Coordinated Cyber-Attack Detection Model of Cyber-Physical Power System Based on the Operating State Data Link

TL;DR

This paper introduces a novel cyber-attack detection model for cyber-physical power systems that fuses data, reduces dimensionality, balances samples, and employs a cost-sensitive classifier, achieving improved detection accuracy and robustness.

Contribution

It presents a new data fusion and classification approach combining PCA, an adaptive sampling method, and CS-GBDT for enhanced attack detection in CPPS.

Findings

Higher detection accuracy than existing methods

Improved recall and F-Score in simulations

Effective handling of unbalanced and noisy data

Abstract

Existing coordinated cyber-attack detection methods have low detection accuracy and efficiency and poor generalization ability due to difficulties dealing with unbalanced attack data samples, high data dimensionality, and noisy data sets. This paper proposes a model for cyber and physical data fusion using a data link for detecting attacks on a Cyber-Physical Power System (CPPS). Two-step principal component analysis (PCA) is used for classifying the system's operating status. An adaptive synthetic sampling algorithm is used to reduce the imbalance in the categories' samples. The loss function is improved according to the feature intensity difference of the attack event, and an integrated classifier is established using a classification algorithm based on the cost-sensitive gradient boosting decision tree (CS-GBDT). The simulation results show that the proposed method provides higher accuracy, recall, and F-Score than comparable algorithms.