Volume 4, Issue 4, April – 2019 International Journal of Innovative Science and Research Technology

ISSN No:-2456-2165

Intrusion Detection in Smart Grid

Anzar Iqbal Mohammad ummer chopan Pooja
M-tech scholar CSE M-tech scholar CSE Associate Professor
(Sharda University) (Sharda University) (Sharda University)
Greater Noida, India Greater Noida lGreater Noida, India

Abstract:- The idea of smart grid has extensively framework that was not presented previously. Generally
changed over the customary power framework into the sensors, smart meters, controls relays, phasor measurement
massive Cyber Physical network that empowers the units were presented that give better two way energy flow.
bidirectional correspondence between the grid Normally clients can apply their own optimal algorithms to
administration focuses and the end clients. However, buy least expensive power additionally they can build up
the presentation of such foundation have made the their own power and can pitch it to smart grid. Likewise the
power frameworks significantly more adaptable and utilization of smart grids enables the vitality providers to
productive, with many Smart Devices included, yet know about the requests identified with power
additionally builds the danger of security attacks continuously, so they can give ongoing help to their clients.
exponentially. The gadgets that are being utilized in In spite of the fact that this idea expanded the execution of
smart grid goes about as provisos or more fragile point smart grid at extremely high rate, yet it additionally
and give a surface region to intruders for embedding influences the power distribution mechanism from multiple
malware. So as to upgrade the security of smart grid points of view. One of the significant dangers to brilliant
different security instruments called intrusion detection networks is cyber attacks, due the presentation of a few
systems are utilized, which includes the arrangement of new complex gadgets at different destinations, it worked
different Intelligent Modules in numerous layers of out that these gadgets may go about as loopholes and can
shrewd network all together defeat the cyber threats. be utilized for infusing malware and exasperating the
These Intelligent Modules utilize different Classification ordinary capacity of smart grid [4]. Likewise the
Algorithms to distinguish and arrange the malicious presentation of internet like communication network adds
data and dependent on that perception recognizes fuel to flame by enabling intruders to get entrance from
whether there is a security assault or not. In this paper remote areas. Other than this there is likewise digital risk
we are going to present an approach towards the like malware, spyware, computer viruses that can cause
classification various events (attack or natural) such power unsettling influences.
occurring in smart grid for enhancing the security in
smart grid and hence prevent them from any sort In order to handle these circumstances different
intrusion that can disrupt normal functioning of smart intrusion identification framework were created. These
grid. intrusion detection system were created improve the
security of smart grid as far as both digital and physical
Keywords:- Component, Formatting, Style, Styling, Insert. attacks. in our exploration we will investigate the structure
of the smart grid and furthermore examine different
I. INTRODUCTION machine learning techniques that can decide if attack is
happening or not. These machine learning techniques are
It is trusted that the power utilization will increment utilized in this intrusion detection as structure models for
30% in forthcoming 25 years [1]. Those frameworks, that investigating the power system aggravations.
gives us power were grown long time previously and
ordinarily utilize out of date foundation. Because of A. Smart Grid Architecture
increments in day today utilization of power, load sheds As we realize that there is a substantial
has turned into a typical issue. There have been numerous communication network in the event of smart grid, thus so
cases recorded till now that has caused the enormous as to comprehend that systems we propose a three layer
misfortune. as indicated by certain information records design of smart grid made out of Home Area
billions of dollars could be squandered in the power outage Network(HAN), Neighboured Area Networks and Wide
in us for instance, as of late there was a power outage in Area Network(WAN). Figure 1, shows the three layer
brazil in 2009, it went on for 4 hours and almost 50% of architecture of smart grid.
populace was influenced. so as to keep from these kinds of
power outages, increasingly secure and dependable grid is Layer 1, HAN comprises OF Metering Module (MM)
required that gives and productive bidirectional and Service Module (SM), and interruption recognition
correspondence among clients and the service providers [2] foundation for HAN. For deciding the ongoing utilization
[3]. of information and cost for vitality to the end clients SM
module is utilized while MM is utilized to record the
The idea of smart grid gives the promising outcome utilization of the vitality in consumers. The interruption
regarding giving productive and solid supply of power. the recognition module utilized in Home area networks tracks
smart grid is productive when contrasted with existing and checks both approaching and active communication
matrix as a result of the utilization of certain new [6].

