Machine Learning Methods For Attack Detection in The Smart Grid Final

MACHINE LEARNING METHODS FOR ATTACK
DETECTION IN THE SMART GRID
ABSTRACT
Electricity theft is a global problem that negatively affects both utility companies and electricity
users. It destabilizes the economic development of utility companies, causes electric hazards and
impacts the high cost of energy for users. The development of smart grids plays an important
role in electricity theft detection since they generate massive data that includes customer
consumption data which, through machine learning and deep learning techniques, can be utilized
to detect electricity theft. This paper introduces the theft detection method which uses
comprehensive features in time and frequency domains in a deep neural network-based
classification approach. We address dataset weaknesses such as missing data and class imbalance
problems through data interpolation and synthetic data generation processes. We analyze and
compare the contribution of features from both time and frequency domains, run experiments in
combined and reduced feature space using principal component analysis and finally incorporate
minimum redundancy maximum relevance scheme for validating the most important features.
We improve the electricity theft detection performance by optimizing hyper parameters using a
Bayesian optimizer and we employ an adaptive moment estimation optimizer to carry out
experiments using different values of key parameters to determine the optimal settings that
achieve the best accuracy. Lastly, we show the competitiveness of our method in comparison
with other methods evaluated on the same dataset. On validation, we obtained 97% area under
the curve (AUC), which is 1% higher than the best AUC in existing works, and 91.8% accuracy,
which is the second-best on the benchmark.
1. INTRODUCTION
MACHINE learning methods have been widely proposed in the smart grid literature for
monitoring and control of power systems. Suggest an intelligent framework for the system
design, in which machine learning algorithms are employed to predict the failures of the system
components. Employ machine learning algorithms for the energy management of loads and
sources in smart grid networks. Malicious activity prediction and intrusion detection problems
have been analyzed using machine learning techniques at the network layer of smart grid
communication systems. In this paper, we focus on the false data injection attack detection
problem in the smart grid at the physical layer. We use the distributed sparse attacks model
proposed in, where the attacks are directed by injecting false data into the local measurements
observed by either local network operators or smart phasor measurement units (PMUs) in a
network with a hierarchical structure, i.e., the measurements are grouped into clusters. In
addition, network operators who employ statistical learning algorithms for attack detection know
the topology of the network, measurements observed in the clusters, and the measurement
matrix. In attack detection methods that employ state vector estimation (SVE), first, the state of
the system is estimated from the observed measurements. Then the residual between the
observed and the estimated measurements is computed. If the residual is greater than a given
threshold, a data injection attack is declared. However, an exact recovery of state vectors is a
challenge for SVE-based methods in sparse networks where the Jacobian measurement matrix is
sparse. Sparse reconstruction methods can be employed to solve the problem, but the
performance of this approach is limited by the sparsity of the state vectors. In addition, if the
false data injected vectors reside in the column space of the Jacobian measurement matrix and
satisfy some sparsity conditions (e.g., the number of nonzero elements is at most κ ∗, which is
bounded by the size of the Jacobian matrix), then the false data injection attacks, called
unobservable attacks, cannot be detected . The contributions of this paper are as follows. 1) We
conduct a detailed analysis of the techniques proposed by Ozay et al. who employed supervised
learning algorithms to predict false data injection attacks. In addition, we discuss the validity of
the fundamental assumptions of statistical learning theory in the smart grid. Then, we propose
semi-supervised and online learning algorithms, and decision and feature level fusion algorithms
in a generic attack construction framework, which can be employed in hierarchical and
topological networks for different attack scenarios. 2) We analyze the geometric structure of the
measurement space defined by measurement vectors, and the effect of false data injection attacks
on the distance function of the vectors. This leads to algorithms for learning the distance
functions, detecting unobservable attacks, estimating the attack strategies, and predicting future
attacks using a set of observations. 3) We empirically show that the statistical learning
algorithms are capable of detecting both observable and unobservable attacks with performance
better than attack detection algorithms that employ SVE methods. In addition, phase transitions
can be observed in the performance of support vector machines (SVMs) at a value of κ∗
1.1 Objective of the project:
Attack detection problems in the smart grid are posed as statistical learning problems for
different attack scenarios in which the measurements are observed in batch or online settings. In
this approach, machine learning algorithms are used to classify measurements as being either
secure or attacked. An attack detection framework is provided to exploit any available prior
knowledge about the system and surmount constraints arising from the sparse structure of the
problem in the proposed approach. Well-known batch and online learning algorithms (supervised
and semisupervised) are employed with decision- and feature-level fusion to model the attack
detection problem. The relationships between statistical and geometric properties of attack
vectors employed in the attack scenarios and learning algorithms are analyzed to detect
unobservable attacks using statistical learning methods. The proposed algorithms are examined
on various IEEE test systems. Experimental analyses show that machine learning algorithms can
detect attacks with performances higher than attack detection algorithms that employ state vector
estimation methods in the proposed attack detection framework.
2. LITERATURE SURVEY
“Machine learning for the New York City power grid,”
Power companies can benefit from the use of knowledge discovery methods and statistical
machine learning for preventive maintenance. We introduce a general process for transforming
historical electrical grid data into models that aim to predict the risk of failures for components
and systems. These models can be used directly by power companies to assist with prioritization
of maintenance and repair work. Specialized versions of this process are used to produce (1)
feeder failure rankings, (2) cable, joint, terminator, and transformer rankings, (3) feeder Mean
Time Between Failure (MTBF) estimates, and (4) manhole events vulnerability rankings. The
process in its most general form can handle diverse, noisy, sources that are historical (static),
semi-real-time, or real-time, incorporates state-of-the-art machine learning algorithms for
prioritization (supervised ranking or MTBF), and includes an evaluation of results via cross-
validation and blind test. Above and beyond the ranked lists and MTBF estimates are business
management interfaces that allow the prediction capability to be integrated directly into
corporate planning and decision support; such interfaces rely on several important properties of
our general modeling approach: that machine learning features are meaningful to domain
experts, that the processing of data is transparent, and that prediction results are accurate enough
to support sound decision making. We discuss the challenges in working with historical electrical
grid data that were not designed for predictive purposes. The “rawness” of these data contrasts
with the accuracy of the statistical models that can be obtained from the process; these models
are sufficiently accurate to assist in maintaining New York City's electrical grid.
“Adaptive stochastic control for the smart grid,”
Approximate dynamic programming (ADP) driven adaptive stochastic control (ASC) for the
Smart Grid holds the promise of providing the autonomous intelligence required to elevate the
electric grid to efficiency and self-healing capabilities more comparable to the internet. To that
end, we demonstrate the load and source control necessary to optimize management of
distributed generation and storage within the Smart Grid.
“An early warning system against malicious activities for smart grid communications”
Smart grid presents the largest growth potential in the machine-to-machine market today.
Spurred by the recent advances in M2M technologies, the smart meters/sensors used in smart
grid are expected not to require human intervention in characterizing power requirements and
energy distribution. These numerous sensors are able to report back information such as power
consumption and other monitoring signals. However, SG, as it comprises an energy control and
distribution system, requires fast response to malicious events such as distributed denial of
service attacks against smart meters. In this article, we model the malicious and/or abnormal
events, which may compromise the security and privacy of smart grid users, as a Gaussian
process. Based on this model, a novel early warning system is proposed for anticipating
malicious events in the SG network. With the warning system, the SG control center can forecast
such malicious events, thereby enabling SG to react beforehand and mitigate the possible impact
of malicious activity. We verify the effectiveness of the proposed early warning system through
computer-based simulations
“Distributed intrusion detection system in a multi-layer network architecture of smart

