber attack situational awareness that enhances the power grid resilience. It supports power system operators in the identification and localization of active attack locations in Operational Technology (OT) networks in near real-time. The proposed method employs a hybrid deep learning model of Graph Convolutional Long Short-Term Memory (GC-LSTM) and a deep convolutional network for time series classification-based anomaly detection. It is implemented as a combination of software defined networking, anomaly detection in communication throughput, and a novel attack graph model. Results indicate that the proposed method can identify active attack locations, e.g., within substations, control center, and wide area network, with an accuracy above 96%. Hence, it outperforms existing state-of-the-art deep learning-based time series classification methods.

KW - Cyber Attacks

KW - Power Grids

KW - Anomaly Detection

KW - Throughput

KW - Telecommunication Traffic

KW - Power Systems

KW - Long Short-Term Memory

KW - Cyber-Physical Systems

KW - Graph Neural Networks

KW - Network Security

KW - Software Defined Networking

KW - Time Series Analysis

KW - Time Series Classification

KW - Co-simulation

KW - Deep Learning

KW - Artificial Intelligence

KW - Cyber Security

U2 - 10.1109/TSG.2023.3237011

DO - 10.1109/TSG.2023.3237011

M3 - Article

SN - 1949-3053

VL - 14

SP - 4007

EP - 4020

JO - IEEE Transactions on Smart Grid

JF - IEEE Transactions on Smart Grid

IS - 5

ER -

Attack Graph Model for Cyber-Physical Power Systems Using Hybrid Deep Learning

Abstract

Bibliographical note

Funding

Keywords

UN SDGs

Access to Document

Fingerprint

Cite this