Machine Learning-Based Cyberattack Detection and Identification for Automatic Generation Control Systems Considering Nonlinearities
Nour M. Shabar, Ahmad Mohammad Saber, Deepa Kundur
TL;DR
The paper addresses FDIA detection in nonlinear AGC systems by proposing a feature-based ML framework that extracts rich time-series features from AGC measurements and trains offline classifiers to detect and identify manipulated signals. It reframes the problem as a 4-class classification with a cross-entropy objective, and evaluates multiple models (e.g., Random Forest, XGBoost, SVM, DT) on a 2400-sample dataset derived from a two-area AGC model, achieving a peak $F1$-score of $99.98\%$ while maintaining a low false-alarm rate. The approach emphasizes interpretability through explicit features, and demonstrates superior performance compared to an LSTM-based baseline from prior work. It also discusses limitations related to covert attacks and outlines future directions for real-time deployment and enhanced explainability.
Abstract
Automatic generation control (AGC) systems play a crucial role in maintaining system frequency across power grids. However, AGC systems' reliance on communicated measurements exposes them to false data injection attacks (FDIAs), which can compromise the overall system stability. This paper proposes a machine learning (ML)-based detection framework that identifies FDIAs and determines the compromised measurements. The approach utilizes an ML model trained offline to accurately detect attacks and classify the manipulated signals based on a comprehensive set of statistical and time-series features extracted from AGC measurements before and after disturbances. For the proposed approach, we compare the performance of several powerful ML algorithms. Our results demonstrate the efficacy of the proposed method in detecting FDIAs while maintaining a low false alarm rate, with an F1-score of up to 99.98%, outperforming existing approaches.