This paper conducts a comprehensive study on the application of big data and machine learning in the electrical power grid introduced through the emergence of the next-generation power system-the smart grid (SG). Connectivity lies at the core of this new grid infrastructure, which is provided by the Internet of Things (IoT). This connectivity, and constant communication required in this system, also introduced a massive data volume that demands techniques far superior to conventional methods for proper analysis and decision-making. The IoT-integrated SG system can provide efficient load forecasting and data acquisition technique along with cost-effectiveness. Big data analysis and machine learning techniques are essential to reaping these benefits. In the complex connected system of SG, cyber security becomes a critical issue; IoT devices and their data turning into major targets of attacks. Such security concerns and their solutions are also included in this paper. Key information obtained through literature review is tabulated in the corresponding sections to provide a clear synopsis; and the findings of this rigorous review are listed to give a concise picture of this area of study and promising future fields of academic and industrial research, with current limitations with viable solutions along with their effectiveness.

/pdf/application-of-big-data-and-machine-learning-in-smart-grid-1taystle2u.pdf

Application of Big Data and Machine Learning in Smart Grid, and Associated Security Concerns: A Review

A survey of cyber security management in industrial control systems

Artificial intelligence based anomaly detection of energy consumption in buildings: A review, current trends and new perspectives

Focus on Durability, PATH Research at the National Institute of Standards and Technology | NIST

Review of non-technical loss detection methods

Electric utilities are in the process of installing millions of smart meters around the world, to help improve their power delivery service. Although many of these meters come equipped with encrypted communications, they may potentially be vulnerable to cyber intrusion attempts. These attempts may be aimed at stealing electricity, or destabilizing the electricity market system. Therefore, there is a need for an additional layer of verification to detect these intrusion attempts. In this paper, we propose an anomaly detection method that uniquely combines Principal Component Analysis PCA and Density-Based Spatial Clustering of Applications with Noise DBSCAN to verify the integrity of the smart meter measurements. Anomalies are deviations from the normal electricity consumption behavior. This behavior is modeled using a large, open database of smart meter readings obtained from a real deployment. We provide quantitative arguments that describe design choices for this method and use false-data injections to quantitatively compare this method with another method described in related work.

/pdf/pca-based-method-for-detecting-integrity-attacks-on-advanced-3potnpqj9q.pdf

PCA-Based Method for Detecting Integrity Attacks on Advanced Metering Infrastructure

Electricity theft is a major concern for utilities all over the world, and leads to billions of dollars in losses every year. Although improving the communication capabilities between consumer smart meters and utilities can enable many smart grid features, these communications can be compromised in ways that allow an attacker to steal electricity. Such attacks have recently begun to occur, so there is a real and urgent need for a framework to defend against them. In this paper, we make three major contributions. First, we develop what is, to our knowledge, the most comprehensive classification of electricity theft attacks in the literature. These attacks are classified based on whether they can circumvent security measures currently used in industry, and whether they are possible under different electricity pricing schemes. Second, we propose a theft detector based on Kullback-Leibler (KL) divergence to detect cleverly-crafted electricity theft attacks that circumvent detectors proposed in related work. Finally, we evaluate our detector using false data injections based on real smart meter data. For the different attack classes, we show that our detector dramatically mitigates electricity theft in comparison to detectors in prior work.

F-DETA: A Framework for Detecting Electricity Theft Attacks in Smart Grids

Utilities need to understand and consider the interconnectedness of their electrical system and its supporting cyber infrastructure to maintain system reliability in the face of cyber adversaries. This paper makes two contributions to modeling cyber-physical dependencies within the electrical power sector. First, the paper defines a Common Format using the Cyber-Physical Topology Language (CPTL) to inventory, analyze, and exchange cyber-physical model information. Second, the paper provides an 8-substation cyber-physical reference model. The impact of this work is to enable efficient information exchange of cyber-physical topologies within and among the industry as well as the research community. The reference model and framework will benefit the research community by providing a way to compare analyses on electrical power systems that account for problems within cyber control networks.

Cyber-Physical models for power grid security analysis: 8-substation case

The trustworthiness of any Public Key Infrastructure (PKI) rests upon the expectations for trust, and the degree to which those expectations are met. Policies, whether implicit as in PGP and SDSI/SPKI or explicitly required as in X.509, document expectations for trust in a PKI. The widespread use of X.509 in the context of global e-Science infrastructures, financial institutions, and the U.S. Federal government demands efficient, transparent, and reproducible policy decisions. Since current manual processes fall short of these goals, we designed, built, and tested computational tools to process the citation schemes of X.509 certificate policies defined in RFC 2527 and RFC 3647. Our PKI Policy Repository, PolicyBuilder, and PolicyReporter improve the consistency of certificate policy operations as actually practiced in compliance audits, grid accreditation, and policy mapping for bridging PKIs. Anecdotal and experimental evaluation of our tools on real-world tasks establishes their actual utility and suggests how machine-actionable policy might empower individuals to make informed trust decisions in the future.

/pdf/a-computational-framework-for-certificate-policy-operations-lwv5vjbz72.pdf

A computational framework for certificate policy operations

Our Cyber-Physical Topology Language (CPTL) provides a language that utilities can use to programmatically analyze current and future cyber-physical architectures The motivation for our research emerged from the importance and limitations of several audit scenarios: account management, vulnerability assessment, and configuration management Those scenarios occur in the context of the North American Electric Reliability Corporation's Critical Infrastructure Protection (NERC CIP) audits The NERC CIP standards define security controls by which utilities must be audited Although the standards were designed to make power control networks less vulnerable to cyber attack and to decrease the chance of outages, the audit process is manual and costly In order to save utilities and auditors time and money, we used the limitations of those audit scenarios in formally specifying and implementing CPTL, which consists of both a representation of cyber-physical assets and operations upon that representation First, CPTL uses graph theory to represent a network of cyber-physical assets; we currently implement this representation in GraphML Second, CPTL defines operations upon that representation In this paper, we introduce operators to process attributes by expanding and contracting components of a network, and implement these operations using the Boost Graph Library (BGL) In order to demonstrate the potential for CPTL to save auditors and utilities time and money, we provide a detailed example of how CPTL could help with vulnerability assessment and discuss additional applications beyond the audit scenarios mentioned above We describe current approaches to those scenarios and argue that CPTL improves upon both the state-of-the-art and current practice In fact, we intend CPTL to enable a broad range of new research on realistic cyber-physical architectures by giving utilities, auditors, managers, and researchers a common language with which to communicate and analyze those architectures

https://www.perform.illinois.edu/Papers/USAN_papers/13WEA01.pdf

Gabriel A. Weaver

Papers

PCA-Based Method for Detecting Integrity Attacks on Advanced Metering Infrastructure

F-DETA: A Framework for Detecting Electricity Theft Attacks in Smart Grids

Cyber-Physical models for power grid security analysis: 8-substation case

A computational framework for certificate policy operations

Toward a cyber-physical topology language: applications to NERC CIP audit