Research output per year
Research output per year
Abstract
Electrical power grids are vulnerable to cyber attacks, as seen in Ukraine in 2015 and 2016. However, existing attack detection methods are limited. Most of them are based on power system measurement anomalies that occur when an attack is successfully executed at the later stages of the cyber kill chain. In contrast, the attacks on the Ukrainian power grid show the importance of system-wide, early-stage attack detection through communication-based anomalies. Therefore, in this paper, we propose a novel method for online cyber attack situational awareness that enhances the power grid resilience. It supports power system operators in the identification and localization of active attack locations in Operational Technology (OT) networks in near real-time. The proposed method employs a hybrid deep learning model of Graph Convolutional Long Short-Term Memory (GC-LSTM) and a deep convolutional network for time series classification-based anomaly detection. It is implemented as a combination of software defined networking, anomaly detection in communication throughput, and a novel attack graph model. Results indicate that the proposed method can identify active attack locations, e.g., within substations, control center, and wide area network, with an accuracy above 96%. Hence, it outperforms existing state-of-the-art deep learning-based time series classification methods.
| Original language | English |
|---|---|
| Pages (from-to) | 4007-4020 |
| Number of pages | 14 |
| Journal | IEEE Transactions on Smart Grid |
| Volume | 14 |
| Issue number | 5 |
| DOIs | |
| Publication status | Published - 2023 |
Bibliographical note
Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-careOtherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.
Funding
This work was supported by Designing Systems for Informed Resilience Engineering (DeSIRE) Program of the 4TU Center for Resilience Engineering (4TU.RE). DeSIRE is funded by the 4TU-program High Tech for a Sustainable Future (HTSF). 4TU is the federation of the four technical universities in the Netherlands.Keywords
- Cyber Attacks
- Power Grids
- Anomaly Detection
- Throughput
- Telecommunication Traffic
- Power Systems
- Long Short-Term Memory
- Cyber-Physical Systems
- Graph Neural Networks
- Network Security
- Software Defined Networking
- Time Series Analysis
- Time Series Classification
- Co-simulation
- Deep Learning
- Artificial Intelligence
- Cyber Security
Access to Document
Fingerprint
Dive into the research topics of 'Attack Graph Model for Cyber-Physical Power Systems Using Hybrid Deep Learning'. Together they form a unique fingerprint.Research output
- 40 Citations
- 1 Article
-
Spatio-Temporal Advanced Persistent Threat Detection and Correlation for Cyber-Physical Power Systems using Enhanced GC-LSTM
Presekal, A., Stefanov, A., Semertzis, I. & Palensky, P., 2024, In: IEEE Transactions on Smart Grid. 16, 2, p. 1654-1666 13 p.Research output: Contribution to journal › Article › Scientific › peer-review
Datasets
-
Data underlying the PhD dissertation: Advanced Persistent Threat Detection and Correlation for Cyber-Physical Power Systems
Presekal, A. (Creator), TU Delft - 4TU.ResearchData, 10 Jan 2025
DOI: 10.4121/6B865A28-683D-4ACE-A537-DBAA8CF9EE63
Dataset/Software: Dataset