Cybersecurity of smart grids: Comparison of machine learning approaches training for anomaly detection

Objectives. The transformation of modern electric grids into decentralized smart grids presents new challenges in the field of cybersecurity. The purpose of this work is to conduct research and analysis into the effectiveness of different machine-learning methods for identifying anomalies in decentralized smart networks, including cyberattacks and emergency modes, as well as to develop recommendations on the optimal combination of these methods for ensuring effective cybersecurity under conditions of changing electrical loads.

Methods. We consider several machine learning methods for identifying anomalies in power systems that simulate network behavior under conditions of cyberattacks and emergency modes. The relative effectiveness of such methods as multifractal analysis using wavelets, the Isolation Forest model, local outlier factor (LOF), k-means clustering, and one-class support vector machine (One-Class SVM), is analyzed.

Results. The comparison of machine learning methods reveals the varying effectiveness of anomaly detection methods used to detect cyber threats and deviations in electrical systems. Isolation Forest is best at detecting abrupt changes related to cyberattacks with high accuracy and a minimum of false positives. While LOF can also be effective in detecting cyberattacks, its increased sensitivity to minor deviations increases the number of false positives. K-means and One-Class SVMs are less effective in detecting abrupt anomalies but are useful for general clustering of data and detecting both abrupt and smooth changes, respectively.

Conclusions. The obtained research results indicate the advantages of using a combination of machine learning algorithms to ensure the reliable protection of smart networks from cyberattacks taking into account the nature of the electrical load.

1. Ihsanov I.I. Security in the electric power industry: current threats and protective measures. In: Youth and Knowledge – Guarantee of Success – 2023: Collection of Scientific Articles of the 10th International Youth Scientific Conference. Kursk, September 19–20, 2023. Kursk: Universitetskaya kniga; 2023. V. 2. Р. 472–474 (in Russ.). URL: https://elibrary.ru/tfyddx

2. Papkov B.V., Osokin L.V., Kuchin N.N. Cyber security of distribution facilities electrical networks. Sel’skii mekhanizator = Selskiy Mechanizator. 2024;5:3–7 (in Russ.). Available from URL: https://elibrary.ru/tfmvhi

3. Kolosok I.N., Korkina E.S. Analysis of cybersecurity of power facilities taking into account the mechanism and kinetics of undesirable processes. Energetik. 2024;2:3–8 (in Russ.). http://doi.org/10.34831/EP.2024.60.27.001, available from URL: https://elibrary.ru/ecxvjp

4. Abdrakhmanov I.I. Dangers and threats to cybersecurity in the electric power industry: analysis of modern threats and protection mechanisms. Nauchnyi Aspekt. 2024;31(3):3970–3973 (in Russ.). Available from URL: https://elibrary.ru/lrouni

5. Gurina L.A. Assessment of cyber resilience of the operational dispatch control system of EPS. Voprosy kiberbezopasnosti = Cybersecurity Issues. 2022;3(49):23–31 (in Russ.). Available from URL: https://elibrary.ru/sapiyh

6. Smetanin D.I. Studying the structure of the System for detecting and countering attacks of ransomware viruses based on Endpoint Detection and Response. In: Topical Issues of Modern Science: Collection of articles of the 7th International Scientific and Practical Conference: in 2 v. Penza: Nauka i Prosveshchenie; 2023. V. 1. Р. 60–64 (in Russ.). Available from URL: https://elibrary.ru/vuvfpa

7. Lezhnyuk P.D., Rubanenko A.E., Kazmiruk O.I. Optimal control of normal modes of the EES, taking into account the technical condition of transformers with RPN. Nauchnye trudy Vinnitskogo natsional’nogo tekhnicheskogo universiteta = Scientific Works of Vinnytsia National Technical University. 2012;4:2 (in Russ.). Available from URL: https://elibrary.ru/pyqugn

8. Kopylova V.V., Parkachev K.N., Tiguntsev S.G. Transformer with thyristor on-load RPN changers. Elektrooborudovanie: ekspluatatsiya i remont. 2019;12:35–39 (in Russ.). Available from URL: https://elibrary.ru/vgfudv

9. Arzhannikov B.A., Baeva I.A., Tarasovskii T.S. Thyristor devices for voltage regulation of transformers under load RPN. Transport Aziatsko-Tikhookeanskogo regiona = Transport of the Asia-Pacific Region. 2020;4(25):32–38 (in Russ.). Available from URL: https://elibrary.ru/lxmknj

