Flexible Machine Learning Based Cyber attack Detection Using

Convolution Network for Distribution Systems

Abstract:

This letter develops a flexible machine learning detection method for cyberattacks in
distribution systems considering spatiotemporal patterns. Spatiotemporal patterns are
recognized by the graph Laplacian based on system-wide measurements. A flexible Bayes
classifier (BC) is used to train spatiotemporal patterns which could be violated when
cyberattacks occur. Cyberattacks are detected by using flexible BCs online. The effectiveness
of the developed method is demonstrated through standard IEEE 13- and 123-node test
feeders.

There are numerous difficulties in the field of cybersecurity. One of the most testing
components of cybersecurity is the changing idea of security dangers. Customarily ensuring
the greatest known dangers and not securing frameworks against less risky dangers was a
methodology against looking after cybersecurity.

Convolutional neural networks (CNNs) has increase amazing acknowledgment in the field of
PC vision. It has been persistently propelling the picture order exactness. It additionally
assumes a significant job in nonexclusive component extraction, for example, scene
characterization, object recognition, semantic division, picture recovery, and picture
inscription. Convolutional neural network (CNN) is the most significant part of profound
neural networks in picture preparing. It is profoundly powerful and regularly utilized in PC
vision applications.
Introduction:

T HE growing deployment of distributed energy resources (DERs), microgrids, and other

distribution-level technology and assets has completely changed the way the distribution
systems have been designed and operated traditionally. Also, as an increasing number of
sensors (e.g., micro-PMUs) are being developed and deployed on the distribution system in
conjunction with the conventional SCADA systems, advanced metering infrastructure (AMI),
and other field devices to enable data-driven observability and grid-edge data analytics [1],
the attack surface to the distribution management system (DMS) is inevitably enlarged. DMS
and associated monitoring and control systems are among the key actors for making decisions
and exchanging information. However, existing cybersecurity technologies employed in
distribution systems are still vulnerable to cyberattacks. It is highly necessary to develop
cyber-resilient DMS functions and cybersecurity technologies to enable future energy
delivery systems to accurately detect, dynamically adapt, successfully survive and reject a
cyberattack. Unlike conventional cyberattack detection techniques, such as naive Bayes
classifiers (BCs) which are highly based on the normality assumption, this letter attempts to
capture the continuous attribute of spatiotemporal patterns among system measurements by
developing flexible BCs. Essentially, spatiotemporal patterns of measurement data under
normal conditions would be compromised when cyberattacks occur. Based on this concept,
this letter seeks to address two critical questions for the cyberattack detection on distribution
systems. (i) Is it possible to quantitatively capture the spatiotemporal patterns between
cyberattack scenarios and normal scenarios? (ii) Can operators deploy flexible BCs to
enhance the accuracy of conventional cyberattack detection methods? In this letter, we seek
to integrate the spatiotemporal patterns of system measurements into a flexible BC for
cyberattack detection. Specifically, spatiotemporal patterns are captured by the generalized
graph Laplacian (GGL) matrix for system measurements. For the training process of the
proposed flexible BC, they are taken as its input variables, while the labels of cyberattack
templates are taken as its output variables. For the testing process, the online spatiotemporal
patterns captured by GGL are put into the proposed flexible BC, which subsequently outputs
the cyberattack detection results.

Problem definition:
T HE growing deployment of distributed energy resources (DERs), microgrids, and other
distribution-level technology and assets has completely changed the way the distribution
systems have been designed and operated traditionally. Also, as an increasing number of
sensors (e.g., micro-PMUs) are being developed and deployed on the distribution system in
conjunction with the conventional SCADA systems, advanced metering infrastructure (AMI),
and other field devices to enable data-driven observability and grid-edge data analytics [1],
the attack surface to the distribution management system (DMS) is inevitably enlarged. DMS
and associated monitoring and control systems are among the key actors for making decisions
and exchanging information.
Design and Proposed Methodology:
Tools:

Technology:

SYSTEM REQUIREMENTS

H/W Requirements

Processor : Any Processor above 500 MHz.

Ram : 4GB

Hard Disk : 250 Gb.

Input device : Standard Keyboard and Mouse.

Output device : High Resolution Monitor.

S/W Requirements

Operating System : Windows Family.

Programming : Python/JAVA
Implementation:

Spatiotemporal patterns of measurements have been widely used in the areas of renewable
forecasting and plug-in electric vehicles (PEVs) in recent years. Inspired by this background,
deploying spatiotemporal patterns for cyberattack detection has a broad prospect by
coordinating with machine learning techniques. Complex distribution networks can be
defined as a graphical model where variables are associated with highly nonlinear target
functions, and complex spatial and temporal relationships exist among such variables even
for cyberattacks. Since distribution systems are running based on complicated physical laws
and rules, describing the spatiotemporal patterns by machine learning paves a way for
mapping such relationships that could be significantly compromised by the injected
cyberattacks. For the future work of this letter, deep learning techniques will be further
involved. That is to say, the spatiotemporal patterns will be mapped to a linear space by using
the Long Short-term Memory (LSTM) network to improve the potential detection accuracy
for cyberattacks.

Conclusion:

In this letter, we develop a flexible machine learning based cyberattack detection method by
using the generalized graph Laplacian (GGL) and flexible Bayes classifiers (BCs).
Spatiotemporal patterns are quantitatively characterized by GGL, which could be
compromised when cyberattacks occur. The flexible BCs are used for training spatiotemporal
patterns of system measurements and detecting cyberattacks online. Numerical results of case
studies verify the effectiveness of the developed cyberattack detection method based on
machine learning techniques

References
[1] Y. Wang, Q. Chen, T. Hong, and C. Kang, “Review of smart meter data analytics:
Applications, methodologies, and challenges,” IEEE Trans. Smart Grid, vol. 10, no. 3, pp.
3125–3148, May 2019.

[2] M. Cui, J. Wang, A. R. Florita, and Y. Zhang, “Generalized graph Laplacian based
anomaly detection for spatiotemporal microPMU data,” IEEE Trans. Power Syst., vol. 34, no.
5, pp. 3960–3963, Sep. 2019.

[3] H. E. Egilmez, E. Pavez, and A. Ortega, “Graph learning from data under Laplacian and
structural constraints,” IEEE J. Sel. Top. Signal Process., vol. 11, no. 6, pp. 825–841, 2017.

[4] M. Cui, J. Wang, and M. Yue, “Machine learning based anomaly detection for load
forecasting under cyberattacks,” IEEE Trans. Smart Grid, vol. 10, no. 5, pp. 5724–5734, Sep.
2019.