grids,”
The advent of the smart grid promises to usher in an era that will bring intelligence, efficiency,
and optimality to the power grid. Most of these changes will occur as an Internet-like
communications network is superimposed on top of the current power grid using wireless mesh
network technologies with the 802.15.4, 802.11, and WiMAX standards. Each of these will
expose the power grid to cybersecurity threats. In order to address this issue, this work proposes
a distributed intrusion detection system for smart grids (SGDIDS) by developing and deploying
an intelligent module, the analyzing module (AM), in multiple layers of the smart grid. Multiple
AMs will be embedded at each level of the smart grid-the home area networks (HANs),
neighborhood area networks (NANs), and wide area networks (WANs)-where they will use the
support vector machine (SVM) and artificial immune system (AIS) to detect and classify
malicious data and possible cyberattacks. AMs at each level are trained using data that is relevant
to their level and will also be able to communicate in order to improve detection. Simulation
results demonstrate that this is a promising methodology for supporting the optimal
communication routing and improving system security through the identification of malicious
network traffic.
“Sparse attack construction and state estimation in the smart grid: Centralized and
distributed models,”
New methods that exploit sparse structures arising in smart grid networks are proposed for the
state estimation problem when data injection attacks are present. First, construction strategies for
unobservable sparse data injection attacks on power grids are proposed for an attacker with
access to all network information and nodes. Specifically, novel formulations for the
optimization problem that provide a flexible design of the trade-off between performance and
false alarm are proposed. In addition, the centralized case is extended to a distributed framework
for both the estimation and attack problems. Different distributed scenarios are proposed
depending on assumptions that lead to the spreading of the resources, network nodes and players.
Consequently, for each of the presented frameworks a corresponding optimization problem is
introduced jointly with an algorithm to solve it. The validity of the presented procedures in real
settings is studied through extensive simulations in the IEEE test systems.
“False data injection attacks against state estimation in electric power grids,”
A power grid is a complex system connecting electric power generators to consumers through
power transmission and distribution networks across a large geographical area. System
monitoring is necessary to ensure the reliable operation of power grids, and state estimation is
used in system monitoring to best estimate the power grid state through analysis of meter
measurements and power system models. Various techniques have been developed to detect and
identify bad measurements, including interacting bad measurements introduced by arbitrary,
nonrandom causes. At first glance, it seems that these techniques can also defeat malicious
measurements injected by attackers.
In this article, we expose an unknown vulnerability of existing bad measurement detection
algorithms by presenting and analyzing a new class of attacks, called false data injection attacks,
against state estimation in electric power grids. Under the assumption that the attacker can access
the current power system configuration information and manipulate the measurements of meters
at physically protected locations such as substations, such attacks can introduce arbitrary errors
into certain state variables without being detected by existing algorithms. Moreover, we look at
two scenarios, where the attacker is either constrained to specific meters or limited in the
resources required to compromise meters. We show that the attacker can systematically and
efficiently construct attack vectors in both scenarios to change the results of state estimation
in arbitrary ways. We also extend these attacks to generalized false data injection attacks, which
can further increase the impact by exploiting measurement errors typically tolerated in state
estimation. We demonstrate the success of these attacks through simulation using IEEE test
systems, and also discuss the practicality of these attacks and the real-world constraints that limit
their effectiveness.
“Malicious data attacks on the smart grid,”
Malicious attacks against power systems are investigated, in which an adversary controls a set of
meters and is able to alter the measurements from those meters. Two regimes of attacks are
considered. The strong attack regime is where the adversary attacks a sufficient number of
meters so that the network state becomes unobservable by the control center. For attacks in this
regime, the smallest set of attacked meters capable of causing network unobservability is
characterized using a graph theoretic approach. By casting the problem as one of minimizing a
supermodular graph functional, the problem of identifying the smallest set of vulnerable meters
is shown to have polynomial complexity. For the weak attack regime where the adversary
controls only a small number of meters, the problem is examined from a decision theoretic
perspective for both the control center and the adversary. For the control center, a generalized
likelihood ratio detector is proposed that incorporates historical data. For the adversary, the
trade-off between maximizing estimation error at the control center and minimizing detection
probability of the launched attack is examined. An optimal attack based on minimum energy
leakage is proposed.
“Comparing the topological and electrical structure of the North American electric power
infrastructure,”
The topological (graph) structure of complex networks often provides valuable information
about the performance and vulnerability of the network. However, there are multiple ways to
represent a given network as a graph. Electric power transmission and distribution networks have
a topological structure that is straightforward to represent and analyze as a graph. However,
simple graph models neglect the comprehensive connections between components that result
from Ohm's and Kirchhoff's laws. This paper describes the structure of the three North American
electric power interconnections, from the perspective of both topological and electrical
connectivity. We compare the simple topology of these networks with that of random,
preferential-attachment, and small-world networks of equivalent sizes and find that power grids
differ substantially from these abstract models in degree distribution, clustering, diameter and
assortativity, and thus conclude that these topological forms may be misleading as models of
power systems. To study the electrical connectivity of power systems, we propose a new method
for representing electrical structure using electrical distances rather than geographic connections.
Comparisons of these two representations of the North American power networks reveal notable
differences between the electrical and topological structures of electric power networks.
“Strategic protection against data injection attacks on power grids,”
Data injection attacks to manipulate system state estimators on power grids are considered. A
unified formulation for the problem of constructing attacking vectors is developed for linearized
measurement models. Based on this formulation, a new low-complexity attacking strategy is
shown to significantly outperform naive ℓ 1 relaxation. It is demonstrated that it is possible to
defend against malicious data injection if a small subset of measurements can be made immune
to the attacks. However, selecting such subsets is a high-complexity combinatorial problem
given the typically large size of electrical grids. To address the complexity issue, a fast greedy
algorithm to select a subset of measurements to be protected is proposed. Another greedy
algorithm that facilitates the placement of secure phasor measurement units (PMUs) to defend
against data injection attacks is also developed. Simulations on the IEEE test systems
demonstrate the benefits of the proposed algorithms.
“Decoding by linear programming,”
This paper considers a natural error correcting problem with real valued input/output. We wish to
recover an input vector f/spl isin/R/sup n/ from corrupted measurements y=Af+e. Here, A is an
m by n (coding) matrix and e is an arbitrary and unknown vector of errors. Is it possible to
recover f exactly from the data y? We prove that under suitable conditions on the coding matrix
A, the input f is the unique solution to the /spl lscr//sub 1/-minimization problem (/spl par/x/spl
par//sub /spl lscr/1/:=/spl Sigma//sub i/|x/sub i/|) min(g/spl isin/R/sup n/) /spl par/y - Ag/spl
par//sub /spl lscr/1/ provided that the support of the vector of errors is not too large, /spl par/e/spl
par//sub /spl lscr/0/:=|{i:e/sub i/ /spl ne/ 0}|/spl les//spl rho//spl middot/m for some /spl rho/>0. In
short, f can be recovered exactly by solving a simple convex optimization problem (which one
can recast as a linear program). In addition, numerical experiments suggest that this recovery
procedure works unreasonably well; f is recovered exactly even in situations where a significant
fraction of the output is corrupted. This work is related to the problem of finding sparse solutions
to vastly underdetermined systems of linear equations. There are also significant connections
with the problem of recovering signals from highly incomplete measurements. In fact, the results
introduced in this paper improve on our earlier work. Finally, underlying the success of /spl
lscr//sub 1/ is a crucial property we call the uniform uncertainty principle that we shall describe
in detail.
“Compressed sensing,”
Suppose x is an unknown vector in Ropf m (a digital image or signal); we plan to measure n

