Print Email Facebook Twitter Attack Graph Model for Cyber-Physical Power Systems Using Hybrid Deep Learning Title Attack Graph Model for Cyber-Physical Power Systems Using Hybrid Deep Learning Author Presekal, A. (TU Delft Intelligent Electrical Power Grids) Stefanov, Alexandru (TU Delft Intelligent Electrical Power Grids) Subramaniam Rajkumar, Vetrivel (TU Delft Intelligent Electrical Power Grids) Palensky, P. (TU Delft Intelligent Electrical Power Grids) Date 2023 Abstract Electrical power grids are vulnerable to cyber attacks, as seen in Ukraine in 2015 and 2016. However, existing attack detection methods are limited. Most of them are based on power system measurement anomalies that occur when an attack is successfully executed at the later stages of the cyber kill chain. In contrast, the attacks on the Ukrainian power grid show the importance of system-wide, early-stage attack detection through communication-based anomalies. Therefore, in this paper, we propose a novel method for online cyber attack situational awareness that enhances the power grid resilience. It supports power system operators in the identification and localization of active attack locations in Operational Technology (OT) networks in near real-time. The proposed method employs a hybrid deep learning model of Graph Convolutional Long Short-Term Memory (GC-LSTM) and a deep convolutional network for time series classification-based anomaly detection. It is implemented as a combination of software defined networking, anomaly detection in communication throughput, and a novel attack graph model. Results indicate that the proposed method can identify active attack locations, e.g., within substations, control center, and wide area network, with an accuracy above 96%. Hence, it outperforms existing state-of-the-art deep learning-based time series classification methods. Subject Cyber AttacksPower GridsAnomaly DetectionThroughputTelecommunication TrafficPower SystemsLong Short-Term MemoryCyber-Physical SystemsGraph Neural NetworksNetwork SecuritySoftware Defined NetworkingTime Series AnalysisTime Series ClassificationCo-simulationDeep LearningArtificial IntelligenceCyber Security To reference this document use: http://resolver.tudelft.nl/uuid:9995ee5b-0a02-493b-91ae-02eeb29153ad DOI https://doi.org/10.1109/TSG.2023.3237011 Embargo date 2023-11-02 ISSN 1949-3053 Source IEEE Transactions on Smart Grid, 14 (5), 4007-4020 Bibliographical note Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public. Part of collection Institutional Repository Document type journal article Rights © 2023 A. Presekal, Alexandru Stefanov, Vetrivel Subramaniam Rajkumar, P. Palensky Files PDF Attack_Graph_Model_for_Cy ... arning.pdf 3.85 MB Close viewer /islandora/object/uuid:9995ee5b-0a02-493b-91ae-02eeb29153ad/datastream/OBJ/view