Forecasting intrusion in critical power systems infrastructure using Advanced Autoregressive Moving Average (AARMA) based intrusion detection for efficacious alert system

Document Type : Article

Authors

Department of Electrical Engineering Sardar Vallabhbhai National Institute of Technology, Surat, Gujarat, India-395007

Abstract

Cyber intrusions into critical infrastructure inflict economic and physical damage. Extensive research is needed to identify and mitigate intrusions in power grid infrastructure. The modern solution is to use a data science time-series approach to identify the intrusion based on the electric grid data collected from the sensors. This paper addresses the new vision of the data science time-series modelling approach to integrate it with the existing power system security system. In this paper, the Advanced Autoregressive Moving Average (AARMA) model is designed to detect the possible intrusion of the given data set. An attack forecast is a model to predict possible cyber intrusions using real-time data input from sensors. By investigating the statistical properties of the sensors’ data set, intrusion detection is possible with a high accuracy of about 90%. Using AARMA, the operators have the benefit of an effective alert system to adjust their configuration and other resource allocation to tackle intrusions with low impact. MATLAB software is used to monitor the IEEE 9-bus and IEEE 33-bus test system against possible cyber-attacks using the proposed AARMA model.

Keywords

References

References:
1. Ling, E., Lagerstrom, R., and Ekstedt, M. "A systematic literature review of information sources for threat modeling in the power systems domain", In International Conference on Critical Information Infrastructures Security, Springer (2020). DOI: 10.1007/978-3- 030-58295-1 4.
2. Shojaei Berjouei, A., Moallem, M., and Manshaei, M.J.S.I. "A holistic day-ahead distributed energy management approach", Equilibrium Selection for Customer's Game, 27(3), pp. 1437-1449 (2020). DOI: 10.24200/sci.2018.20825.
3. Bilal, M. and Rizwan, M. "Intelligent algorithm based efficient planning of electric vehicle charging station: A case study of metropolitan city of India", Scientia Iranica, 30(2), pp. 559-576 (2023). DOI: 10.24200/SCI.2021.57433.5238.
4. Baidya, S., Potdar, V., Ray, P.P., et al. "Reviewing the opportunities, challenges, and future directions for the digitalization of energy", Energy Research and Social Science, 81, 102243 (2021). DOI: 10.1016/j.erss.2021.102243.
5. Prasad, G., Huo, Y., Lampe, L., et al. "Machine learning based physical-layer intrusion detection and location for the smart grid". In IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGrid- Comm), pp. 1-6., IEEE (2019). DOI: 10.1109/Smart- GridComm.2019.8909779.
6. Sun, C.C., Cardenas, D.J.S., Hahn, A., et al. "Intrusion detection for cybersecurity of smart meters", IEEE Transactions on Smart Grid, 12(1), pp. 612-622 (2021). DOI: 10.1109/TSG.2020.3010230.
7. Kotsiopoulos, T., Sarigiannidis, P., Ioannidis, D., et al. "Machine learning and deep learning in smart manufacturing: The smart grid paradigm", Computer Science Review, 40, 100341 (2021). DOI: 10.1016/j.cosrev.2021.100341.
8. Fadlullah, Z.M. and Fouda, M.M. "Combating intrusions in smart grid: Practical defense and forecasting approaches", In Combating Security Challenges in the Age of Big Data, Springer. pp. 215-235 (2020). DOI: 10.1007/978-3-030-38919-2 11.
9. You, J., Lv, S., Hao, Y., et al. "Characterizing internet-scale ics automated attacks through longterm honeypot data". In International Conference on Information and Communications Security, pp. 71- 88. Springer, Cham (2019). DOI: 10.1007/978-3-030- 20213-2 5.
10. Zhang, G. Peter. "Time series forecasting using a hybrid ARIMA and neural network model", Neurocomputing, 50, pp. 159-175 (2003). DOI: 10.1016/S0925- 2312(01)00702-0.