general linear functional of x and then reconstruct. If x is known to be compressible by transform
coding with a known transform, and we reconstruct via the nonlinear procedure defined here, the
number of measurements n can be dramatically smaller than the size m. Thus, certain natural
classes of images with m pixels need only n=O(m 1/4 log 5/2 (m)) no adaptive nonpixel samples
for faithful recovery, as opposed to the usual m pixel samples. More specifically, suppose x has a
sparse representation in some orthonormal basis (e.g., wavelet, Fourier) or tight frame (e.g.,
curvelet, Gabor)-so the coefficients belong to an lscr p ball for 02 error O(N 1/2-1 p/). It is possible
to design n=O(Nlog(m)) no adaptive measurements allowing reconstruction with accuracy
comparable to that attainable with direct knowledge of the N most important coefficients.
Moreover, a good approximation to those N important coefficients is extracted from the n
measurements by solving a linear program-Basis Pursuit in signal processing. The no adaptive
measurements have the character of "random" linear combinations of basis/frame elements. Our
results use the notions of optimal recovery, of n-widths, and information-based complexity. We
estimate the Gel'fand n-widths of lscr p balls in high-dimensional Euclidean space in the case 0
3. SYSTEM ANALYSIS
3.1 Existing System
For various attack scenarios where measurements are recorded in either a batch or online
environment, attack detection issues in the smart grid are posed as statistical learning challenges.
Machine learning techniques are employed in this method to label readings as secure or attacked.
Disadvantages of Existing System:
 Less Accuracy
 Time taken process
3.2 Proposed System
When it comes to keeping an eye on and managing electricity grids, several articles in the smart
grid literature have suggested using machine learning techniques. A smart framework for the
system design is proposed by Rudin et al., in which machine learning methods are used to
foresee component failures. For the purpose of managing loads and sources of energy in smart
grid networks, Anderson et al. utilise machine learning techniques. At the network layer of smart
grid communication systems, machine learning approaches have been explored to anticipate
malicious activities and identify intrusions. In this work, we examine the challenge of detecting
physical-layer attacks on the smart grid that involve fraudulent data injection. Using the
paradigm of distributed sparse assaults introduced in, we attack a network in which the
measurements are hierarchically structured by injecting erroneous data into the local
measurements recorded by local network operators or smart phasor measurement units (PMUs).
Statistics-based attack detection requires knowledge of the network topology, cluster-level
measurements, and the measurement matrix, all of which are known to network operators.
Advantages of Proposed System:
 High Accuracy
 Quick response
Modules Information:
To implement this project author has used 4 different types of machine learning algorithms such
as Perceptron, KNN, SVM and Logistic Regression. This project consists of following modules
1) Upload Dataset: Using this module we will upload smart grid dataset to application
2) Preprocess Dataset: Dataset often contains missing and null values and non-numeric
values and using this module we will replace all such values with 0. This module will
split dataset into train and test part where 80% dataset used to train machine learning
algorithms and 20% dataset used to test machine learning algorithms prediction accuracy.
3) Run Algorithms: using above dataset we will train all 4 machine learning algorithms and
then calculate various metrics such as Accuracy, Precision, Recall and FSCORE
4) Upload Test Data & Predict Attack: Using this module we will upload test data and then
application will predict whether that test smart grid data is normal or contains attack.
5) Performance Graph: Using this module we will plot performance graph between all
algorithms
FUNCTIONAL REQUIREMENTS:
SOFTWARE REQIREMENTS:
System Attributes:
1. filename
2. X, Y
3. dataset
4. classifier
5. X_train, X_test, y_train, y_test
Data base Requirements:
No need
USECASE:
Use cases - Use cases describe the interaction between the system and external users that leads to
achieving particular goals.
1) Upload Dataset
2) Preprocess Dataset
3) Run Algorithms
4) Upload Test Data & Predict Attack
5) Performance Graph
User Stories: A smart grid is an electricity network enabling a two-way flow of electricity
and data with digital communications technology enabling to detect, react and pro-act to
changes in usage and multiple issues. Smart grids have self-healing capabilities and enable
electricity customers to become active participants. In some smart cities electricity
consumption, opening or closing doors etc are managed by this smart grid. Some malicious
user can attack this smart grid system to spread or inject false information and smart grid will
get executed based on provide false information which can cause huge financial loss
Work down Structure:
Prototype:
python 3.7.0 or 3.7.4

