Key points are not available for this paper at this time.
Growing deployment of DER networks in the smart grid led to a rise in the attack surface against these systems. Furthermore, DER networks use communication protocols such as Modbus and DNP3, which are vulnerable by-design to data-integrity and denial-of-service (DoS) attacks due to their clear-text nature. This paper proposes a supervised machine learning (ML)-based anomaly detection system (ADS) for detecting various stealthy IT and OT attacks on the DER communication. The proposed ML-algorithm has the ability to distinguish intrusions at a fine granularity so further effective mitigations can be triggered. We used data augmentation approach to generate DER-specific datasets and extracted 84 different IT/OT statistical features based on DER physics-based and pattern-based traffic thresholds. The proposed ADS system uses a model-based approach to train five DER-specific anomaly detection ML-algorithms. The most optimum algorithm is then serialized in an open-source format to allow seamless integration in the evaluation environment which used a testbed hardware-in-the-loop (HIL) CPS DER scheme with around 100 DER inverter models. The system demonstrated a 98.4% detection accuracy, 5 µs detection latency, 0.28% false-positive rate, and 1.32% false-negative rate.
Abdelkhalek et al. (Sun,) studied this question.