2019 22nd International Conference on Control Systems and Computer Science (CSCS)

Cyber Security of Smart Grids in the Context of

Big Data and Machine Learning
Delia Ioana DOGARU1, Ioan DUMITRACHE2
Faculty of Automatic Control and Computer Science
University Politehnica Bucharest, Romania
[email protected] 1 ,[email protected] 2

Abstract— the power system can be seen as a cyber-physical to a new generation of Smart Grid or Smart Electricity
system where big data plays a major role in managing the Networks [1].
overwhelming volume of data underlining the importance of big
data in both the power industry and security domain. In this Smart Grid is a complex infrastructure that describes a
article, it is presented the challenges of cyber security in power system of systems [2] with characteristics such as the
systems and machine learning techniques, like artificial neural interdisciplinary nature, operational and managerial
networks, to prevent and overcome cyber-attacks. The motivation independence of its components as well as geographical
for choosing this topic resides in the evolution of power systems distribution, high heterogeneity of network equipment,
with the need for cyber security implementation. emerging behavior and evolutionary development.

Keywords— power system; cyber security; cyber-physical Thus, the high level of integration of information and
systems; machine learning; big data. communication technology, advanced processing and control
systems with physical systems leads to an exponential increase
in the complexity of the electrical networks leading to a new
paradigm, Cyber – Physical Energy System [3, 4]. Integrating
I. INTRODUCTION computers and communications into energy systems, increasing
the complexity and diversity of energy resources with a random
generation, inevitably leads to increased vulnerability of the
Advances in control technologies and technologies for energy system.
processing and transmitting information have imposed new
standards and performance requirements for the power system. Assessing the security of a real-time system to determine
The design and development of advanced data acquisition cyber vulnerabilities proves to be a challenge because the
technologies, sensor networks and execution elements have led current conventional technology is costly and slow for a
to increased complexity of measurement and process dynamic system such as the power grid. To take into account
management systems in the energy system. the real-time attack model, new algorithms need to be designed
to validate command signals (from automatic power generation
Technological and economic trends, as well as population control, voltage control, etc.) in terms of authenticity or
growth, increased carbon emissions and the depletion of fossil provenance from another source.
fuels, have given rise to the need for quality energy production
and consumption. The growing demands for clean energy and Current security strategies consist of an outdated arsenal of
increased supplied quality energy have forced the integration of methods because they are based on blocking or anticipating
renewable energy sources into the existing power system to already existing and widely used attacks that do not take into
diversify the energy mix and create a globally distributed account the new dynamic and adaptive cyber-attacks.
generation. At the same time, as the energy portfolio changes
With the increase in complexity of the smart grid, new and
and diversifies, new challenges arise that require changes in the
more adapted cyber penetration methods appear to compromise
power system infrastructure by adopting advanced
the normal functioning of the entire energy system and for
technological strategies to support secure and reliable energy
which there are no security strategies. Inappropriate
supply to consumers.
implementations of cyber security applications could lead to
Integrating cyber components at all levels of the energy degradation of the energy system's performance. So, the next
system has increased the system's performance, but stability generation of cyber security strategies must maintain a balance
and security issues have become a priority because despite between energy systems and cyber systems through a specific
technological advances, cyber security vulnerabilities have approach. Furthermore, security methods for preventing and
emerged. detecting cyber anomalies should take into account the overall
impact on the electrical network, not just focus on the isolated
At the same time, these integrations have led to the adoption effects that cyber attacks may have.
of advanced features, such as advanced configurability,
disruption reconfiguration, continued safety and availability of The objective of this article is to focus on a thorough study
energy. The two-way flow of information for better monitoring, on cyber security in smart grids, highlighting the use of Big
diagnosis and control at each level of the network has given rise Data and machine learning in the assessment and prevention of
cyber-attacks. In Section II Big Data and machine learning are