opencv-python==4.5.1.48
keras==2.3.1
tensorflow==1.14.0
protobuf==3.16.0
h5py==2.10.0
sklearn-extensions==0.0.2
scikit-learn==0.22.2.post1
Numpy
Pandas
Models and Diagrams:

NON-FUNCTIONAL REQUIREMENT:
Usability: Usability is a quality attribute that assesses how easy user interfaces are to use. The
word "usability" also refers to methods for improving ease-of-use during the design process.
(how it was handle entire project easy)
Security: the quality or state of being secure: such as. a : freedom from danger : safety. b :
freedom from fear or anxiety. c : freedom from the prospect of being laid off job security.
Readability: Readability is the ease with which a reader can understand a written text.
Performance: the execution of an action. : something accomplished : deed, feat. : the fulfillment
of a claim, promise, or request : implementation. 3. : the action of representing a character in a
play.
Availability: the quality or state of being available trying to improve the availability of
affordable housing. 2 : an available person or thing.
Scalability: Scalability is the measure of a system's ability to increase or decrease in

performance and cost in response to changes in application and system processing demands.
3.3. PROCESS MODEL USED WITH JUSTIFICATION
SDLC (Umbrella Model):

DOCUMENT CONTROL Umbrella
Activity
Business Requirement Umbrella

Documentation Activity
Feasibility Study
TEAM FORMATION
Project Specification
Requiremen PREPARATION ANALYSIS &
ts Gathering DESIGN CODE UNIT TEST ASSESSME
NT
INTEGRATIO ACCEPTANC
N & SYSTEM DELIVERY/
E TEST
TESTING INSTALLATI
ON
Umbrella
TRAINING
Activity
SDLC is nothing but Software Development Life Cycle. It is a standard which is used by
software industry to develop good software.
Stages in SDLC:
 Requirement Gathering
 Analysis
 Designing
 Coding
 Testing
 Maintenance
Requirements Gathering stage:
The requirements gathering process takes as its input the goals identified in the high-level
requirements section of the project plan. Each goal will be refined into a set of one or more
requirements. These requirements define the major functions of the intended application, define
operational data areas and reference data areas, and define the initial data entities. Major
functions include critical processes to be managed, as well as mission critical inputs, outputs and
reports. A user class hierarchy is developed and associated with these major functions, data
areas, and data entities. Each of these definitions is termed a Requirement. Requirements are
identified by unique requirement identifiers and, at minimum, contain a requirement title and
textual description.
These requirements are fully described in the primary deliverables for this stage: the
Requirements Document and the Requirements Traceability Matrix (RTM). The requirements
document contains complete descriptions of each requirement, including diagrams and
references to external documents as necessary. Note that detailed listings of database tables and
fields are not included in the requirements document.
The title of each requirement is also placed into the first version of the RTM, along with the title
of each goal from the project plan. The purpose of the RTM is to show that the product
components developed during each stage of the software development lifecycle are formally
connected to the components developed in prior stages.
In the requirements stage, the RTM consists of a list of high-level requirements, or goals, by title,
with a listing of associated requirements for each goal, listed by requirement title. In this
hierarchical listing, the RTM shows that each requirement developed during this stage is
formally linked to a specific product goal. In this format, each requirement can be traced to a
specific product goal, hence the term requirements traceability.
The outputs of the requirements definition stage include the requirements document, the RTM,
and an updated project plan.
 Feasibility study is all about identification of problems in a project.
 No. of staff required to handle a project is represented as Team Formation, in this case
only modules are individual tasks will be assigned to employees who are working for that
project.
 Project Specifications are all about representing of various possible inputs submitting to
the server and corresponding outputs along with reports maintained by administrator.
Analysis Stage:
The planning stage establishes a bird's eye view of the intended software product, and uses this
to establish the basic project structure, evaluate feasibility and risks associated with the project,
and describe appropriate management and technical approaches.
The most critical section of the project plan is a listing of high-level product requirements, also
referred to as goals. All of the software product requirements to be developed during the
requirements definition stage flow from one or more of these goals. The minimum information
for each goal consists of a title and textual description, although additional information and
references to external documents may be included. The outputs of the project planning stage are
