Cyber-Attack Detection Using Principal Component Analysis and Noisy Clustering Algorithms: A Collaborative Machine Learning-Based Framework

Abstract

This paper proposes a collaborative machine learning-based framework to detect cyber-attacks in a power system, leading to deviation in the state variable behavior. Based on the proposed architecture, three different machine learning-based methods, i.e., visualization, classification, and clustering, are employed and compared to find the best one in the FDIA detection process. To this end, pre-processing is employed in the first stage. In the second stage, the patterns of the state vectors are transferred into features. Hence, 24 statistical features, including measures of central tendency, variability, measures of shape, and position, are extracted to find various properties. Then, in the third stage, a supervised algorithm is employed to rank and find the most crucial features in FDIA. In the fourth stage, an unsupervised dimensionality reduction technique (PCA) is applied to reduce the feature space. In the fifth and last stage, visualization, classification, and clustering-based methods are developed to detect FDIA. To simulate an attack, it is assumed that an intruder decreases or increases the state vectors at different buses with various attack parameters (i.e., 0.90, 0.95, 0.96, 0.97, 0.98, 1, 1.02, 1.03, 1.04, 1.05, and 1.10). The proposed method effectiveness is assessed on the New York Independent System Operator (NYISO) data applied to the IEEE 14-bus system. The results presented in the paper from different scenarios (i.e., phase angle ( <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\theta $ </tex-math></inline-formula> ), voltage magnitude ( <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$V_{m}$ </tex-math></inline-formula> ), measurements, and multiple attacks) on a real-world dataset demonstrate that the collaborative optimized PCA-Density-based machine learning technique can detect most of the attack samples with good performance scores (i.e., recall, precision, F1) and outperforms the other investigated methods. Moreover, it is general and adaptable enough to cover the situation where either the system characteristics or the attack behavior changes.