A Power Grid Incident Identification Based on Physically Derived Cyber-Event Detection

Abstract

This article proposes a cyber-event detection framework to aid in incident identification and digital forensics cases aimed at investigating cyber crime committed against the critical infrastructure power grid. However, unlike other similar investigative techniques, the proposed approach examines only the physical information to derive a cyber conclusion. The developed framework extracts information from the physical parameters stored in historical databases of SCADA systems. The framework uses a pseudo-trusted model derived from randomly selected power system observations found in the historical databases. Afterwards, a technique known as Bayesian Model Averaging is used to average the models and create a more trusted model. Results indicate a successful classification of on average 89% for the simulated cyber events of varying magnitudes.