IJISRT19AP222 www.ijisrt.com 54
Volume 4, Issue 4, April – 2019 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
Layer 2 comprises of neighbourhood area network. Its a vital issue. The privacy of the client's information is
fundamental capacity is to gather metering and undermined because of increment in entry points and
administration data from Home Area Networks. This layer furthermore due presentation of malware. Some of the
is contained focal access controller and smart meter data common issues faced by smart grid in terms of security are:
gatherer. Focal access controller (FAC) goes about as Advanced metering security, Privacy of clients, Protocols
halfway between the Host area network and vitality utilized at various areas. So as to handle security related
providers while as shrewd meter information gatherer circumstances, it is important to build up a digital security
(SMIG) stores the records of entire network as created by system to ensure uprightness, accessibility and secrecy of
neighbouring HAN. Likewise this, every one of the the information transmission in savvy network. Interruption
information that moves all through NAN will be gone identification frameworks were worked for a similar reason
through NAN interruption identification module to [9] [10]. They are consolidated at each layer WAN, NAN,
recognize the malware. HAN layers and gives a procedure to distinguishing the
security dangers or malware that influence the correct
The last and final layer is wide area network layer. capacity the smart grid.
This is an important layer and is generally in charge of
giving broadband communication between the NAN, grid II. PROPOSED SOLUTION
administrations, and substations and so on. Typically this
layer has its own modules, for example, SCADA controller, A direct arrangement is to create specific intrusion
energy distribution system EDS, and its very own intrusion detection model that can precisely distinguish all the
detection module. IDS are required between SCADA security attacks. Typically, Machine learning has been
controller and provider for security purposes. utilized as a discriminator between anomalous events in
intrusion detection for digital security systems. In this
work, we will investigate the utilization of ML in
discriminating power system disturbances. Normally digital
attacks have same impact as that of natural events. So it is
incomprehensible for human to separate between the
common and vindictive occasions thus ML strategies
utilize a few arrangement calculations to recognize these
assaults.

C. Machine Learning Approach

Machine learning is a particular discipline that
involves the programming of a machine in such way that it
automatically learns and improves with experience. The
difference between traditional programming and Machine
learning is that, in case of traditional programming we
know the Input and rules and the output is generated. But,
in case of Machine learning approach output and input is
already known and we have to generate certain rules. In
machine learning the training of machine takes place by
feeding data, it allows machine to automatically learn
without any programming involved. By using machine
Fig 1:- Three Layer Architecture learning algorithms, the attack events and the natural events
can be easily classified and hence can easily distinguish
Usually the communication topology that we have whether any power system disturbance have occurred or
chosen for this type of architecture is the wireless mesh not. In case of Machine learning, supervised machine
network. Mesh topology is used because of its several learning techniques are generally used for classification
advantages. It provides multiple communication paths that purposes. Supervised learning algorithms take learning
prevents from the loss caused due to the natural failures as samples and return a function or model. Usually, learning
well as it is dynamic, self healing and scalable properties samples are the combination of input and output pairs.
[8]. It also compensates the loss that can occur due to the Attribute values can be continuous or discrete. At any time
malware injected in particular communication line. if the output takes its qualities in a discrete set, then this is
a classification problem and when it’s continuous then this
B. Cyber Security Issues in Smart Grid is a regression problem. The fundamental property of
Despite the fact that the utilization of remote classification algorithms used is the ability of these
communication technologies builds the proficiency of algorithms to make the predictions.
smart grids, yet these advancements present the danger of
new vulnerabilities and security related issues in the The combination of Home area network and the
SMART GRID. As they become the flimsier focuses for classification algorithm models centres around better
the intruders to infuse the malware and thus prompts power grouping of malicious attacks by preparing vast measure of
system aggravations. Security of smart grid has turned into information that has been gathered from various hardware

IJISRT19AP222 www.ijisrt.com 55
Volume 4, Issue 4, April – 2019 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
equipment introduced in smart grid. If attacks can't be Where w is weight vector, C is controls variance
characterized by home network layer then data is sent to between margin maximization and error minimization. €I is
the higher layers such WAN and NAN for further a set of a slack variable, yi denotes the unique constraint, b
assessment. These layers have their own Intrusion is bias, xi is the training vector, and φ(xi) denotes the kernel
recognition modules and use separate classification models. function.

