Power grid network security: A lightweight detection model for composite false data injection attacks using spatiotemporal features

IF 4.1 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection Pub Date : 2024-06-29 DOI:10.1016/j.ijcip.2024.100697

Tianci Zhu , Jun Wang , Yonghai Zhu , Haoran Chen , Hang Zhang , Shanshan Yin

{"title":"Power grid network security: A lightweight detection model for composite false data injection attacks using spatiotemporal features","authors":"Tianci Zhu , Jun Wang , Yonghai Zhu , Haoran Chen , Hang Zhang , Shanshan Yin","doi":"10.1016/j.ijcip.2024.100697","DOIUrl":null,"url":null,"abstract":"<div><p>The stability of power systems is paramount to industrial operations. The deleterious inherent characteristics of false data injection attacks (FDIA) have drawn substantial interest due to their severe threats to power grids. Contemporary detection systems face numerous challenges as attackers employ various tactics, such as injecting complex elements into measurement data and formulating quick attack strategies against critical nodes and transmission lines in the power grid network topology. Conventional models often fail to adapt to the intricacies of practical situations because they focus predominantly on detecting individual components. To overcome the above predicaments, this paper proposes a lightweight detection model integrating deep separable convolutional layers, squeeze neural networks, and a bidirectional long short-term memory architecture named DSE-BiLSTM. The acquisition process of network topological characteristics is accomplished through variable graph attention autoencoder (VGAAE). This approach leverages the effectiveness of the graph convolution (GCN) layer to acquire each node’s topological feature and the graph attention (GAT) module to identify and extract the topological features of critical nodes. Furthermore, the topology information obtained by the both techniques is embedded in one-dimensional vector space in the same form as measurement data. By combining the output of VGAAE with meter measurements, the feature fusion of temporal and spatial modalities is realized. DSE-BiLSTM with optimal hyperparameters achieves an F1-score of 99.56% and a row accuracy (RACC) of 93.10% on the conventional dataset. The experimental results of FDIA detection with composite datasets of IEEE 14-bus and IEEE 118-bus systems show that the F1-score and RACC of DSE-BiLSTM remain above 84.51% and 83.56% under various attack strengths and noise levels. In addition, as the power grid network scales up, noise level’s effect on detection performance decreases, while attack strength’s effect on recognition capability increases. DSE-BiLSTM can effectively process the composite data of spatiotemporal multimodes and provides a feasible solution for the localization and detection of FDIA in realistic scenes.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"46 ","pages":"Article 100697"},"PeriodicalIF":4.1000,"publicationDate":"2024-06-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Critical Infrastructure Protection","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1874548224000386","RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

The stability of power systems is paramount to industrial operations. The deleterious inherent characteristics of false data injection attacks (FDIA) have drawn substantial interest due to their severe threats to power grids. Contemporary detection systems face numerous challenges as attackers employ various tactics, such as injecting complex elements into measurement data and formulating quick attack strategies against critical nodes and transmission lines in the power grid network topology. Conventional models often fail to adapt to the intricacies of practical situations because they focus predominantly on detecting individual components. To overcome the above predicaments, this paper proposes a lightweight detection model integrating deep separable convolutional layers, squeeze neural networks, and a bidirectional long short-term memory architecture named DSE-BiLSTM. The acquisition process of network topological characteristics is accomplished through variable graph attention autoencoder (VGAAE). This approach leverages the effectiveness of the graph convolution (GCN) layer to acquire each node’s topological feature and the graph attention (GAT) module to identify and extract the topological features of critical nodes. Furthermore, the topology information obtained by the both techniques is embedded in one-dimensional vector space in the same form as measurement data. By combining the output of VGAAE with meter measurements, the feature fusion of temporal and spatial modalities is realized. DSE-BiLSTM with optimal hyperparameters achieves an F1-score of 99.56% and a row accuracy (RACC) of 93.10% on the conventional dataset. The experimental results of FDIA detection with composite datasets of IEEE 14-bus and IEEE 118-bus systems show that the F1-score and RACC of DSE-BiLSTM remain above 84.51% and 83.56% under various attack strengths and noise levels. In addition, as the power grid network scales up, noise level’s effect on detection performance decreases, while attack strength’s effect on recognition capability increases. DSE-BiLSTM can effectively process the composite data of spatiotemporal multimodes and provides a feasible solution for the localization and detection of FDIA in realistic scenes.

