A researcher team at Beijing Institute of Technology (BIT) has devised a novel method for detecting false data injection (FDI) attacks on infrastructure like power grids. It employs a recurrent neural network (RNN) with multiple hidden layers, making it difficult for FDI attacks to fool, as reported in paper presented at IECON 2018.
Cyber-attacks on cyber physical systems (CPSs), especially on critical infrastructure, are most likely to cause substantial chaos and disturbance for people living in affected regions.
Several methods to prevent cyber-attacks are available, but one specific type of attack – false data injection (FDI) attacks are capable of avoiding all conventional surveillance and security systems. Successful FDI attacks enable the attacker to compromise measurements from power grid sensors, hampering the normal functioning of power grids and sometimes even causing damage to connected devices.
Over the years, researchers have been trying to create effective tools to detect FDI attacks and prevent them from causing serious disruptions to infrastructure such as power grids. Most of these recently developed techniques use machine learning technology including supervised as well as semi-supervised learning algorithms.
However, many of these approaches have a range of limitations and flaws, despite their promising results. To address the limitations associated with the conventional tools for detecting false data injection (FDI) attacks, two BIT researchers – Qingyu Deng and Jian Sun – developed a new method that employs RNN with multiple hidden layers. At the top of these layers, RNN has a fully-connected layer along with a linear activation function.
According to recent studies, RNN could be particularly effective for anomaly detection and time-series forecasting, thereby it could help detect cyber-attacks. These previous findings encouraged the researchers to develop a method using RNN for detecting false data injection (FDI) attacks.
In the new research, Deng and Sun exploited the extreme ability of RNN on time-series forecasting to determine the potential compromised measurements.
Further, it does not require labelled data for its function, making it easier to implement in real-world scenarios. In an evaluation, the new method attained significant results, effectively detected compromised measurements with a small false alarm rate (FAR). Additional research could help to further develop the system so it can achieve even lower FAR and higher precision rates.