Tensor-based cybersecurity analysis of smart grids using IT/OT convergence

The expansion of cyberthreat landscape has been driving power utilities to investigate innovative methods for attack detection while leveraging the converged data generated across the grid Information Technology (IT) and Operational Technology (OT) systems. In this paper, we propose a tensor-based cybersecurity data analysis method and we prove its efficiency using tensors of IT and OT data obtained through the cosimulation of an electricity distribution system using wireless Long-Term Evolution (LTE) technology for synchrophasor communications. An approximate CANDECOMP/PARAFAC (CP) decomposition and Higher Order Singular Value Decomposition (HOSVD) are used to exploit the underlying hidden patterns in the low-rank data tensors. The effectiveness of the low-rank modeling using both decompositions is confirmed by demonstrating relatively low reconstruction error. A residual extraction method is also considered to distinguish the normal subspace of tensor dataset from the anomalous dataset resulting from the attacker actions. Finally, we highlight the intrusion detection performance of the proposed method compared to that of the Tensor Robust Principal Component Analysis (TRPCA) and the discrete-time nonlinear autoregressive neural network (NARX).

Mots clés

• cosimulation
• CP decomposition
• cyberattack
• distribution grid
• IT/OT convergence
• LTE network
• synchrophasor network
• tensor decomposition