Title: On the detection of cyber-events in the grid using PCA

Authors: Nathan Wallace; Travis Atkison

Addresses: Cybirical, Mandeville, Louisiana, USA ' Department of Computer Science, University of Alabama, Tuscaloosa, Alabama, USA

Abstract: The emergence of cyber systems to the realm of physical control is currently being seen in the control environment of the critical infrastructure power grid. This research describes a possible way of detecting cyber-events including malicious intrusions. Specifically, the intrusion this work examines is data manipulation or data injection. The detection mechanism used is based on information retrieval and feature identification methods. Principal component analysis, a type of feature identification method, is used to transform each observed power system instance into a new dimensional space. In this new space, detection metric is created based on the Hotelling T² value along with a probabilistic metric to classify instances that may contain malicious activity. An experimental trusted model is derived based on a pseudo-random Monte Carlo simulation of the Newton-Raphson method for a 5-bus power system.

Keywords: SCADA systems; data security; power system simulation; principal component analysis; Hotelling T²; industrial control systems; data mining; cyber-event detection; Newton-Raphson method; feature identification.

DOI: 10.1504/IJCIS.2017.088228

International Journal of Critical Infrastructures, 2017 Vol.13 No.2/3, pp.96 - 112

Received: 23 Aug 2016
Accepted: 20 Nov 2016
Published online: 30 Nov 2017 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article