Abstract
Existing coordinated cyber-attack detection methods have low detection accuracy and efficiency and poor generalization ability due to difficulties dealing with unbalanced attack data samples, high data dimensionality, and noisy data sets. This paper proposes a model for cyber and physical data fusion using a data link for detecting attacks on a Cyber–Physical Power System (CPPS). The two-step principal component analysis (PCA) is used for classifying the system’s operating status. An adaptive synthetic sampling algorithm is used to reduce the imbalance in the categories’ samples. The loss function is improved according to the feature intensity difference of the attack event, and an integrated classifier is established using a classification algorithm based on the cost-sensitive gradient boosting decision tree (CS-GBDT). The simulation results show that the proposed method provides higher accuracy, recall, and F-Score than comparable algorithms.
Highlights
In recent years, a new type of coordinated cyber-physical attack has caused blackouts of the power grid and disrupted power systems
We propose using the CS function to improve the gradient boosting decision tree (GBDT) (Sakhnovich, 2011; Liao et al, 2016)
The detection accuracy for the Distributed denial of service (DDOS) blocking attack (S2) is 98%, that of the data injection attack (S3) is 96%, that of the protection device parameter tampering attack (S4) is 97%, that of the normal operation (S1) is 99%, and that of the fault operation (S5) is 98%. These results demonstrate that the proposed coordinated cyber-attack detection model accurately detects coordinated attack events on the network and distinguishes attack states from the fault operation state, with a maximum false-positive rate of only 4%
Summary
A new type of coordinated cyber-physical attack has caused blackouts of the power grid and disrupted power systems. Data Link of the Operating State of the Physical Power Grid Data Link of the Operating State of the Cyber Network A clustering algorithm is used to classify the state data link, and a feature set is obtained under different operating conditions.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
