An Anomaly Detection Method of Time Series Data for Cyber-Physical Integrated Energy System Based on Time-Frequency Feature Prediction

Abstract

An integrated energy system (IES) is vulnerable to network attacks due to the coupling features of multi-energy systems, as well as the deep integration between a physical system and an information system. The anomaly detection of the time-series data in an IES is a key problem to defend against network attacks and ensure the cyber-physical security of IES. Aiming at false data injection attacks (FDIAs) on IES, this paper proposes an anomaly detection method for time-series data in a cyber-physical integrated energy system based on time-frequency feature prediction. The time-frequency features of the time-series data are extracted based on three time-frequency transform methods (DWT, EMD, and EWT). Then the extracted time-frequency features are input to the autoencoder (AE) to capture the hidden features and nonlinear structure of the original data in the frequency domain. The time-domain data within the detected time period are predicted by applying regression prediction on the top-layer features of AE. Considering the uncertainty of regression prediction, kernel density estimation (KDE) is used to estimate the probability density function of prediction error and the interval of the predicted data is estimated accordingly. The estimated lower boundary value of the predicted data is selected as the attack judgment threshold for anomaly detection. The results of the case study verify the advantages of the proposed method in reducing the false positive rate and improving the anomaly detection accuracy.