2379-0482/19/$31.00 ©2019 IEEE 61

DOI 10.1109/CSCS.2019.00018
presented from the smart grid’s perspective, highlighting some • Define and classify sensitive system data. Sensitive data
of the advantages and disadvantages. Integration of new may refer to all data in the power system, but a more precise
technologies into the grid leads to a growing, complex, classification should be made on a sensitivity scale to prioritize
interconnected system that is exposed to various cyber data: network topology data, sensor measurements to the
vulnerabilities, thus, Section III presents the cyber security control center, control signals from the controllers to actuators,
challenges of the smart grid. The article supports machine etc .;
learning for cyber security using the simulation in
MATLAB/Simulink of a multi-machine model’s behavior as a • Encryption - once the data is identified as critical or less
case study in Section VI. sensitive in terms of sensitivity, it should be protected by
encryption (eg 256-bit AES), hashing or masking;
• Monitor access for unauthorized users or suspicious
II. BIG DATA AND MACHINE LEARNING activity. Each user role should be given different privileges for
accessing data types based on the level of sensitivity;

Due to the integration and development of information and • Identifying risk scenarios for data manipulation and
communication technology in the electrical network, an IT creating a strategic plan for suspicious activity scenarios to
infrastructure is added to the transmission and distribution address the right action;
network of energy for collecting, storing and analyzing data • Monitoring and evaluating system vulnerabilities (e.g.,
through extended sensor networks and measurement units to databases).
ensure the delivery of the quality criteria for the generation,
delivery and consumption of energy. This evolutionary step
towards the intelligent power grid determines large amounts of
data that energy companies have to deal with through
specialized applications.
One of the biggest challenges for smart grid applications is
handling massive amounts of data that need to be collected from
different sources in different formats and processed to optimize
network performance. The term “Big Data” (BD) defines these
large and complex data sets, which require advanced analysis,
processing and processing algorithms to discover hidden
patterns and information.
The availability of large data volumes due to the
proliferation of Intelligent Electronic Devices (IED) in
Intelligent Power Networks opens the way to implement the Big
Data concept in detecting and preventing security incidents by
analyzing multiple network entrances looking for patterns or
anomalies, using the extraction of the attributes (deriving
distinctive properties from an initial set of input data).
Cyber-attacks on the power grid reach a sophisticated level
of adaptability and dynamism making their detection difficult
because they manifest over a long period of time on the system,
altering various vulnerable points which cumulated result in an
abnormal behavior. The contribution given by BD is the ability Fig.1. Cyber security approach integrating Big Data
to extract information from large data collected from different
sources - data packets, servers, logs, sensor data, etc. - Using a Big Data in security analysis is designed to handle large
correlation analysis to give meaning to the links between the amounts of data - collecting, storing, integrating, classifying,
multitude of data [5]. analyzing - from various sources, structured and unstructured,
The information extracted from advanced processing can be captured in real time or near real - and works closely with 2
used to determine electrical network behaviors. The given categories of information security tools:
potential in analyzing the normal and abnormal behavior • Information and Event Security Management Tools -
scenarios based on historical and real-time data will lead to the Manages the analysis of logs in system logs and can be
building of knowledge bases, transforming the security strategy configured to detect or disable only certain attacks.
into an evolved one with intelligent decision-making
capabilities in detecting behavioral behaviors network under the • Performance and Application Monitoring Tools - monitors
influence of cyber-attacks, figure 1. the performance and availability of a complex application,
identifies and isolates changes that occur in case of failure or
A proactive approach to minimizing security risks for data cyber attacks.
follows 5 steps:

