Applying Hoeffding Adaptive Trees for Real-Time Cyber-Power Event and Intrusion Classification

Electricity transmission systems are networked cyber physical systems that are subject to many well-known control, weather, and equipment failure related contingencies which can disrupt power delivery. Cyber-attacks against electric transmission systems are another class of contingency which can dis...

Full description

Saved in:
Bibliographic Details
Published inIEEE transactions on smart grid Vol. 9; no. 5; pp. 4049 - 4060
Main Authors Adhikari, Uttam, Morris, Thomas H., Pan, Shengyi
Format Journal Article
LanguageEnglish
Published Piscataway IEEE 01.09.2018
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects
Adaptive systems
Classification
Classification algorithms
Contingency
Control equipment
cyber security
Cyber-physical systems
Cybersecurity
Data mining
Data sources
Data storage
Electric power
electric transmission system
Electricity generation
Hoeffding adaptive trees
intrusion detection system
Intrusion detection systems
Monitoring
Oscillators
Phasor measurement units
Power systems
Real time
Real-time systems
Trees
Online AccessGet full text

Cover

More Information
Summary:Electricity transmission systems are networked cyber physical systems that are subject to many well-known control, weather, and equipment failure related contingencies which can disrupt power delivery. Cyber-attacks against electric transmission systems are another class of contingency which can disrupt power delivery. Wide area monitoring systems (WAMSs) enhanced with phasor measurement units provide high volume and high velocity power system sensor data which can be combined with traditional power system data sources and cyber data sources to enable real time detection of both types of contingencies. This paper describes research toward a cyber-power event and intrusion detection system (EIDS) which can be used for multiclass or binary-class classification of traditional power system contingencies and cyber-attacks. The continuous streams of high speed data from WAMS pose significant challenges in data storage, management, and handling. Data stream mining addresses the continuous data problem and can deal with very large data sizes. Hoeffding adaptive trees (HAT) augmented with the drift detection method (DDM) and adaptive windowing (ADWIN) can effectively be used to classify traditional and cyber contingencies in real time. Experiments performed for this paper demonstrate HAT + DDM + ADWIN provides classification accuracy of greater than 94% for multiclass and greater than 98% for binary class classification for a dataset with artifacts from 45 classes of cyber-power contingencies. Results also show that HAT + DDM + ADWIN has a small memory foot print and a fast evaluation time which enables real time EIDS.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:1949-3053
1949-3061
DOI:10.1109/TSG.2017.2647778