the configuration management plan, the quality assurance plan, and the project plan and
schedule, with a detailed listing of scheduled activities for the upcoming Requirements stage,
and high level estimates of effort for the out stages.
Designing Stage:
The design stage takes as its initial input the requirements identified in the approved
requirements document. For each requirement, a set of one or more design elements will be
produced as a result of interviews, workshops, and/or prototype efforts. Design elements
describe the desired software features in detail, and generally include functional hierarchy
diagrams, screen layout diagrams, tables of business rules, business process diagrams, pseudo
code, and a complete entity-relationship diagram with a full data dictionary. These design
elements are intended to describe the software in sufficient detail that skilled programmers may
develop the software with minimal additional input.
When the design document is finalized and accepted, the RTM is updated to show that each
design element is formally associated with a specific requirement. The outputs of the design
stage are the design document, an updated RTM, and an updated project plan.
Development (Coding) Stage:
The development stage takes as its primary input the design elements described in the approved
design document. For each design element, a set of one or more software artifacts will be
produced. Software artifacts include but are not limited to menus, dialogs, and data management
forms, data reporting formats, and specialized procedures and functions. Appropriate test cases
will be developed for each set of functionally related software artifacts, and an online help
system will be developed to guide users in their interactions with the software.
The RTM will be updated to show that each developed artifact is linked to a specific design
element, and that each developed artifact has one or more corresponding test case items. At this
point, the RTM is in its final configuration. The outputs of the development stage include a fully
functional set of software that satisfies the requirements and design elements previously
documented, an online help system that describes the operation of the software, an
implementation map that identifies the primary code entry points for all major system functions,
a test plan that describes the test cases to be used to validate the correctness and completeness of
the software, an updated RTM, and an updated project plan.
Integration & Test Stage:
During the integration and test stage, the software artifacts, online help, and test data are
migrated from the development environment to a separate test environment. At this point, all test
cases are run to verify the correctness and completeness of the software. Successful execution of
the test suite confirms a robust and complete migration capability. During this stage, reference
data is finalized for production use and production users are identified and linked to their
appropriate roles. The final reference data (or links to reference data source files) and production
user list are compiled into the Production Initiation Plan.
The outputs of the integration and test stage include an integrated set of software, an online help
system, an implementation map, a production initiation plan that describes reference data and
production users, an acceptance plan which contains the final suite of test cases, and an updated
project plan.
 Installation & Acceptance Test:
During the installation and acceptance stage, the software artifacts, online help, and initial
production data are loa ded onto the production server. At this point, all test cases are run to
verify the correctness and completeness of the software. Successful execution of the test suite is
a prerequisite to acceptance of the software by the customer.
After customer personnel have verified that the initial production data load is correct and the test
suite has been executed with satisfactory results, the customer formally accepts the delivery of
the software.
The primary outputs of the installation and acceptance stage include a production application, a
completed acceptance test suite, and a memorandum of customer acceptance of the software.
Finally, the PDR enters the last of the actual labor data into the project schedule and locks the
project as a permanent project record. At this point the PDR "locks" the project by archiving all
software items, the implementation map, the source code, and the documentation for future
reference.
Maintenance:
Outer rectangle represents maintenance of a project, Maintenance team will start with
requirement study, understanding of documentation later employees will be assigned work and
they will undergo training on that particular assigned category. For this life cycle there is no end,
it will be continued so on like an umbrella (no ending point to umbrella sticks).
3.4. Software Requirement Specification
3.4.1. Overall Description
A Software Requirements Specification (SRS) – a requirements specification for a software