11. Xia, H., Zhang, S.S., Li, Y., et al. "An attackresistant trust inference model for securing routing in vehicular ad hoc networks", IEEE Transactions on Vehicular Technology, 68(7), pp. 7108-7120 (2019). DOI: 10.1109/TVT.2019.2914691.
12. Karimipour, H., Dehghantanha, A., Parizi, R.M., et al. "A deep and scalable unsupervised machine learning system for cyber-attack detection in large-scale smart grids", IEEE Access, 7, pp. 80778-80788 (2019). DOI: 10.1109/ACCESS.2019.2922842.
13. Gamage, S., and Samarabandu, J. "Deep learning methods in network intrusion detection", A Survey and an Objective Comparison, 169, p. 102767 (2020). DOI: 10.1016/j.jnca.2020.102767.
14. Zhang, Y., Jin, S., Cui, X., et al. "Network security situation prediction based on BP and RBF neural network", In International Conference on Trustworthy Computing and Services, pp. 659-665, Springer, Berlin, Heidelberg (2012). DOI: 10.1007/978-3-642- 35407-4 88.
15. Zeng, J., Wu, S., Chen, Y. et al. "Survey of attack graph analysis methods from the perspective of data and knowledge processing", Security and Communication Networks, 1 (2019). DOI: 10.1155/2019/7036929.
16. Cao, P., Badger, E., Kalbarczyk, Z., et al. "Preemptive intrusion detection: Theoretical framework and realworld measurements", In Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, pp. 1-12 (2015). DOI: 10.1145/2746194.2746203.
17. Wang, Z., Xu, S., Xu, G., et al. "Game theoretical method for anomaly-based intrusion detection", Security and Communication Networks, 8824163 (2020). DOI: 10.1155/2020/8103646.
18. Lisy, V., Pbil, R., Stiborek, J., et al. "Gametheoretic approach to adversarial plan recognition". In ECAI 2012, pp. 546-551 IOS Press (2015). DOI: 10.3233/978-1-61499-098-7-546.
19. Babic, I., Cabarkapa, A., Nikolic, M., et al. "Triple modular redundancy optimization for threshold determination in intrusion detection systems", Symmetry, 13(4), p. 557 (2021). DOI: 10.3390/sym13040557.
20. Silva, A., Pontes, E., Zhou, F., et al. "PRBS/EWMA based model for predicting burst attacks (Brute Froce, DoS) in computer networks", In Ninth International Conference on Digital Information Management (ICDIM 2014), pp. 194-200 (2014). DOI: 10.1109/ICDIM.2014.6991414.
21. Thakkar, A. and Lohiya, R.J.A.I.R. "A survey on intrusion detection system: feature selection, model, performance measures", Application Perspective, Challenges, and Future Research Directions, pp. 1-111 (2021). DOI: 10.1007/s10462-021-09995-4.
22. Zhan, Z., Xu, M., and Xu, S. "Predicting cyber attack rates with extreme values", IEEE Transactions on Information Forensics and Security, 10(8), pp. 1666- 1677 (2015). DOI: 10.1109/TIFS.2015.2415733.
23. Werner, G., Yang, S., and McConky, K. "Time series forecasting of cyber attack intensity", In Proceedings of the 12th Annual Conference on Cyber and Information Security Research (2017). DOI: 10.1145/3064814.3064818.
24. Goyal, P., Hossain, K.S.M., Deb, A., et al. "Discovering signals from web sources to predict cyber attacks", arXiv preprint arXiv:1806.03342 (2018). DOI: 10.48550/arXiv.1806.03342.
25. Krakovsky, Y.M., Luzgin, A.N., and Ivanyo, Y.M. "Cyberattack intensity forecasting on informatization objects of critical infrastructures", In IOP Conference Series: Materials Science and Engineering, 481(1) (2019). DOI: 10.1088/1757-899X/481/1/012038.
26. Rege, A., Obradovic, Z., Asadi, N., et al. "Predicting adversarial cyber-intrusion stages using autoregressive neural networks", IEEE Intelligent Systems, 33(2), pp. 29-39 (2018). DOI: 10.1109/MIS.2018.022441127.
27. Maheshwari, V., Bhatia, A., and Kumar, K., "Faster detection and prediction of DDoS attacks using MapReduce and time series analysis", In International Conference on Information Networking (ICOIN), IEEE (2018). DOI: 10.1109/ICOIN.2018.8343104.