62
 Information security can be differentiated by BD in security • supervised learning – is a type of algorithms used to make
analysis through the following [6, 7]: predictions based on a set of examples having input labeled data
and desired output data. The algorithms in this class analyze the
• Security with BD is on a platform capable of analyzing data and identify the function to map inputs with outpus. (e.g.
large data volumes and large storage space, such as Hadoop Kernel/Linear SVM, Random Forest, Neural Network,
operating with structured and unstructured data; Decision Tree, Logistic Regression, Naïve Baise, etc.);
• In the communications network, packet data traffic flows • unsupervised learning – unlike supervised learning,
in real-time from one node to another, and packets must be labels are not used, instead it is asked to find the intrinsic
analyzed immediately after being received at the destination. relations which underlies the data (e.g. Singular Value
This required feature is the scalability property; decomposition, DBSCAN, Gaussian Mixture Model, k-means,
• Another necessary feature is the integration of reporting etc.);
and visualization tools to identify data from different sources. • reinforcement learning – is a type of learning that is based
Data framing in a context can help correlate important on the feedback from the environment to adjust the actions of
events and help improve detection of anomalies. In other words, an agent (e.g. Radom Forest, Artificial Neural Networks,
a piece of code can be considered “harmless” at first glance, but Decision Tree, Linear Regression, etc.).
by putting it in a real-time system application or in a In the Case Study section of this article, the identification of
communication channel can lead to abnormal operation. which algorithm to choose will be presented.
One of the central ideas underlying this section is that, using The power system is a complex system, modeled by
BD, the behavior of a communications network or an electrical nonlinear differential equations that require a high
network can be analyzed in depth, defining the characteristics computational processing power. To treat such a system defined
of a normal state of operation and an abnormal state (following by complex equations, the best approach considered to
cyber disturbances), identifying suspicious activity and the modeling the relationship between input data and output data,
adoption of preventive measures. where the knowledge of earlier features is less known, is the use
However, extracting patterns of behavior (or statistical of deep neural networks. DNN uses less computational power
models) of the power system for cyber security is proving and are efficient in terms of processing time. They do not need
difficult because of the large data volume and the impact of a complete set of differential equations but use pre-calculated
available noise measurements. Traditional security methods are learning outcomes to obtain precise solutions [14]. Deep
outdated and increasing data collection makes energy sector learning is a subset of machine learning, representing large
organizations orient themselves in adopting intelligent methods scale artificial neural networks that uses huge amounts of data
of data analysis and security. to be effective.
Machine learning is a data analysis method that automates Cyber infrastructure in power systems is extremely
the construction of an analytical model. It is a branch of vulnerable to cyber-attacks due to the complexity and
artificial intelligence based on the idea that systems can learn integration of heterogeneous components. Traditional methods
from data, identify models and making decisions with the for assessing security and human intervention are not sufficient
minimal intervention of a human operator. This method was to protect it.
born out of model recognition and the theory that machines can Cyber-attacks are continually evolving and adapt to new
learn without being programmed to perform specified tasks, energy sector implementations. These can be centralized,
learning only based on data sets. An important feature of the compromising a single device but with cascading effects
method is the iterative aspect because the models are exposed because the system is interconnected and distributed, targeting
to new data sets and it can adapt and learn from previous results multiple devices that can be geographically dispersed and have
to make accurate decisions. Machine learning analyzes data to a wide cascading effect [5].
find patterns, correlations, and anomalies within it.
Neural networks are able to model many nonlinear systems,
Machine learning, the subset of artificial intelligence, is also processing through many neural layers of nonlinear
used in power systems to diagnose malfunctions - recognizing transformations, raw input data to obtain the desired results. At
transient events in nuclear power plants to anticipate failures [8] the same time, due to their adaptability in handling different
- Prognosis of peak loads [9, 10], identification, modeling and types of data, their parallel processing capability allows for
prediction [11], load control [12] and real-time stability analysis increased processing speed and high precision in predicting,
[13] etc .. DNN are suited to real-time applications. Their applicability
Many machine learning algorithms have existed over time, extends to model recognition, classification and recognition of
but the ability to automatically apply complex calculations on anomalies, etc. .
large volumes of data in a fast way is a recent development. In
the study case section, the subject of machine learning is
developed as a solution in the prevention and evaluation of III. CYBERSECURITY CHALLENGES IN THE SMART GRID
cyber-attacks in the electrical networks.
The three main categories of machine learning with the The information and communications domain has already
following algorithms assigned are: structured cyber security policies addressing existing

