Towards realizing a distributed event and intrusion detection system

Abstract

Power system blackouts would cause a significant impact on social and economic activities. Therefore, a key underlying requirement for a resilient power system is to detect cyber attacks and provide an appropriate response in nearly real time. However, due to limited computing resource and latency of the current power system Intrusion Detection Systems (IDS), they are not capable to detect cyber attacks for a large-scale system in real time. In this paper, we designed a Distributed Event and IDS (DEIDS) that provides advance monitoring, incident analysis, and instant attack detection over the entire grid network. The application of the DEIDS will provide an easy and fast way to recognize power system performance trends and the patterns of cyber attacks. To realize such a DEIDS, we used four feature selection methods and applied these methods on selecting the most significant features for a 38GB test dataset. Comparing with previous research work [1, 2], we have validated that the DEIDS provides the highest detection accuracy but the lowest overhead by modifying the Particle Swarm optimization fitness function to enhance the NNGE classifier through choosing the best detection attributes.