Defense against Joint Poison and Evasion Attacks: A Case Study of DERMS

TL;DR

This paper introduces a novel intrusion detection system framework for DERMS that is robust against both poisoning and evasion cyberattacks, enhancing power grid security.

Contribution

It formulates a bilevel optimization approach to defend against joint poisoning and evasion attacks, a first in this context.

Findings

Outperforms baseline in accuracy, precision, and recall

Effective against diverse attack scenarios

Verified on IEEE-13 bus feeder model

Abstract

There is an upward trend of deploying distributed energy resource management systems (DERMS) to control modern power grids. However, DERMS controller communication lines are vulnerable to cyberattacks that could potentially impact operational reliability. While a data-driven intrusion detection system (IDS) can potentially thwart attacks during deployment, also known as the evasion attack, the training of the detection algorithm may be corrupted by adversarial data injected into the database, also known as the poisoning attack. In this paper, we propose the first framework of IDS that is robust against joint poisoning and evasion attacks. We formulate the defense mechanism as a bilevel optimization, where the inner and outer levels deal with attacks that occur during training time and testing time, respectively. We verify the robustness of our method on the IEEE-13 bus feeder model against a diverse set of poisoning and evasion attack scenarios. The results indicate that our proposed method outperforms the baseline technique in terms of accuracy, precision, and recall for intrusion detection.