Lightweight Data-Driven Anomaly Detection for IoT-Based Smart Grids: Capabilities and Limitations
Ladda ner
Typ
Examensarbete för masterexamen
Master's Thesis
Master's Thesis
Program
Computer systems and networks (MPCSN), MSc
Publicerad
2024
Författare
Eskilson, Lisa
Lager Carvalho, Alexander
Modellbyggare
Tidskriftstitel
ISSN
Volymtitel
Utgivare
Sammanfattning
The integration of Internet of Things devices in critical infrastructure, such as the smart grid, has made it possible to monitor and manage energy distribution with increased efficiency. However, as these devices become more complex and interconnected, detecting physical tampering or data manipulation by malicious actors, such as the Sandworm attack in Ukraine, becomes increasingly challenging. One way that has shown promise in addressing this problem is the use of lightweight data-driven anomaly detection techniques.
In this thesis, PASAD and USAD, two state-of-the-art lightweight data-driven anomaly detection algorithms were selected and evaluated using a series of experiments simulating common attacks against smart grids as suggested by relevant research. These experiments aimed to investigate the viability of these algorithms in IoT-based smart grids. More specifically, the experiments include two different attack areas, namely OT- and network-level attacks, which were crafted by manipulating real smart grid operational data. These experiments were evaluated using time series-aware metrics to get a fair assessment of the efficacy of the algorithms.
The results from the experiments were used to evaluate the viability of lightweight data-driven anomaly detection algorithms and their capabilities and limitations were highlighted. Furthermore, the knowledge acquired from executing the experiments was used to propose guidelines for the development of an event management system that handles alerts produced by different models to provide valuable and actionable information to the OT operator.
The selected algorithms were successful in detecting various long-duration attacks with stealth characteristics, while other, shorter and more direct attacks, were significantly harder to detect. Despite this, these lightweight data-driven anomaly detection algorithms proved to be a good fit for the experiments evaluated in this thesis.
Beskrivning
Ämne/nyckelord
Lightweight Anomaly Detection , Machine Learning , Internet of Things , Smart Grid