Visible to the public Detection of False Data Injection Attacks in Cyber-Physical Systems using Dynamic Invariants

TitleDetection of False Data Injection Attacks in Cyber-Physical Systems using Dynamic Invariants
Publication TypeConference Paper
Year of Publication2019
AuthorsNakayama, Kiyoshi, Muralidhar, Nikhil, Jin, Chenrui, Sharma, Ratnesh
Conference Name2019 18th IEEE International Conference On Machine Learning And Applications (ICMLA)
Keywordsadaptive filtering, adaptive robust thresholding, anomaly detection, bad data detection, Bayesian filtering, complex cyber-physical systems, Cyber-physical systems, data-driven functional relationships, data-driven temporal causal relationships, dynamic invariant network, False Data Detection, false data injection attack detection, false data injection attacks, G-KART, Granger causality based Kalman filter, graph theory, invariant graph, Jacobian matrices, Kalman filter, Kalman filters, learning (artificial intelligence), Meters, Metrics, National security, power engineering computing, Power measurement, power system, Power system dynamics, power system security, pubcrawl, Resiliency, Robust Estimation, Scalability, security of data, state estimation, traditional anomaly detection approaches
Abstract

Modern cyber-physical systems are increasingly complex and vulnerable to attacks like false data injection aimed at destabilizing and confusing the systems. We develop and evaluate an attack-detection framework aimed at learning a dynamic invariant network, data-driven temporal causal relationships between components of cyber-physical systems. We evaluate the relative performance in attack detection of the proposed model relative to traditional anomaly detection approaches. In this paper, we introduce Granger Causality based Kalman Filter with Adaptive Robust Thresholding (G-KART) as a framework for anomaly detection based on data-driven functional relationships between components in cyber-physical systems. In particular, we select power systems as a critical infrastructure with complex cyber-physical systems whose protection is an essential facet of national security. The system presented is capable of learning with or without network topology the task of detection of false data injection attacks in power systems. Kalman filters are used to learn and update the dynamic state of each component in the power system and in-turn monitor the component for malicious activity. The ego network for each node in the invariant graph is treated as an ensemble model of Kalman filters, each of which captures a subset of the node's interactions with other parts of the network. We finally also introduce an alerting mechanism to surface alerts about compromised nodes.

DOI10.1109/ICMLA.2019.00173
Citation Keynakayama_detection_2019