Cyber-Attack Detection Using Principal Component Analysis and Noisy Clustering Algorithms: A Collaborative Machine Learning-Based Framework

This paper proposes a collaborative machine learning-based framework to detect cyber-attacks in a power system, leading to deviation in the state variable behavior. Based on the proposed architecture, three different machine learning-based methods, i.e., visualization, classification, and clustering...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on smart grid Vol. 13; no. 6; pp. 4848 - 4861
Main Authors: Parizad, Ali, Hatziadoniu, Constantine J.
Format: Journal Article
Language:English
Published: Piscataway IEEE 01.11.2022
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects:
adaptive semi-supervised learning detection method
Algorithms
Classification
Clustering
Clustering algorithms
Collaboration
Cybersecurity
Dimensionality reduction
False data injection attack (FDIA)
Feature extraction
Hidden Markov models
hyper-parameter optimization
Machine learning
noisy clustering algorithm
Position measurement
Power systems
Principal component analysis
Principal components analysis
State vectors
Visualization
ISSN:1949-3053, 1949-3061
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:This paper proposes a collaborative machine learning-based framework to detect cyber-attacks in a power system, leading to deviation in the state variable behavior. Based on the proposed architecture, three different machine learning-based methods, i.e., visualization, classification, and clustering, are employed and compared to find the best one in the FDIA detection process. To this end, pre-processing is employed in the first stage. In the second stage, the patterns of the state vectors are transferred into features. Hence, 24 statistical features, including measures of central tendency, variability, measures of shape, and position, are extracted to find various properties. Then, in the third stage, a supervised algorithm is employed to rank and find the most crucial features in FDIA. In the fourth stage, an unsupervised dimensionality reduction technique (PCA) is applied to reduce the feature space. In the fifth and last stage, visualization, classification, and clustering-based methods are developed to detect FDIA. To simulate an attack, it is assumed that an intruder decreases or increases the state vectors at different buses with various attack parameters (i.e., 0.90, 0.95, 0.96, 0.97, 0.98, 1, 1.02, 1.03, 1.04, 1.05, and 1.10). The proposed method effectiveness is assessed on the New York Independent System Operator (NYISO) data applied to the IEEE 14-bus system. The results presented in the paper from different scenarios (i.e., phase angle (<inline-formula> <tex-math notation="LaTeX">\theta </tex-math></inline-formula>), voltage magnitude (<inline-formula> <tex-math notation="LaTeX">V_{m} </tex-math></inline-formula>), measurements, and multiple attacks) on a real-world dataset demonstrate that the collaborative optimized PCA-Density-based machine learning technique can detect most of the attack samples with good performance scores (i.e., recall, precision, F1) and outperforms the other investigated methods. Moreover, it is general and adaptable enough to cover the situation where either the system characteristics or the attack behavior changes.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:1949-3053
1949-3061
DOI:10.1109/TSG.2022.3176311