system is a complete description of the behavior of a system to be developed. It includes a set of
use cases that describe all the interactions the users will have with the software. In addition to
use cases, the SRS also contains non-functional requirements. Nonfunctional requirements are
requirements which impose constraints on the design or implementation (such as performance
engineering requirements, quality standards, or design constraints).
System requirements specification: A structured collection of information that embodies the

requirements of a system. A business analyst, sometimes titled system analyst, is responsible for
analyzing the business needs of their clients and stakeholders to help identify business problems
and propose solutions. Within the systems development lifecycle domain, the BA typically
performs a liaison function between the business side of an enterprise and the information
technology department or external service providers. Projects are subject to three sorts of
requirements:
 Business requirements describe in business terms what must be delivered or

accomplished to provide value.
 Product requirements describe properties of a system or product (which could be one of

several ways to accomplish a set of business requirements.)
 Process requirements describe activities performed by the developing organization. For

instance, process requirements could specify .Preliminary investigation examine project
feasibility, the likelihood the system will be useful to the organization. The main objective of the
feasibility study is to test the Technical, Operational and Economical feasibility for adding new
modules and debugging old running system. All system is feasible if they are unlimited resources
and infinite time. There are aspects in the feasibility study portion of the preliminary
investigation:
• ECONOMIC FEASIBILITY
A system can be developed technically and that will be used if installed must still be a good
investment for the organization. In the economical feasibility, the development cost in creating
the system is evaluated against the ultimate benefit derived from the new systems. Financial
benefits must equal or exceed the costs. The system is economically feasible. It does not require
any addition hardware or software. Since the interface for this system is developed using the
existing resources and technologies available at NIC, There is nominal expenditure and
economical feasibility for certain.
 OPERATIONAL FEASIBILITY
Proposed projects are beneficial only if they can be turned out into information system. That will
meet the organization’s operating requirements. Operational feasibility aspects of the project are
to be taken as an important part of the project implementation. This system is targeted to be in
accordance with the above-mentioned issues. Beforehand, the management issues and user
requirements have been taken into consideration. So there is no question of resistance from the
users that can undermine the possible application benefits. The well-planned design would
ensure the optimal utilization of the computer resources and would help in the improvement of
performance status.
• TECHNICAL FEASIBILITY
Earlier no system existed to cater to the needs of ‘Secure Infrastructure Implementation System’.
The current system developed is technically feasible. It is a web based user interface for audit
workflow at NIC-CSD. Thus it provides an easy access to .the users. The database’s purpose is
to create, establish and maintain a workflow among various entities in order to facilitate all
concerned users in their various capacities or roles. Permission to the users would be granted
based on the roles specified. Therefore, it provides the technical guarantee of accuracy,
reliability and security.
3.4.2. External Interface Requirements
User Interface
The user interface of this system is a user friendly python Graphical User Interface.
Hardware Interfaces
The interaction between the user and the console is achieved through python capabilities.
Software Interfaces
The required software is python.
SYSTEM REQUIREMENT:
HARDWARE REQUIREMENTS:
 Processor - Intel i3(min)
 Speed - 1.1 GHz

 RAM - 4GB(min)
 Hard Disk - 500 GB
 Key Board - Standard Windows Keyboard
 Mouse - Two or Three Button Mouse
 Monitor - SVGA
SOFTWARE REQUIREMENTS:
 Operating System - Windows10(min)

 Programming Language - Python
4. SYSTEM DESIGN
CLASS DIAGRAM:
The class diagram is the main building block of object oriented modeling. It is used both for
general conceptual modeling of the systematic of the application, and for detailed modeling
translating the models into programming code. Class diagrams can also be used for data
modeling. The classes in a class diagram represent both the main objects, interactions in the
application and the classes to be programmed. In the diagram, classes are represented with boxes
which contain three parts:
 The upper part holds the name of the class
 The middle part contains the attributes of the class
 The bottom part gives the methods or operations the class can take or undertake
SmartGridAttack
filename
X, Y
dataset
classifier
X_train, X_test, y_train, y_test
upload()
processDataset()
runKNN()
runSVM()
logisticRegression()
detectAttack()
graph()
USECASE DIAGRAM:
A use case diagram at its simplest is a representation of a user's interaction with the
system and depicting the specifications of a use case. A use case diagram can portray the
different types of users of a system and the various ways that they interact with the system. This
type of diagram is typically used in conjunction with the textual use case and will often be
accompanied by other types of diagrams as we
Upload Reference File
Upload Submission File

User
Execute Submission
Run AutoGrader
SEQUENCE DIAGRAM
A sequence diagram is a kind of interaction diagram that shows how processes operate
with one another and in what order. It is a construct of a Message Sequence Chart. A sequence
diagram shows object interactions arranged in time sequence. It depicts the objects and classes
involved in the scenario and the sequence of messages exchanged between the objects needed to
carry out the functionality of the scenario. Sequence diagrams are typically associated with use
case realizations in the Logical View of the system under development. Sequence diagrams are
sometimes called event diagrams, event scenarios, and timing diagrams.
User Upload Dataset Preprocess Run Algorithms Upload Test Data Performance
Dataset & Predict Attack Graph
Upload Dataset
Successfully Upload Dataset
Preprocess Dataset
Successfully Preprocess Dataset
Run Algorithms
Successfully Run Algorithms
Upload Test Data & Predict Attack
Successfully Upload Test Data & Predict Attack
Performance Graph
Successfully Performance Graph
COLLABORATION DIAGRAM:
A collaboration diagram describes interactions among objects in terms of sequenced

messages. Collaboration diagrams represent a combination of information taken from class,
sequence, and use case diagrams describing both the static structure and dynamic behaviour of a
system.
Upload
Dataset
1: Successfully
Upload Dataset 2: Upload Dataset
9: Performance Graph 3: Successfully Preprocess Dataset

