@inbook{f44e7fa20337466d8a7cd643ba9ba34b,
title = "Semi-supervised Deep Learning-Driven Anomaly Detection Schemes for Cyber-Attack Detection in Smart Grids",
abstract = "Modern power systems are continuously exposed to malicious cyber-attacks. Analyzing industrial control system (ICS) traffic data plays a central role in detecting and defending against cyber-attacks. Detection approaches based on system modeling require effectively modeling the complex behavior of the critical infrastructures, which remains a challenge, especially for large-scale systems. Alternatively, data-driven approaches which rely on data collected from the inspected system have become appealing due to the availability of big data that supports machine learning methods to achieve outstanding performance. This chapter presents an enhanced cyber-attack detection strategy using unlabeled data for ICS traffic monitoring and detecting suspicious data transmissions. Importantly, we designed two semi-supervised hybrid deep learning-based anomaly detection methods for intrusion detection in ICS traffic of smart grid. The first approach is a Gated recurrent unit (GRU)-based stacked autoencoder (AE-GRU), and the second is constructed using a generative adversarial network (GAN) model with a recurrent neural network (RNN) for both generator and discriminator that we called GAN-RNN. The employment of GRU and RNN in AE and GAN models is expected to improve the ability of these models to learn the temporal dependencies of multivariate data. These models are used for feature extraction and anomaly detection methods (Isolation forest, Local outlier factor, One-Class SVM, and Elliptical Envelope) for cyber-attack in power systems. These approaches only employ normal events data for training without labeled attack types, making them more attractive for detecting cyber-attack in practice. The detection performance of these approaches is demonstrated on IEC 60870-5-104 (aka IEC 104) control communication that is often utilized for substation control in smart grids. Results showed that GAN-GRU and AE-GRU-based LOF methods achieved enhanced detection with an averaged F1-score of 0.98, among others.",
keywords = "Anomaly detection, Cyber-attack detection, Deep learning, Protocol IEC 104, Semi-supervised methods",
author = "Abdelkader Dairi and Fouzi Harrou and Benamar Bouyeddou and Senouci, {Sidi Mohammed} and Ying Sun",
note = "Publisher Copyright: {\textcopyright} 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.",
year = "2023",
doi = "10.1007/978-3-031-20360-2_11",
language = "English (US)",
series = "Power Systems",
publisher = "Springer Science and Business Media Deutschland GmbH",
pages = "265--295",
booktitle = "Power Systems",
address = "Germany",
}