63
vulnerabilities, analyzed and evaluated in their own data strategies usually imply to minimize the effect of cyber-attacks,
systems; the same vulnerabilities need to be assessed by the because it is a more achievable objective in comparison to
degree and type of impact on the power grid because the completely avoid any type of attack. In reference [17], it is
physical components are directly affected. discussed the impact of cyber-attacks over the stability of the
power grid.
The next generation of cyber security strategies must
maintain a balance between energy and cyber infrastructures.
Specific approaches should be considered because TABLE I SPECIFIC ELEMENTS OF THE COMMUNICATIONS NETWORK AND
inappropriate implementations of cyber security applications POSSIBLE ATTACKS

could lead to degradation of the power system performance. Objec

Mechanism Definition Atacks
tive
At the same time, security methods for preventing and
detecting cyber issues should take into account the overall Such mechanisms are
designed to compensate for
impact on the electricity grid and not just focus on the isolated Tolerance
multiple failures related to
effects that cyber-attacks may have. Having a macro and micro mechanism for
the processing unit, the
data availability
level analysis along with real-time monitoring of the entire memory of a computing unit, Denial of
power system, increases the chances of detecting and the power supply, etc. Service

Availability
(DoS)
preventing anomalies by covering a wider range of scenarios. attacks or
Mechanisms
These mechanisms include distributed
Cyber-attacks can have local or cascading effects at any that ensure the
rules for accessing data, denial of
level of the power system. In a previous article, reference [15], security of the
ensuring their integrity, but service
communication
the different types of attacks on the electricity grid and their network and
also overseeing the smooth
impact on the generation, transport, distribution and deployment of operations
secure
performed using hardware
consumption of electricity are presented. Also, some aspects of interoperability
and software
stability (rotor rotation speed, voltage, frequency stability) are processes
analyzed when the electrical network faces different classes of
cyber-attacks. However, cyber-attacks are continuously Firewall Mechanism for packet
False data
adapting in response to new system developments. services analysis and filtering in the
injection (eg
communications network
imitation
It is necessary to design security strategies by: attacks, SQL
Communication security injection,
• algorithms that consider the real-time attack model and etc.)
Communication means a set of methods that
Integrity

which can filter massive amounts of system data and historical security prevent unauthorized access
communications data from control centers to analyze, monitor, management to network data traffic (eg. Denial of
and counteract any potential intrusion; mechanisms data encryption Service
mechanisms) (DoS)
• algorithms that check the control signals (from automatic attacks or
Mechanisms in the form of distributed
power generation control, voltage control, etc.) if they are Intrusion applications or devices that
authentic or come from another unauthorized source; denial of
Detection monitor the traffic of a service
Mechanisms communications network to
• robust security algorithms that include synergy between identify abnormal activities
cyber-protection and physical protection of the electrical Network Security protocols are those
Side-
network. security processes and methodologies
channels
protocols (eg that ensure secure transfer
Although there are some similarities between an IT network attacks
IPSec, VPN, and unauthorized access to
Confidentiality

and a communications network used in smart grids, they must TLS, etc.) transmitted data
Packet
be “seen” as two different entities. The discrepancies in the Authentication provides itnerception
Authentication
security objectives pursued by each were analyzed in the mechanisms
access to data by authorized attacks
reference [16], and in Table I are presented the elements of the parties
communications network that provide important security Specific data encoding Sniffing,
objectives for an electrical network and possible related attacks. Data encryption mechanisms for access by phishing
authorized parties only attacks etc.
Cybersecurity is an area that recently had machine learning
integrated to increase the efficiency and accuracy of operations, Even though there is a plethora of evolving cyber-attacks, it
but for years it used data science techniques to gather, process must be understood that the power grid has a set of well-defined
and analyze large amounts of data representing historical or objective and that in order to adopt the appropriate security
real-time events over wide periods of time. Existing network measures it is essential to identify the components, the role they
intrusion detection systems detect known threats using rule- play, the information they use, and the means along with what
based or signature-based methods. Machine learning kind of existing attacks could benefit from their vulnerabilities.,
algorithms upon security data can detect or predict potential as some examples are discussed in Table II.
threats with an improved precising over time. Moreover, by
analyzing historical data, the algorithms can identify the most
frequently targeted entry points or components of the power
grid classifying them as “weak-links”. The cyber security