Performanc User Preprocess
e Graph Dataset
10: Successfully Performance Graph 4: Preprocess Dataset
5: Successfully Run Algorithms
8: Upload Test Data &
Predict Attack
7: Successfully Upload
Test Data & Predict
Attack 6: Run Algorithms Run
Upload Test Data
& Predict Attack Algorithms
COMPONENT DIAGRAM:
In the Unified Modelling Language, a component diagram depicts how components are
wired together to form larger components and or software systems. They are used to illustrate the
structure of arbitrarily complex systems.
Components are wired together by using an assembly connector to connect the required
interface of one component with the provided interface of another component. This illustrates the
service consumer - service provider relationship between the two components.
Upload
Dataset
Preprocess
Dataset
User
Run
Algorithms
Upload Test Data

& Predict Attack
Performanc
e Graph
DEPLOYMENT DIAGRAM:
A deployment diagram in the Unified Modeling Language models the physical

deployment of artifacts on nodes. To describe a web site, for example, a deployment diagram
would show what hardware components ("nodes") exist (e.g., a web server, an application server,
and a database server), what software components ("artifacts") run on each node (e.g., web
application, database), and how the different pieces are connected (e.g. JDBC, REST, RMI).
The nodes appear as boxes, and the artifacts allocated to each node appear as rectangles
within the boxes. Nodes may have sub nodes, which appear as nested boxes. A single node in a
deployment diagram may conceptually represent multiple physical nodes, such as a cluster of
database servers.
Upload
Dataset
Preproc
ess
User
Run
Algorith
Upload
Test Dat
Perform
ance
ACTIVITY DIAGRAM:
Activity diagram is another important diagram in UML to describe dynamic aspects of

the system. It is basically a flow chart to represent the flow form one activity to another activity.
The activity can be described as an operation of the system. So the control flow is drawn from
one operation to another. This flow can be sequential, branched or concurrent
Data flow :
Data flow diagrams illustrate how data is processed by a system in terms of inputs and outputs.
Data flow diagrams can be used to provide a clear representation of any business function. The
technique starts with an overall picture of the business and continues by analyzing each of the
functional areas of interest. This analysis can be carried out in precisely the level of detail
required. The technique exploits a method called top-down expansion to conduct the analysis in
a targeted way.
As the name suggests, Data Flow Diagram (DFD) is an illustration that explicates the passage of
information in a process. A DFD can be easily drawn using simple symbols. Additionally,
complicated processes can be easily automated by creating DFDs using easy-to-use, free
downloadable diagramming tools. A DFD is a model for constructing and analyzing information
processes. DFD illustrates the flow of information in a process depending upon the inputs and
outputs. A DFD can also be referred to as a Process Model. A DFD demonstrates business or
technical process with the support of the outside data saved, plus the data flowing from the
process to another and the end results.
5. IMPLEMETATION
5.1 Python
Python is a general-purpose language. It has wide range of applications from Web development
(like: Django and Bottle), scientific and mathematical computing (Orange, SymPy, NumPy) to
desktop graphical user Interfaces (Pygame, Panda3D). The syntax of the language is clean and
length of the code is relatively short. It's fun to work in Python because it allows you to think
about the problem rather than focusing on the syntax.
History of Python:
Python is a fairly old language created by Guido Van Rossum. The design began in the late
1980s and was first released in February 1991.
Why Python was created?
In late 1980s, Guido Van Rossum was working on the Amoeba distributed operating system
group. He wanted to use an interpreted language like ABC (ABC has simple easy-to-understand
syntax) that could access the Amoeba system calls. So, he decided to create a language that was
extensible. This led to design of a new language which was later named Python.
Why the name Python?
No. It wasn't named after a dangerous snake. Rossum was fan of a comedy series from late
seventies. The name "Python" was adopted from the same series "Monty Python's Flying
Circus".
Features of Python:
A simple language which is easier to learn
Python has a very simple and elegant syntax. It's much easier to read and write Python programs
compared to other languages like: C++, Java, C#. Python makes programming fun and allows
you to focus on the solution rather than syntax.
If you are a newbie, it's a great choice to start your journey with Python.
Free and open-source
You can freely use and distribute Python, even for commercial use. Not only can you use and
distribute software’s written in it, you can even make changes to the Python's source code.
Python has a large community constantly improving it in each iteration.
Portability
You can move Python programs from one platform to another, and run it without any changes.
It runs seamlessly on almost all platforms including Windows, Mac OS X and Linux.
Extensible and Embeddable
Suppose an application requires high performance. You can easily combine pieces of C/C++ or
other languages with Python code.
This will give your application high performance as well as scripting capabilities which other
languages may not provide out of the box.
A high-level, interpreted language
Unlike C/C++, you don't have to worry about daunting tasks like memory management, garbage
collection and so on.
Likewise, when you run Python code, it automatically converts your code to the language your
computer understands. You don't need to worry about any lower-level operations.
Large standard libraries to solve common tasks
Python has a number of standard libraries which makes life of a programmer much easier since
you don't have to write all the code yourself. For example: Need to connect MySQL database on
a Web server? You can use MySQLdb library using import MySQLdb .
Standard libraries in Python are well tested and used by hundreds of people. So you can be sure
that it won't break your application.
Object-oriented
Everything in Python is an object. Object oriented programming (OOP) helps you solve a
complex problem intuitively.
With OOP, you are able to divide these complex problems into smaller sets by creating objects.
Applications of Python:
1. Simple Elegant Syntax
Programming in Python is fun. It's easier to understand and write Python code. Why? The syntax
feels natural. Take this source code for an example:
a=2
b=3
sum = a + b
print(sum)
2. Not overly strict
You don't need to define the type of a variable in Python. Also, it's not necessary to add
semicolon at the end of the statement.
Python enforces you to follow good practices (like proper indentation). These small things can
make learning much easier for beginners.
3. Expressiveness of the language
Python allows you to write programs having greater functionality with fewer lines of code.
Here's a link to the source code of Tic-tac-toe game with a graphical interface and a smart
computer opponent in less than 500 lines of code. This is just an example. You will be amazed
how much you can do with Python once you learn the basics.
4. Great Community and Support
Python has a large supporting community. There are numerous active forums online which can
be handy if you are stuck.
5.2 Sample Code:
from tkinter import messagebox

