Spatio-Temporal Advanced Persistent Threat Detection and Correlation for Cyber-Physical Power Systems Using Enhanced GC-LSTM

IF 9.8 1区工程技术 Q1 ENGINEERING, ELECTRICAL & ELECTRONIC IEEE Transactions on Smart Grid Pub Date : 2024-10-04 DOI:10.1109/TSG.2024.3474039

Alfan Presekal;Alexandru Ştefanov;Ioannis Semertzis;Peter Palensky

{"title":"Spatio-Temporal Advanced Persistent Threat Detection and Correlation for Cyber-Physical Power Systems Using Enhanced GC-LSTM","authors":"Alfan Presekal;Alexandru Ştefanov;Ioannis Semertzis;Peter Palensky","doi":"10.1109/TSG.2024.3474039","DOIUrl":null,"url":null,"abstract":"Electrical power grids are vulnerable to cyber attacks, as seen in Ukraine in 2015, 2016, and 2022. These cyber attacks are classified as Advanced Persistent Threats (APTs) with potential disastrous consequences such as a total blackout. However, state-of-the-art intrusion detection systems are inadequate for APT detection owing to their stealthy nature and long-lasting persistence. Furthermore, they are ineffective as they focus on individual anomaly instances and overlook the correlation between attack instances. Therefore, this research proposes a novel method for spatio-temporal APT detection and correlation for cyber-physical power systems. It provides online situational awareness for power system operators to pinpoint system-wide anomaly locations in near real-time and preemptively mitigate APTs at an early stage before causing adverse impacts. We propose an Enhanced Graph Convolutional Long Short-Term Memory (EGC-LSTM) by using sequential and neural network filters to improve APT detection, correlation, and prediction. Control center and substation communication traffic is used to determine cyber anomalies using semi-supervised deep packet inspection and software-defined networking. Power grid circuit breaker status is used to determine physical anomalies. Cyber-physical anomalies are correlated in cyber-physical system integration matrix and EGC-LSTM. The EGC-LSTM outperforms existing state-of-the-art spatio-temporal deep learning models, achieving the lowest mean square error.","PeriodicalId":13331,"journal":{"name":"IEEE Transactions on Smart Grid","volume":"16 2","pages":"1654-1666"},"PeriodicalIF":9.8000,"publicationDate":"2024-10-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Smart Grid","FirstCategoryId":"5","ListUrlMain":"https://ieeexplore.ieee.org/document/10705117/","RegionNum":1,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}

引用次数: 0

Abstract

Electrical power grids are vulnerable to cyber attacks, as seen in Ukraine in 2015, 2016, and 2022. These cyber attacks are classified as Advanced Persistent Threats (APTs) with potential disastrous consequences such as a total blackout. However, state-of-the-art intrusion detection systems are inadequate for APT detection owing to their stealthy nature and long-lasting persistence. Furthermore, they are ineffective as they focus on individual anomaly instances and overlook the correlation between attack instances. Therefore, this research proposes a novel method for spatio-temporal APT detection and correlation for cyber-physical power systems. It provides online situational awareness for power system operators to pinpoint system-wide anomaly locations in near real-time and preemptively mitigate APTs at an early stage before causing adverse impacts. We propose an Enhanced Graph Convolutional Long Short-Term Memory (EGC-LSTM) by using sequential and neural network filters to improve APT detection, correlation, and prediction. Control center and substation communication traffic is used to determine cyber anomalies using semi-supervised deep packet inspection and software-defined networking. Power grid circuit breaker status is used to determine physical anomalies. Cyber-physical anomalies are correlated in cyber-physical system integration matrix and EGC-LSTM. The EGC-LSTM outperforms existing state-of-the-art spatio-temporal deep learning models, achieving the lowest mean square error.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

使用增强型 GC-LSTM 进行网络物理电力系统的时空高级持续性威胁检测和相关性分析

正如2015年、2016年和2022年乌克兰的情况所示，电网很容易受到网络攻击。这些网络攻击被归类为高级持续性威胁（apt），具有潜在的灾难性后果，例如完全停电。然而，最先进的入侵检测系统由于其隐身性和持久性而不足以进行APT检测。此外，它们是无效的，因为它们专注于单个异常实例，而忽略了攻击实例之间的相关性。因此，本研究提出了一种网络物理电力系统时空APT检测与关联的新方法。它为电力系统运营商提供在线态势感知，以近乎实时的方式精确定位系统范围内的异常位置，并在造成不利影响之前的早期阶段先发制人地减轻apt。我们提出了一种增强的图卷积长短期记忆（EGC-LSTM），通过使用顺序和神经网络滤波器来改进APT检测、相关和预测。控制中心和变电站通信流量使用半监督深度包检测和软件定义网络来确定网络异常。电网断路器状态用于判断物理异常。在信息物理系统集成矩阵和EGC-LSTM中对信息物理异常进行了关联。EGC-LSTM优于现有的最先进的时空深度学习模型，实现了最低的均方误差。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

IEEE Transactions on Smart Grid ENGINEERING, ELECTRICAL & ELECTRONIC-

CiteScore

22.10

自引率

9.40%

发文量

526

审稿时长

6 months

期刊介绍： The IEEE Transactions on Smart Grid is a multidisciplinary journal that focuses on research and development in the field of smart grid technology. It covers various aspects of the smart grid, including energy networks, prosumers (consumers who also produce energy), electric transportation, distributed energy resources, and communications. The journal also addresses the integration of microgrids and active distribution networks with transmission systems. It publishes original research on smart grid theories and principles, including technologies and systems for demand response, Advance Metering Infrastructure, cyber-physical systems, multi-energy systems, transactive energy, data analytics, and electric vehicle integration. Additionally, the journal considers surveys of existing work on the smart grid that propose new perspectives on the history and future of intelligent and active grids.