64
TABLE II POINTS OF INTEREST TO CONSIDER IN THE EVALUATION OF CYBER- Machine learning can be used for solving various problem
ATTACKS scenarios regarding the power grid cyber security like:
Points of interest • classification – monitoring the traffic between connected
devices to identify and classify third party access to sensitive
Purpose

Parameter
Protocols

Attacks
Systems

Comm.
data, like control commands or measurements, based on
Level

Action
patterns.
PI controllers in AGC regulate • clustering – based on unsupervised learning because,

injection, Malware, side channel attack

Denial-of-service (DoS), False data
the speed of the turbine unlike classification, the classes are not established. This can be
Automatic Generation Control

generator unit by adjusting the applied by studying the historical data regarding network
input valve to change the communication activity between various connected devices that
turbine’s mechanical power
lead to the occurrence of normal and abnormal behaviors of the

Tie-line power
output to track the electrical

Frequency
physical components and the relationships to each other that

Ethernet and Modbus, HART, PROFIBUS, DeviceNet and IEC61850, DNP 3.0, TCP, UDP, ICMP
load power change and to
The smart grid supports safe and reliable supply of quality, efficient and continuously available electrical energy to consummers

restore frequency to a nominal determine consequences to the power grid operations;

value.
The reference set-point is • dimensionality reduction – is used when extending the
received from the control center monitoring and threat identification to a more complex model
state estimation applications of unlabeled data from network communications that has many
Generation

based on data from the possible features. Most of the data is highly redundant and can
SCADA.
be reduced to just the most important features by applying the
It regulates the rotor speed of a
Governor

DoS, Malware, Side channel attack mathematical procedure of dimensionality reduction [18]. This
control

prime mover to provide at a

Speed
Rotor

certain frequency electrical can be used as a preliminary phase for data preparation
power to n alternator. preparing before adopting an anomaly detection algorithm by
The AVR maintains generator eliminating variables that have a low correlation gradient with
terminal voltage regulation other values;
Automatic Voltage

Terminal Voltage

through a control loop by

Regulator

communicating with the power • prediction (regression) – requires previous data to identify
plant control center to modify the next values over a predefined time horizon. High-
accordingly the current through dimensional data offers good insights to overcome cyber
the exciter. It controls the
reactive power and voltage
problems. In the next section, a case scenario is provided to
magnitude in the system. identify abnormal behavior of a microgrid model.
SE describes the flow of power
Load Redistribution attacks, Malware DoS, False data injection, Malware, Timing-based

The present paper offers a different approach based on the

Measurements system

through transmission lines

State Estimation

using provided measurements motivation that attacks are more pervasive and diverse and
attack, Protocol Attacks, eavesdropping

from measurement devices, should be viewed not only from the point of view of their local
status

PMUs, to assure estimates of impact of the target in the power system, but rather from the
state variables: voltage perspective that different types of distributed attacks for
magnitude, bus phase angle, to injecting or modifying critical system information can have an
Transmission

make informed decisions.

aggregated degrading effect on the power grid’s behavior.
Is a component of the Flexible
Alternating Current
VAr compensator

Transmission System (FACTS)