D. Some Machine Learning Techniques  Artificial Nueral Network

Intrusion detection system makes use of several This type of technique is most advanced and most
computational intelligence algorithms for detecting the reliable techniques that can be used for both supervised as
vulnerabilities at faster rate. Some of the popular algorism well as unsupervised learning. In case of supervised
that is used in Intrusion detection module is given below: learning radial function neural networks are used to detect
the attack events because of their quick learning ability. In
 Clonal Selection Classification Algorithm this type of algorithm, neural network model has three
This calculation can be clarified in comparative style layers and in order to train the data, two stage learning
as how a solitary B or T cell that recognizes an antigen process of data takes place. Usually, the parameter (Weight
entering in our body is chosen from a pool of effectively and Bias) in the hidden layers are adjusted in such a way
existing cells with various antigens and afterward repeat to that minimum loss is obtained at the output and hence
frame a clonal cell populace to totally dispose of the model could accurately predict the outcome. Grid based
antigens [11]. This property of immune system and its approach is followed for data clustering and compression.
nature can be acknowledged and connected in network Also various optimising functions such as sigmoid, RELU,
intrusions detection also. In light of the idea of clonal Softmax etc are used to amplify or decrease the results of
calculation Artificial insusceptible recognition system output.
(AIRS} is created. It is an immune based supervised
learning calculation which comprises of clonal segments, III. PERFORMANCE EVALUATION
affinity acknowledgment balls and so forth. Typically it is
cluster based methodology utilized for grouping of Confusion matrix shown in table 1 is by far one of the
information arranged by improving cluster centres. best tools to evaluate the performance of the models
employed. The output yielded by a confusion matrix is
 Support Vector Machine used to calculate the accuracy along with certain other
SVM is the most powerful tool that can be used for parameters required to determine the performance metric.
the classification of the data. SVM usually classifies data These outcomes act as the indicators in order to check the
by applying the two different principles: Large margin Classifier Performance. Usually four outcomes are
separation and Kernel function [12]. Large Margin generated due to binary classifications, which are as:
separation usually is technique in which the separation line  True positive (TP) which is the correct positive
generated in such a manner that the distance between the prediction.
line and the margin (closest point to the line) is maximised.  False Positive (FP) which is the incorrect positive
Usually these types of separation can only occur when data prediction.
is sparse in single dimension and hence data is linearly  True negative (TN) which is the correct negative
separable. In case nonlinear classification Kernel functions prediction.
are used that similarity between two data points. In kernel  False negative (FN) which is the incorrect negative
function , generally hyper planes are used to separate data prediction.
instead of lines. In order to draw an hyper plane, the
mapping of data to different space is done so that hyper Predicted
plane could easily classify the data.
Positive Negative
In case of non linear and non separable data a Positive
TP FN
complex quadratic equation needs to be solved in order to
Observed
generate hyper plane, the equation is of the form Min Negative FP TN
Table 1

Though accuracy is the overall measure of

performance, there are some other measures that can
provide us the better vision of how accurately the classifier
works. These are precision, recall, F1 score etc. These
measures are calculated through the values obtained from
confusion matrix.

IJISRT19AP222 www.ijisrt.com 56
Volume 4, Issue 4, April – 2019 International Journal of Innovative Science and Research Technology
ISSN No:-2456-2165
IV. CONCLUSION [11] R. Perdisci, G. Gu, and W. Lee., “Using an Ensemble
of One-class SVM Classifiers to Harden Payload-
In this paper, we have explored the smart grid based Anomaly Detection Systems”, Proc.
qualities as compared to that of an ordinary grid. We have International Conf. on Data Mining, pages 488–498,
also seen that smart grid is prone to security attacks. These 2006.
intrusions can be carried out from remote location and are [12] R.C. Holte, "Very Simple Classification Rules
dynamic in nature. We have proposed the concept of Perform Well On Most Commonly Used Datasets,"
Intrusion detection system that can be introduced at Machine Learning, Vol. 11, No. 1, Pp. 6390, 1993.
different layers of smart grid and uses certain machine
learning models to classify attack and natural events. We
centred our approach on supervised learning and artificial
neural networks .These approaches are helpful in
classifying these events and detection of root cause behind
power disturbances, hence increasing the performance of
smart grid.

REFERENCES

[1] Safaric, S. & Malaric, K. (2006). “ZigBee wireless

standard” 48th International Symposium ELMAR-
2006, Zadar, Croatia, 07—09. (p.259-262).
[2] Lee, M. J. & al., (2006). Emerging Standards for
Wireless Mesh Technology. IEEE Wireless
Communication.
[3] Garcia-Hernandez, C. F., Ibarguengoytia-Gonzalez,
P. H., & Perez-Diaz, J. A. (2007). Wireless Sensor
Networks and Applications: A Survey. IJCSNS
International Journal of Computer Science and
Network Security, 7(3). (p.264-273).
[4] Freund, Yoav, and Robert E. Schapire. "A decision-
theoretic generalization of on-line learning and an
application to boosting." Journal of computer and
system sciences 55.1, 119-139. 1997.
[5] McLaughlin, K.; Sezer, S.; Littler, T.; Pranggono, B.;
Brogan, P.; Wang, H.F., "Intrusion Detection System
for network security in synchrophasor systems," IET
International Conf. , vol., no., pp.246,252, 27-29,
April, 2013.
[6] B. Martin, “Instance-based Learning: Nearest
Neighbor With Generalization” University Of
Waikato, 1995.
[7] M. Talebi, J. Wang, Z. Qu, “Secure Power Systems
Against Malicious Cyber-Physical Data Attacks:
Protection and Identification,” World Academy of
Science, Engineering and Technology, vol. 66, 2012.
[8] Berthier, R., Sanders, W., & Khurana, H. (2010).
Intrusion Detection for Advanced Metering
Infrastructures: Requirements and Architectural
Directions. In First IEEE International Conference on
Smart Grid Communications (SmartGridComm). (p.
350–355).
[9] Tavallaee, M., Bagheri, E., Lu, W., & Ghorbani, A.
(2009). A Detailed Analysis of the KDD CUP 99
Data Set. IEEE International Conference on
Computational Intelligence for Security and defense
applications. (p. 53-58).
[10] Hooper, E. (2010). Strategic and Intelligent Smart
Grid Systems Engineering. Internet Technology and
Secured Transactions (ICITST), 2010 International
Conference, London, 8-11. (p.1-6).

IJISRT19AP222 www.ijisrt.com 57