Abstract
The establishment of a resilient electric grid accompanied by a secure communications network is an ongoing battle as advanced persistent threats continue to exploit existing vulnerabilities in legacy supervisory control and data acquisition system (SCADA) infrastructure. Traditional intrusion detection systems (IDSs) lack consistent performance because of the continuously evolving attack surface of SCADA systems. These shortcomings can be overcome by integrating logical system behavior, protocol-specific knowledge, and data-based learning to develop a comprehensive IDS solution. In this paper, we present a Hybrid Intrusion Detector for Energy Systems by integrating a network-based IDS, state-of-the-art machine learning-based IDS, and model-based IDS to detect unknown and stealthy cyberattacks targeting the SCADA networks. The proposed IDS uses synchrophasor measurements and cyber logs to learn patterns of different scenarios based on spatiotemporal behaviors of power systems. As a proof of concept, we implement and validate the proposed IDS by leveraging resources available at the National Renewable Energy Laboratory's Energy Systems Integration Facility test bed. Experimental results show promising performance in detecting cyberattacks while providing realtime visualization of power system measurements and cyber logs.
| Original language | American English |
|---|---|
| Number of pages | 6 |
| DOIs | |
| State | Published - Feb 2020 |
| Event | 2020 IEEE Texas Power and Energy Conference, TPEC 2020 - College Station, United States Duration: 6 Feb 2020 → 7 Feb 2020 |
Conference
| Conference | 2020 IEEE Texas Power and Energy Conference, TPEC 2020 |
|---|---|
| Country/Territory | United States |
| City | College Station |
| Period | 6/02/20 → 7/02/20 |
Bibliographical note
Publisher Copyright:© 2020 IEEE.
NREL Publication Number
- NREL/CP-5R00-75476
Keywords
- machine-learning intrusion detection system
- power engineering computing
- power system measurement
- SCADA systems
- security of data