IV. CASE STUDY
providing through electronic
Voltage

switches fast reacting reactive

power on high-voltage
electricity transmission lines, The scope of this case study is to underline the possibilities
improving transmission, power that machine learning bring to the cyber security of power grids,
flow control, voltage stability. through a simulation of a chosen grid model to capture its
Is a process adopted at the
underlying behavioral features and use regression techniques,
Load information
Load Shedding

distribution level by power

Distribution

WiMAX, WIFI power line carrier

deep neural networks, to identify any anomaly; the simulation

in the system
IEC61850,ProfiNet DeviceNet

managers to maintain the power

(with false data injection)

balance of supply-demand and development of the DNN and power grid model was made
under certain conditions though in MATLAB/Simulink environment.
switching.off.power.to specific
areas or large consumers. The power grid is a non-linear system best approximated by
Is a network that enables an LTI system of ‫ܴ߳ݑ‬௡ input control signals and ‫ܴ߳ݕ‬௠ output
Consumption

bidirectional communication signals as measurements in real continuous time by measuring

Consumer load
Advanced

between utilities and consumers

Metering

units (eg. PMU) and manipulated by cyber disturbances. The

to gather real-time power usage
for pricing and to have a better differential algebraic equations describing the state dynamics
view of the distribution system are [19]:
I f

in case of faults.

65
 ‫ݔ‬ሶ ሺ‫ݐ‬ሻ ൌ ‫ݔܣ‬ሺ‫ݐ‬ሻ ൅ ‫ܤ‬ሺ‫ݑ‬ሺ‫ݐ‬ሻ ൅ ‫ݑ‬௤ ሺ‫ݐ‬ሻሻ ൅ ܲሺ‫ݐ‬ሻ݀ሺ‫ݐ‬ሻ ൅ ܿሺ‫ݐ‬ሻ The premise used in the case scenario is that the power grid
ቊ system often has a predictable behavior which can be observed
‫ݕ‬௤ ሺ‫ݐ‬ሻ  ൌ  ‫ܥ‬௤ ‫ݔ‬ሺ‫ݐ‬ሻ  ൅  ‫ݒ‬௤ ሺ‫ݐ‬ሻ
(1) and identified though patterns over large periods of time.
Based on these premises, the best possible fit for the
Where ‫ א‬ଷ୬ౝ ୶ଷ୬ౝ , ‫ א‬ଷ୬ౝ ୶ଷ୬ౝ , ௤ ‫ א‬୯୶ଷ୬ౝ , ‫א‬
ଷ୬ౝ ୶୫మ machine learning algorithm is the supervised learning, deep
 (the disturbances against the actuator matrix), C neural networks. The main objective when choosing an
denotes the output matrix, q is the number of buses where algorithm is to obtain results, understand them and use, later,
measuring units are installed, 3୥ represent the states of the sophisticated methods to improve their precision. Using thr
generators (rotor angles, rotor speeds, voltages), ଵ known grid nonlinear autoregressive neural network with closed loop
inputs (mechanical input power and field voltage), ଶ because it supports dynamic inputs without the need for prior
unknown grid inputs and q output measurements.‫ݒ‬୯ ሺ–ሻ is the knowledge of the process; this is used as a network security
potential vector against the measured output of the system and strategy described by the non-linear function [19, 20]. Another
sent to the control centers. reason for choosing artificial neural networks is their resistance
to erroneous / redundant data and the ability to classify data in
The cyber-attack can occur in altering the command
classes without previous training [5].
between the control center and the controlled process as a vector
࢛ࢗ ሺ࢚ሻ introduced by a type of false data injection attack, The NAR model used has a 12-layer network with the
altering the command: (‫ݑ‬ሺ‫ݐ‬ሻ+‫ݑ‬௤ ሺ‫ݐ‬ሻ). Levenberg-Marquardt training function. This network has been
trained in MATLAB for 500 epochs and a training goal with an
The chosen grid model is regarded to the equivalent of a error of less than 0.001.
multi-machine model with synchronous generators, power lines
and an uncontrollable load, model in a precious article from The extracted input data (from the simulated power grid
reference [19], as the benchmark model, IEEE-9 bus. model, equation 1 and reference [5]) for learning and testing
represents two system states: normal behavior data and attacked
Choosing the machine learning algorithm proves to be a behavior data. Once the network is trained, it is given a set of
challenge due to the fact that it is not always possible to know data for a given behavior (attacked or normal) to identify the
beforehand which is the best fit. For this case, of a power grid classification with the trained parameters. The training step is
model, the following aspects are identified to ease this process: performed off-line as the training is time and memory
• type, size, quality of data; consuming. In figure 3, the normal grid behavior is represented
by the blue color, followed by the predicted normal behavior in
• desired outcome; magenta color given by the DNN algorithm after the training
phase (the training was done also with abnormal behavior). In
• training time or computational time; green, it is represented the behavior carrying cyber
• desired accuracy of the result. disturbances.
As a complex, interconnected, continuously growing
system, the power grid has huge volumes of data coming from
measuring units do describe the state of the system. Any critical
anomaly can influence the whole system behavior. Data can be
redundant and must be cleansed and prepared before using it as
a dataset to the desire machine algorithm.
Having a set of examples, the objective is to set the outline
of what a normal behavior is. This was done though selecting a
set of clean data, representing power grid model under normal
operating conditions, as illustrated in figure 2. Fig. 3. Normal behavior attacked behavior and predicted behavior of the power
grid model