28. Okutan, A., Yang, S.J., and McConky, K. "Forecasting cyber attacks with imbalanced data sets and different time granularities", arXiv preprint arXiv:1803.09560 (2018). DOI: 10.48550/arXiv.1803.09560.
29. Nguyen, H.V., Naeem, M.A., Wichitaksorn, N., et al. "A smart system for short-term price prediction using time series models", Computers and Electrical Engineering, 76, pp. 339-352 (2019). DOI: 10.1016/j.compeleceng.2019.04.004.
30. Holgado, P., Villagra, V.A., and Vazquez, L. "Realtime multistep attack prediction based on hidden markov models", IEEE Transactions on Dependable and Secure Computing, pp. 134-147 (2017). DOI: 10.1109/TDSC.2016.2559819.
31. Model, A., Mixed Auto-Regressive Moving Average Model-ARMA (p,q), A Presentation by Stephanie Boggs Home University- Jackson State University Program Site- Salisbury University (2019).
32. Singh, N.K., Gupta, P.K., and Mahajan, V. "Intrusion Detection in Wireless Network of Smart Grid Using Intelligent Trust-Weight Method", Smart Science, 8(3), pp. 152-162 (2020). DOI: 10.1080/23080477.2020.1720686.
33. Huang, D. and Guo, L. "Estimation of nonstationary ARMAX models based on the Hannan-Rissanen method", The Annals of Statistics, pp. 1729-1756 (2019). DOI: 10.1214/19-AOS1854.
34. Husak, M., Komrkova, J., Bou-Harb, E., et al. "Survey of attack projection, prediction, and forecasting in cyber security", IEEE Communications Surveys and Tutorials, 21(1), pp. 640-660 (2018). DOI: 10.1109/COMST.2018.2868735.
35. WANG, H., LU, S., and WANG, Y., "Intrusion prediction algorithm based on correlation attack graph", Computer Engineering, 7, p. 23 (2018). 
36. Polatidis, N., Pimenidis, E., Pavlidis, M., et al. "From product recommendation to cyber-attack prediction: Generating attack graphs and predicting future attacks", Evolving Systems, 11(3), pp. 479-490 (2020). DOI: 10.1007/s12530-019-09273-y.
37. Osarumwense, A.S. and Osayamen, O.K. "A distributed denial of service attack with IP information prediction model based on bayesian belief network". 
38. Abaid, Z., Sarkar, D., Kaafar, M.A., et al. "The early bird gets the botnet: A markov chain based early warning system for botnet attacks", In IEEE 41st Conference on Local Computer Networks (LCN), IEEE, pp. 61-68 (2016). DOI: 10.1109/LCN.2016.11.
39. Do, C.T., Tran, N.H., Hong, C., et al. "Game theory for cyber security and privacy", ACM Computing Surveys (CSUR), 50(2), pp. 1-37 (2017). DOI: 10.1145/3057268.
40. Sedjelmaci, H., Senouci, S.M., and Bouali, T. "Predict and prevent from misbehaving intruders in heterogeneous vehicular networks", Vehicular Communications, 10, pp. 74-83 (2017). DOI: 10.1016/j.vehcom.2017.11.001.
41. Lavrova, D., Zegzhda, D., and Yarmak, A. "Using GRU neural network for cyber-attack detection in automated process control systems", In IEEE International Black Sea Conference on Communications and Networking (BlackSeaCom) IEEE, (2019). DOI: 10.1109/BlackSeaCom.2019.8812761.
42. Ivanyo, Y., Krakovsky, Y., and Luzgin, A. "Interval forecasting of cyber-attacks on industrial control systems", MS&E, 327(2), p. 022044 (2018). DOI: 10.1088/1757-899X/327/2/022044.
43. Ahmed, A.A. and Mohammed, M.F. "SAIRF: A similarity approach for attack intention recognition using fuzzy min-max neural network", Journal of Computational Science, 25, pp. 467-473 (2018). DOI: 10.1016/j.jocs.2017.09.019.
44. GhasemiGol, M., Ghaemi-Bafghi, A., and Takabi, H., "A comprehensive approach for network attack forecasting", computers and security, 58, pp. 83-105 (2016). DOI: 10.1016/j.cose.2015.12.007.
45. Yusof, A.R.a., Udzir, N.I., and Selamat, A. "Systematic literature review and taxonomy for DDoS attack detection and prediction", International Journal of Digital Enterprise Technology, 1(3), pp. 292-315 (2019). DOI: 10.1504/IJDET.2019.104651.
Scientia Iranica
Volume 31, Issue 17
Transactions on Computer Science & Engineering and Electrical Engineering (D)
November and December 2024
Pages 1490-1503

Files

Share

How to cite

Statistics