TY - GEN
T1 - Addressing the challenges of anomaly detection for cyber physical energy grid systems
AU - Ferragut, Erik M.
AU - Laska, Jason
AU - Melin, Alex
AU - Czejdo, Bogdan
PY - 2013
Y1 - 2013
N2 - The consolidation of cyber communications networks and physical control systems within the energy smart grid intro- duces a number of new risks. Unfortunately, these risks are largely unknown and poorly understood, yet include very high impact losses from attack and component failures. One important aspect of risk management is the detection of anomalies and changes. However, anomaly detection within cyber security remains a difficult, open problem, with special challenges in dealing with false alert rates and heterogeneous data. Furthermore, the integration of cyber and physical dynamics is often intractable. And, be- cause of their broad scope, energy grid cyber-physical systems must be analyzed at multiple scales, from individual components, up to network level dynamics. We describe an improved approach to anomaly detection that combines three important aspects. First, system dynamics are modeled using a reduced order model for greater computational tractability. Second, a probabilistic and principled approach to anomaly detection is adopted that allows for regulation of false alerts and comparison of anomalies across heterogeneous data sources. Third, a hierarchy of aggregations are constructed to support interactive and automated analyses of anomalies at multiple scales.
AB - The consolidation of cyber communications networks and physical control systems within the energy smart grid intro- duces a number of new risks. Unfortunately, these risks are largely unknown and poorly understood, yet include very high impact losses from attack and component failures. One important aspect of risk management is the detection of anomalies and changes. However, anomaly detection within cyber security remains a difficult, open problem, with special challenges in dealing with false alert rates and heterogeneous data. Furthermore, the integration of cyber and physical dynamics is often intractable. And, be- cause of their broad scope, energy grid cyber-physical systems must be analyzed at multiple scales, from individual components, up to network level dynamics. We describe an improved approach to anomaly detection that combines three important aspects. First, system dynamics are modeled using a reduced order model for greater computational tractability. Second, a probabilistic and principled approach to anomaly detection is adopted that allows for regulation of false alerts and comparison of anomalies across heterogeneous data sources. Third, a hierarchy of aggregations are constructed to support interactive and automated analyses of anomalies at multiple scales.
KW - Anomaly detection
KW - Control systems
KW - Energy security
KW - Reduced order models
KW - Smart grid
UR - http://www.scopus.com/inward/record.url?scp=84875990281&partnerID=8YFLogxK
U2 - 10.1145/2459976.2459980
DO - 10.1145/2459976.2459980
M3 - Conference contribution
AN - SCOPUS:84875990281
SN - 9781450316873
T3 - ACM International Conference Proceeding Series
BT - 8th Annual Cyber Security and Information Intelligence Research Workshop
T2 - 8th Annual Cyber Security and Information Intelligence Research Workshop: Federal Cyber Security R and D Program Thrusts, CSIIRW 2013
Y2 - 8 January 2013 through 10 January 2013
ER -