This algorithm is applied to identify abnormal behavior due

to cyber disturbances by spotting the differences from normal
predicted behavior, by observing cyber-disturbed (attacked)
behavior with a predefined distance metric, in figure 4.

Fig.2. Normal simulated behavior of the power grid model

Fig. 4. Difference graphic between predicted normal behavior and attacked

behavior

66
 As one can observe, through a first attempt into applying [5]. D.I. Dogaru, I. Dumitrache – “Cyber Attacks of a Power Grid Analysis
machine learning over a set of modelled data reflecting the Using a Deep Neural Network Approach”, Journal of Control Engineering
and Applied Informatics, Martie, 2019
power grid behavior, the results are promising, and it is [6]. D. Sullivan - “Introduction to big data security analytics în the enterprise”,
necessary to state that an algorithm usually requires fine tuning Tech Target, 2015
and extensive training with large datasets to obtain its best [7]. P. Wood – “How to tackle big data from a security point of view”,
performance index. Computer Weekly, 2013
[8]. Y.D. Lukic, C.R. Stevens - “Application of A Real-Time Artificial Neural
Network for Classifying Nuclear Power Plant TransientEvents Neural
Network Computing for the Electric Power Industry: Proceedings of the
V. CONCLUSIONS 1992 INNS Summer Workshop, Editor Dejan J. Sobajic, Lawrance
Erlbaum Associates, Publishers, Hillsdale, N.J., pp. 59-62, 1993.
[9]. A. J. Germond, et al., - “Application of Artificial Neural Networks to
Load Forecasting”, Neural Network Computing for the Electric Power
Smart Grids, which integrates the two infrastructures, Industry: Proceedings of the 1992 INNSSummer Workshop, pp. 165-171,
electricity networks and ICT (information and 1992.
communications), have real-time, bidirectional, high-speed, [10]. M. Khadem, E. Dobrowolski – “Short-term Electric Load Forecasting
high-speed communication networks, intelligent measurement Using Neural Networks”, Neural Network Computing for the Electric
and control devices, etc.. Thus, the new power grids become Power Industry: Proceedings of the 1992 INNSSummer Workshop,
pp.173-178, 1992.
vulnerable to both classical natural phenomena (lightning, [11]. T. Samad – “Modeling and Identification with Neural Networks”, Neural
wind, ice, etc.) as well as human cyber-attacks. Network Computing For the Electric Power Industry: Proceedings Of The
1992 INNS Summer Workshop, pp.129-134, 1992.
The emergence and application of the concept of Cyber- [12]. D. Novosel, R.L. King – “Intelligent Load Shedding”, Neural Network
Physical Systems (CPS), practically in all socio-economic Computing for the Electric Power Industry: Proceedings of the 1992
sectors, has led to the review of strategies for the development INNS Summer Workshop, pp.107-110, 1992.
of new smart grids. [13]. D.J. Sobajic – “Neural Network Computing for the Electric Power
Industry - Proceedings of the 1992 Inns Summer Workshop”, Psychology
Machine learning and Artificial intelligence techniques Press, pp.117-120, 2013.
along with IoT and BD are important factors in developing [14]. E.T. Swain et. al. – “The Application of Neural Networks to Electric