查看原文本刊更多论文

电网网络安全：利用时空特征的复合虚假数据注入攻击轻量级检测模型

电力系统的稳定性对工业运行至关重要。由于虚假数据注入攻击（FDIA）对电网的严重威胁，其有害的固有特性引起了人们的极大兴趣。由于攻击者采用各种策略，如在测量数据中注入复杂元素，以及针对电网网络拓扑中的关键节点和输电线路制定快速攻击策略，因此当代的检测系统面临着诸多挑战。传统模型主要侧重于检测单个组件，因此往往无法适应错综复杂的实际情况。为了克服上述困境，本文提出了一种集成了深度可分离卷积层、挤压神经网络和双向长短期记忆架构的轻量级检测模型，命名为 DSE-BiLSTM。网络拓扑特征的获取过程是通过可变图注意力自动编码器（VGAAE）完成的。这种方法利用图卷积（GCN）层的有效性来获取每个节点的拓扑特征，并利用图注意（GAT）模块来识别和提取关键节点的拓扑特征。此外，这两种技术获得的拓扑信息都以与测量数据相同的形式嵌入到一维向量空间中。通过将 VGAAE 的输出与电表测量数据相结合，实现了时间和空间模式的特征融合。采用最佳超参数的 DSE-BiLSTM 在传统数据集上的 F1 分数达到 99.56%，行准确率（RACC）达到 93.10%。利用 IEEE 14-bus 和 IEEE 118-bus 系统的复合数据集进行 FDIA 检测的实验结果表明，在各种攻击强度和噪声水平下，DSE-BiLSTM 的 F1 分数和 RACC 均保持在 84.51% 和 83.56% 以上。此外，随着电网网络规模的扩大，噪声水平对检测性能的影响减小，而攻击强度对识别能力的影响增大。DSE-BiLSTM 能有效处理时空多模的复合数据，为现实场景中 FDIA 的定位和检测提供了可行的解决方案。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Journal of Critical Infrastructure Protection COMPUTER SCIENCE, INFORMATION SYSTEMS-ENGINEERING, MULTIDISCIPLINARY

CiteScore

8.90

自引率

5.60%

发文量

审稿时长

>12 weeks

期刊介绍： The International Journal of Critical Infrastructure Protection (IJCIP) was launched in 2008, with the primary aim of publishing scholarly papers of the highest quality in all areas of critical infrastructure protection. Of particular interest are articles that weave science, technology, law and policy to craft sophisticated yet practical solutions for securing assets in the various critical infrastructure sectors. These critical infrastructure sectors include: information technology, telecommunications, energy, banking and finance, transportation systems, chemicals, critical manufacturing, agriculture and food, defense industrial base, public health and health care, national monuments and icons, drinking water and water treatment systems, commercial facilities, dams, emergency services, nuclear reactors, materials and waste, postal and shipping, and government facilities. Protecting and ensuring the continuity of operation of critical infrastructure assets are vital to national security, public health and safety, economic vitality, and societal wellbeing. The scope of the journal includes, but is not limited to: 1. Analysis of security challenges that are unique or common to the various infrastructure sectors. 2. Identification of core security principles and techniques that can be applied to critical infrastructure protection. 3. Elucidation of the dependencies and interdependencies existing between infrastructure sectors and techniques for mitigating the devastating effects of cascading failures. 4. Creation of sophisticated, yet practical, solutions, for critical infrastructure protection that involve mathematical, scientific and engineering techniques, economic and social science methods, and/or legal and public policy constructs.