Domain-Adversarial Transfer Learning for Robust Intrusion Detection in the Smart Grid

The smart grid faces growing cyber-physical attack threats aimed at the critical systems and processes communicating over the complex cyber-infrastructure. Thanks to the increasing availability of high-quality data and the success of deep learning algorithms, machine learning (ML)-based detection and classification have been increasingly effective and adopted against sophisticated attacks. However, many of these techniques rely on the assumptions that the training and testing datasets share the same distribution and the same class labels in a stationary environment. As such assumptions may fail to hold when the system dynamics shift and new threat variants emerge in a non-stationary environment, the capability of trained ML models to adapt in complex operating scenarios will be critical to their deployment in real-world smart grid communications. To this aim, this paper proposes a domain-adversarial transfer learning framework for robust intrusion detection against smart grid attacks. The framework introduces domain-adversarial training to create a mapping between the labeled source domain and the unlabeled target domain so that the classifiers can learn in a new feature space against unknown threats. The proposed framework with different baseline classifiers was evaluated using a smart grid cyber-attack dataset collected over a realistic hardware-in-the- loop security testbed. The results have demonstrated effective performance improvements of trained classifiers against unseen threats of different types and locations.