cyber security strategies that allow risk assessment and real- Power Grid Simulation”, ICANN 2006: Artificial Neural Networks, pp
736-745, 2006.
time decision making. The challenge that ML in cybersecurity [15]. D.I. Dogaru, I. Dumitrache – “Some Aspects of Power Grid Stability în
faces is the need for high volumes of data being fed to the the Context of Cyber Attacks”, International Workshop on Cyber Physical
techniques used over large periods of time to achieve the ability Systems – IWoCPS, 2017.
of anomaly and cyber threat identification by establishing first [16]. I. Dumitrache, D.I. Dogaru – “Smart Grid Overview: Infrastructure,
a baseline of what is a normal behavior. Also, time is of the Cyber–Physical Security and Challenges”, International Conference on
utmost importance in a domain characterize by continuous real- Control Systems and Computer Science (CSCS), IEEE, 2015.
[17]. D.I. Dogaru, I. Dumitrache – “Robustness of Power Systems în the
time operations, like the power grid, making machine learning Context of Cyber Attacks”, International Conference on Control Systems
architecture in cybersecurity complex and somewhat time- and Computer Science (CSCS) 2017.
consuming for increased performance and precision. [18]. A. Polyakov – “Machine Learning for Cybersecurity 101”, Towards Data
Science, 2018
Moreover, another challenge lies in the setting the correct [19]. D.I Dogaru, I. Dumitrache – “Modelling the dynamic electrical system în
parameters for the threshold between normal behavior and the context of cyber attacks”, Universitatea Politehnica Bucuresti,
abnormal. Scientific Bulletin, Seria C: Inginerie Electrică ‫܈‬i ùtiinĠa Calculatoarelor,
2018.
In conclusion, we can state that cyber-attacks within smart [20]. N.V. Tomin et al. – “Machine Learning Techniques for Power System
grids contribute greatly to increasing their fragility and that Security Assessment”, IFAC Workshop on Control of Transmission and
protection measures have to evolve in correlation with the Distribution Smart Grids CTDSG 2016: Prague, Czech Republic, Volume
49, Issue 27, Pages 445-450, 2016. Disponibil:
evolution and complexity of these networks, and it is still https://www.sciencedirect.com/science/article/pii/S2405896316324028
necessary from the design phase to include adaptive measures
with pronounced predictor character.

REFERENCES

[1]. M. Tuckwell – “10 countries: 80% of smart grid investment”, News

article, 2011.Disponibil: http://www.renewableenergyfocus.com.
[2]. M. W. Maier– “Architecting principles for systems-of-systems” Systems
Engineering, John Wiley & Sons, Inc., vol. 1, no. 4, pp. 267–284, 1998.
[3]. I. Dumitrache – “Intelligent Cyber-Energy-Systems”, invited paper on
ICTSCC-18th International Conference on System Theory, Control and
Computing, 2014.
[4]. I. Dumitrache, N. Constantin, O. Stoica – “Some challenges for the Cyber-
Physical Energy Systems”, pg. 3-9, Proceedings of the 2nd IFAC
workshop (ICPS-2013) on convergence of Information Technologies and
Control Methods with Power Systems – IFAC Paper Plaza, 2013.

67