Power-Grid Controller Anomaly Detection with Enhanced Temporal Deep Learning
Zecheng He, Aswin Raghavan, Guangyuan Hu, Sek Chai, Ruby Lee
TL;DR
This paper introduces a novel deep learning-based method using Reconstruction Error Distribution of Hardware Performance Counters to detect zero-day attacks on power-grid controllers with high accuracy and minimal false positives.
Contribution
It proposes a new anomaly detection approach combining RED and temporal deep learning trained solely on normal data for real-time power-grid controller security.
Findings
Detects anomalies with over 99.9% accuracy
Achieves nearly zero false positives
Provides detection latency under 360 milliseconds
Abstract
Controllers of security-critical cyber-physical systems, like the power grid, are a very important class of computer systems. Attacks against the control code of a power-grid system, especially zero-day attacks, can be catastrophic. Earlier detection of the anomalies can prevent further damage. However, detecting zero-day attacks is extremely challenging because they have no known code and have unknown behavior. Furthermore, if data collected from the controller is transferred to a server through networks for analysis and detection of anomalous behavior, this creates a very large attack surface and also delays detection. In order to address this problem, we propose Reconstruction Error Distribution (RED) of Hardware Performance Counters (HPCs), and a data-driven defense system based on it. Specifically, we first train a temporal deep learning model, using only normal HPC readings from…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection · Smart Grid Security and Resilience · Anomaly Detection Techniques and Applications