10. Ragozin A.N. Forming a forecast of multicomponent time series of data using digital filtering methods and a predictive auto-encoder in order to detect anomalies in the operation of automated process control systems under the influence of cyberattacks. Vestnik UrFO. Bezopasnost’ v informatsionnoi sfere = Journal of the Ural Federal District. Information Security. 2021;2(40):44–58 (in Russ.). https://doi.org/10.14529/secur210205, available from URL: https://elibrary.ru/khwhfq

11. Pletenkova A.D. Detection of anomalies caused by cyber attacks in the observed processes of automated control systems using a self-organizing Kohonen map. In: Security of the Information Space: Proceedings of the 22nd All-Russian Scientific and Practical Conference of Students, Postgraduates and Young Scientists. Chelyabinsk, November 30, 2023. Chelyabinsk: SUSU Publishing Center; 2024. Р. 267–274 (in Russ.). Available from URL: https://www.elibrary.ru/ctpuyj

12. Bukharev D.A., Sokolov A.N., Ragozin A.N. Application of hierarchical cluster analysis for clustering data of ICS information processes affected by cyberattacks. Vestnik UrFO. Bezopasnost’ v informatsionnoi sfere = Journal of the Ural Federal District. Information Security. 2023;1(47):59–68 (in Russ.). https://doi.org/10.14529/secur230106, available from URL: https://elibrary.ru/fycuhe

13. Asyaev G.D., Sokolov A.N. Predictive information protection models of automated water management system based on the series using machine learning technologies. Vestnik UrFO. Bezopasnost’ v informatsionnoi sfere = Journal of the Ural Federal District. Information Security. 2021;4(42):39–45 (in Russ.). Available from URL: https://doi.org/10.14529/secur210404, https://elibrary.ru/yjkbtz

14. Sokolov A.N., Ragozin A.N., Barinov A.E., et al. Development of models and methods for early detection of cyber attacks on energy facilities of a metallurgical enterprise. Vestnik UrFO. Bezopasnost’ v informatsionnoi sfere = Journal of the Ural Federal District. Information Security. 2021;3(41):65–87 (in Russ.). https://doi.org/10.14529/secur210308, available from URL: https://elibrary.ru/kzggpj

15. Shtyrkina A.A., Zegzhda P.D., Lavrova D.S. Detection of anomalies in the traffic of Internet backbone networks using multifractal analysis. Metody i Tekhnicheskie Sredstva Obespecheniya Bezopasnosti Informatsii. 2018;27:14–15 (in Russ.). Available from URL: https://elibrary.ru/ypuxqd

16. Basarab M.A., Stroganov I.S. Anomaly detection in information processes based on multifractal analysis. Voprosy kiberbezopasnosti. 2014;4(7):30–40 (in Russ.). Available from URL: https://elibrary.ru/tcssen

17. Zegzhda P.D., Lavrova D.S., Shtyrkina A.A. Multifractal analysis of backbone network traffic for denial of service attacks detection. Problemy informatsionnoi bezopasnosti. Komp’yuternye sistemy = Information Security Problems. Computer Systems. 2018;2:48–58 (in Russ.). Available from URL: https://elibrary.ru/xtktfz

18. Liu F.T., Ting K.M., Zhou Z.-H. Isolation Forest. In: Proceedings of the 2008 IEEE International Conference on Data Mining. IEEE; 2008. P. 413–422. https://doi.org/10.1109/ICDM.2008.17

19. Breunig M.M., Kriegel H.-P., Ng R.T., Sander J. LOF: Identifying Density-based Local Outliers. In: Proceedings of the 2000 ACM SIGMOD International Conference on Management of Data 2000. Р. 93–104. https://doi.org/10.1145/342009.335388

20. Steinhaus H. Sur la division des corps materiels en parties. Bull. Acad. Polon. Sci. 1966;4(12):801–804 (in French.).

21. Oliveri P. Class-modelling in food analytical chemistry: Development, sampling, optimisation and validation issues – A tutorial. Analytica Chimica Acta. 2017;982:9–19. https://doi.org/10.1016/j.aca.2017.05.013, hdl:11567/881059. PMID 28734370.