Abstract
Cyberattacks can cause a severe impact on power systems unless detected early. However, accurate and timely detection in critical infrastructure systems presents challenges, e.g., due to zero-day vulnerability exploitations and the cyber-physical nature of the system coupled with the need for high reliability and resilience of the physical system. Conventional rule-based and anomaly-based intrusion detection system (IDS) tools are insufficient for detecting zero-day cyber intrusions in the industrial control system (ICS) networks. Hence, in this work, we show that fusing information from multiple data sources can help identify cyber-induced incidents and reduce false positives. Specifically, we present how to recognize and address the barriers that can prevent the accurate use of multiple data sources for fusion-based detection. We perform multi-source data fusion for training IDS in a cyber-physical power system testbed where we collect cyber and physical side data from multiple sensors emulating real-world data sources that would be found in a utility and synthesizes these into features for algorithms to detect intrusions. Results are presented using the proposed data fusion application to infer False Data and Command injection-based Man-in- The-Middle (MiTM) attacks. Post collection, the data fusion application uses time-synchronized merge and extracts features followed by pre-processing such as imputation and encoding before training supervised, semi-supervised, and unsupervised learning models to evaluate the performance of the IDS. A major finding is the improvement of detection accuracy by fusion of features from cyber, security, and physical domains. Additionally, we observed the co-training technique performs at par with supervised learning methods when fed with our features.
Highlights
Multi-sensor data fusion is a widely-known research area adopted in many sectors, including military, medical science, finance, and energy
Comparison of the performance of the clustering techniques based on different metrics
The results find that classifier performance improves on an average of 15- 20% when cyber
Summary
Multi-sensor data fusion is a widely-known research area adopted in many sectors, including military, medical science, finance, and energy. Sensor verification based on multisource multi-domain measurement collection and fusion can be performed to solve such problems, and it is a valuable mechanism for detection and detailed forensics of cyber intrusions targeting physical impact. Work in this paper are the following: 1) A cyber-physical intrusion detection solution is proposed based on a data-driven hybrid information fusion algorithm that leverages real-time data from cyber and power-based sensors. Cymbiote [50] multi-source sensor fusion platform is similar to this work, that have leveraged fusion from multiple cyber and physical streams and trained with only supervised learning-based IDS. Creating multi-domain datasets to advance the research is a challenging task since it requires the development of a cyber-physical testbed that processes real-time traffic from different simulators, emulators, hardware, and software. DATA FUSION ARCHITECTURE Before discussing the data fusion procedures, it is essential to understand the architecture of the RESLab testbed that is producing the data during emulation of the system under study
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
