Power-grid controller anomaly detection with enhanced temporal deep learning

Zecheng He, Aswin Raghavan, Guangyuan Hu, Sek Chai, Ruby Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Scopus citations

Abstract

Controllers of security-critical cyber-physical systems, like the power grid, are a very important class of computer systems. Attacks against the control code of a power-grid system, especially zero-day attacks, can be catastrophic. Earlier detection of the anomalies can prevent further damage. However, detecting zero-day attacks is extremely challenging because they have no known code and have unknown behavior. Furthermore, if data collected from the controller is transferred to a server through networks for analysis and detection of anomalous behavior, this creates a very large attack surface and also delays detection. In order to address this problem, we propose Reconstruction Error Distribution (RED) of Hardware Performance Counters (HPCs), and a data-driven defense system based on it. Specifically, we first train a temporal deep learning model, using only normal HPC readings from legitimate processes that run daily in these power-grid systems, to model the normal behavior of the power-grid controller. Then, we run this model using real-time data from commonly available HPCs. We use the proposed RED to enhance the temporal deep learning detection of anomalous behavior, by estimating distribution deviations from the normal behavior with an effective statistical test. Experimental results on a real power-grid controller show that we can detect anomalous behavior with high accuracy (>99.9%), nearly zero false positives and short (<360ms) latency.

Original languageEnglish (US)
Title of host publicationProceedings - 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering, TrustCom/BigDataSE 2019
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages160-167
Number of pages8
ISBN (Electronic)9781728127767
DOIs
StatePublished - Aug 2019
Event18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering, TrustCom/BigDataSE 2019 - Rotorua, New Zealand
Duration: Aug 5 2019Aug 8 2019

Publication series

NameProceedings - 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering, TrustCom/BigDataSE 2019

Conference

Conference18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering, TrustCom/BigDataSE 2019
CountryNew Zealand
CityRotorua
Period8/5/198/8/19

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Software
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality
  • Artificial Intelligence

Keywords

  • Hardware Performance Counter
  • Kolmogorov-Smirnov test
  • LSTM
  • Programmable Logic Controller

Fingerprint Dive into the research topics of 'Power-grid controller anomaly detection with enhanced temporal deep learning'. Together they form a unique fingerprint.

  • Cite this

    He, Z., Raghavan, A., Hu, G., Chai, S., & Lee, R. (2019). Power-grid controller anomaly detection with enhanced temporal deep learning. In Proceedings - 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering, TrustCom/BigDataSE 2019 (pp. 160-167). [8887367] (Proceedings - 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering, TrustCom/BigDataSE 2019). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/TrustCom/BigDataSE.2019.00030