Title | Ransomware Detection Using Deep Learning in the SCADA System of Electric Vehicle Charging Station |
Publication Type | Conference Paper |
Year of Publication | 2021 |
Authors | Basnet, Manoj, Poudyal, Subash, Ali, Mohd. Hasan, Dasgupta, Dipankar |
Conference Name | 2021 IEEE PES Innovative Smart Grid Technologies Conference - Latin America (ISGT Latin America) |
Date Published | sep |
Keywords | CNN, compositionality, Cyber-physical security, Deep Learning, denial-of-service attack, DNN, electric vehicle charging, EVSE, Human Behavior, Internet of Things, LSTM, pubcrawl, ransomware, resilience, Resiliency, RNN, SCADA, SCADA systems, SCADA Systems Security, Smart grids |
Abstract | The Supervisory control and data acquisition (SCADA) systems have been continuously leveraging the evolution of network architecture, communication protocols, next-generation communication techniques (5G, 6G, Wi-Fi 6), and the internet of things (IoT). However, SCADA system has become the most profitable and alluring target for ransomware attackers. This paper proposes the deep learning-based novel ransomware detection framework in the SCADA controlled electric vehicle charging station (EVCS) with the performance analysis of three deep learning algorithms, namely deep neural network (DNN), 1D convolution neural network (CNN), and long short-term memory (LSTM) recurrent neural network. All three-deep learning-based simulated frameworks achieve around 97% average accuracy (ACC), more than 98% of the average area under the curve (AUC) and an average F1-score under 10-fold stratified cross-validation with an average false alarm rate (FAR) less than 1.88%. Ransomware driven distributed denial of service (DDoS) attack tends to shift the state of charge (SOC) profile by exceeding the SOC control thresholds. Also, ransomware driven false data injection (FDI) attack has the potential to damage the entire BES or physical system by manipulating the SOC control thresholds. It's a design choice and optimization issue that a deep learning algorithm can deploy based on the tradeoffs between performance metrics. |
DOI | 10.1109/ISGTLatinAmerica52371.2021.9543031 |
Citation Key | basnet_ransomware_2021 |