Detecting Zero-day Controller Hijacking Attacks on the Power-Grid with Enhanced Deep Learning
A power-grid system’s control processor is vulnerable to disastrous attacks, particularly zero-day ones. Early detection of the attacks can stop more harm from occurring. However, because zero-day attacks lack known code and exhibit unknown behavior, detecting them can be difficult.
We suggest a data-driven defense strategy to deal with the zero-day attack issue. This involves training a temporal deep learning model to simulate the typical behavior of the power-grid controller using only regular data from legitimate processes that operate regularly in these power-grid systems. Then, by utilizing a statistical test to estimate deviations from the expected behavior, we can swiftly identify malicious codes that are active on the processor. Based on real power grid controller experimental results, we can identify anomalous behavior with nearly zero false positives and over 99.9% accuracy.