Inter-Domain Fusion for Enhanced Intrusion Detection in Power Systems: An Evidence Theoretic and Meta-Heuristic Approach

11/20/2021
by   Abhijeet Sahu, et al.
3

False alerts due to misconfigured/ compromised IDS in ICS networks can lead to severe economic and operational damage. To solve this problem, research has focused on leveraging deep learning techniques that help reduce false alerts. However, a shortcoming is that these works often require or implicitly assume the physical and cyber sensors to be trustworthy. Implicit trust of data is a major problem with using artificial intelligence or machine learning for CPS security, because during critical attack detection time they are more at risk, with greater likelihood and impact, of also being compromised. To address this shortcoming, the problem is reframed on how to make good decisions given uncertainty. Then, the decision is detection, and the uncertainty includes whether the data used for ML-based IDS is compromised. Thus, this work presents an approach for reducing false alerts in CPS power systems by dealing uncertainty without the knowledge of prior distribution of alerts. Specifically, an evidence theoretic based approach leveraging Dempster Shafer combination rules are proposed for reducing false alerts. A multi-hypothesis mass function model is designed that leverages probability scores obtained from various supervised-learning classifiers. Using this model, a location-cum-domain based fusion framework is proposed and evaluated with different combination rules, that fuse multiple evidence from inter-domain and intra-domain sensors. The approach is demonstrated in a cyber-physical power system testbed with Man-In-The-Middle attack emulation in a large-scale synthetic electric grid. For evaluating the performance, plausibility, belief, pignistic, etc. metrics as decision functions are considered. To improve the performance, a multi-objective based genetic algorithm is proposed for feature selection considering the decision metrics as the fitness function.

READ FULL TEXT

page 1

page 7

page 9

page 10

page 11

research
01/18/2021

Multi-Source Data Fusion for Cyberattack Detection in Power Systems

Cyberattacks can cause a severe impact on power systems unless detected ...
research
07/07/2019

Smart Grid Cyber Attacks Detection using Supervised Learning and Heuristic Feature Selection

False Data Injection (FDI) attacks are a common form of Cyber-attack tar...
research
12/27/2017

An empirical evaluation for the intrusion detection features based on machine learning and feature selection methods

Despite the great developments in information technology, particularly t...
research
06/16/2018

Attack Surface Metrics and Privilege-based Reduction Strategies for Cyber-Physical Systems

Cybersecurity risks are often managed by reducing the system's attack su...
research
05/16/2019

Building an Effective Intrusion Detection System using Unsupervised Feature Selection in Multi-objective Optimization Framework

Intrusion Detection Systems (IDS) are developed to protect the network b...
research
07/10/2023

False Sense of Security: Leveraging XAI to Analyze the Reasoning and True Performance of Context-less DGA Classifiers

The problem of revealing botnet activity through Domain Generation Algor...

Please sign up or login with your details

Forgot password? Click here to reset