Anomaly Detection and Mitigation in Cyber-Physical Power Systems Based on Hybrid Deep Learning and Attack Graphs

Abstract

Digitalization is paving the way toward enhanced power grid operational capabilities and intelligence. The increased digitalization, however, also implies a greater risk of cyber vulnerabilities and threats. Therefore, various power systems facets such as transmission and distribution systems, digital substations, control centers, and wide-area communication networks are vulnerable to cyber-attacks. The most notable cyber-attacks on power grids are the twin attacks on the Ukrainian power grid in 2015 and 2016. These incidents clearly highlighted that cyber-attacks on power grids are an imminent threat that needs to be addressed. Keeping this in mind, this chapter provides essential knowledge of cyber-attack mitigation for cyber-physical power systems, i.e., secure communication protocols for operational technologies, penetration testing using cyber ranges and cyber-physical co-simulation, security controls, and intrusion detection and prevention systems. Among the wide-scope mitigation, artificial intelligence is highlighted as an emerging solution. This chapter presents how hybrid deep learning based on graph convolutional long short-term memory is used for anomaly detection in power system operational technology (OT) networks. Unlike traditional signature and supervised learning-based intrusion detection, the hybrid deep learning anomaly detection utilizes the OT traffic throughput. It takes advantage of the OT traffic’s deterministic and homogenous characteristics to provide a robust and flexible anomaly detection for a wide scope of cyber-attacks. The traffic anomalies are incorporated into an attack graph that aids power system operators identify and localize anomalies of active attacks on power systems in near real time. Cyber-attack case studies and cyber-physical co-simulation results are provided to demonstrate the efficiency of hybrid deep learning for anomaly detection.