Identification and classification for multiple cyber attacks in power grids based on the deep capsule CNN

Abstract

Cyber-attacks have become one of the main threats to the security, reliability, and economic operation of power systems. Detection and classification of multiple cyber-attacks pose challenges for ensuring the stability and security of power systems. To address this issue, this study proposes an automatic identification and classification method for multiple cyber-attacks based on the deep capsule convolution neural network. Spatial correlations among different nodes and temporal features from history operation status in the transmitted data packets are extracted by the convolution neural network. Capsules in the proposed structure have important implications for maintaining the topological consistency contained in the measurement matrix. Furthermore, the proposed method is model-free and avoids the impact of system parameters uncertainties on detection performance. Multiple kinds of typical cyber-attacks, including false data injection attacks, replay attacks, denial of service attacks, time-delay attacks, and deception attacks, are considered and modeled in this paper. Numerical results on the IEEE 39-bus test system show that the proposed method can achieve 99.97% detection accuracy on single cyber-attacks and 96.25% detection accuracy on multiple cyber-attacks. Comparative results illustrate the proposed method outperforms than traditional neural networks. This approach provides a solution for the problem of multiple cyber-attack detection and classification.