Improving cyber-security of smart grid systems via anomaly detection and linguistic domain knowledge

The planned large scale deployment of smart grid network devices will generate a large amount of information exchanged over various types of communication networks. The implementation of these critical systems will require appropriate cyber-security measures. A network anomaly detection solution is considered in this paper. In common network architectures multiple communications streams are simultaneously present, making it difficult to build an anomaly detection solution for the entire system. In addition, common anomaly detection algorithms require specification of a sensitivity threshold, which inevitably leads to a tradeoff between false positives and false negatives rates. In order to alleviate these issues, this paper proposes a novel anomaly detection architecture. The designed system applies a previously developed network security cyber-sensor method to individual selected communication streams allowing for learning accurate normal network behavior models. In addition, an Interval Type-2 Fuzzy Logic System (IT2 FLS) is used to model human background knowledge about the network system and to dynamically adjust the sensitivity threshold of the anomaly detection algorithms. The IT2 FLS was used to model the linguistic uncertainty in describing the relationship between various network communication attributes and the possibility of a cyber attack. The proposed method was tested on an experimental smart grid system demonstrating enhanced cyber-security.