from tkinter import *
from tkinter import simpledialog
import tkinter
from tkinter import filedialog
import matplotlib.pyplot as plt
import numpy as np
from tkinter.filedialog import askopenfilename
import os
import numpy as np
from sklearn.metrics import accuracy_score
from sklearn.model_selection import train_test_split
import pandas as pd
from sklearn.neighbors import KNeighborsClassifier
from sklearn.metrics import precision_score
from sklearn.metrics import recall_score
from sklearn.metrics import f1_score
from sklearn import svm
from sklearn.linear_model import LogisticRegression
from sklearn.preprocessing import LabelEncoder
from sklearn.preprocessing import normalize
from sklearn.linear_model import Perceptron
import pandas as pd
main = tkinter.Tk()
main.title("Machine Learning Methods for Attack Detection in the Smart Grid")
main.geometry("1300x1200")
global filename
global X, Y
global dataset
global classifier
global X_train, X_test, y_train, y_test
le = LabelEncoder()
accuracy = []
precision = []
recall = []
fscore = []
def upload():
global filename
global dataset
filename = filedialog.askopenfilename(initialdir="Dataset")
pathlabel.config(text=filename)
text.delete('1.0', END)
text.insert(END,filename+" loaded\n\n")
dataset = pd.read_csv(filename)
dataset.fillna(0, inplace = True)
dataset = dataset.replace(np.nan, 0)
text.insert(END,str(dataset)+"\n")
def processDataset():
global X, Y
global dataset
dataset['marker'] = pd.Series(le.fit_transform(dataset['marker']))
dataset = dataset.fillna(dataset.mean())
temp = dataset
dataset.replace([np.inf, -np.inf], np.nan, inplace=True)
dataset = dataset.values
print(np.isnan(dataset.any()))
X = dataset[:,0:dataset.shape[1]-1]
Y = dataset[:,dataset.shape[1]-1]
X = X.round(decimals=4)
X = normalize(X)
indices = np.arange(X.shape[0])
np.random.shuffle(indices)
X = X[indices]
Y = Y[indices]
print(Y)
X_train, X_test, y_train, y_test = train_test_split(X, Y, test_size=0.1)
print(y_test)
print(y_train)
text.insert(END,"Total records found in dataset are : "+str(X.shape[0])+"\n")
text.insert(END,"Total records used to train machine learning algorithms are :
"+str(X_train.shape[0])+"\n")
text.insert(END,"Total records used to test machine learning algorithms are :
"+str(X_test.shape[0])+"\n\n")
text.insert(END,str(temp)+"\n\n")
def runPerceptron():
accuracy.clear()
precision.clear()
recall.clear()
fscore.clear()
cls = Perceptron(class_weight='balanced')
cls.fit(X_train,y_train)
predict = cls.predict(X_test)
a = accuracy_score(y_test,predict) * 100
p = precision_score(y_test, predict,average='macro') * 100
r = recall_score(y_test, predict,average='macro') * 100
f = f1_score(y_test, predict,average='macro') * 100
text.insert(END,"Perceptron Precision : "+str(p)+"\n")
text.insert(END,"Perceptron Recall : "+str(r)+"\n")
text.insert(END,"Perceptron FScore : "+str(f)+"\n")
text.insert(END,"Perceptron Accuracy : "+str(a)+"\n\n")
accuracy.append(a)
precision.append(p)
recall.append(r)
fscore.append(f)
def runKNN():
global classifier
cls = KNeighborsClassifier(n_neighbors = 3)
text.insert(END,"KNN Precision : "+str(p)+"\n")
text.insert(END,"KNN Recall : "+str(r)+"\n")
text.insert(END,"KNN FScore : "+str(f)+"\n")
text.insert(END,"KNN Accuracy : "+str(a)+"\n\n")
accuracy.append(a)
precision.append(p)
recall.append(r)
fscore.append(f)
classifier = cls
def runSVM():
cls = svm.SVC(class_weight='balanced')
text.insert(END,"SVM Precision : "+str(p)+"\n")
text.insert(END,"SVM Recall : "+str(r)+"\n")
text.insert(END,"SVM FScore : "+str(f)+"\n")
text.insert(END,"SVM Accuracy : "+str(a)+"\n\n")
accuracy.append(a)
precision.append(p)
recall.append(r)
fscore.append(f)
def logisticRegression():
cls = LogisticRegression(class_weight='balanced')
text.insert(END,"Logistic Regression Precision : "+str(p)+"\n")
text.insert(END,"Logistic Regression Recall : "+str(r)+"\n")
text.insert(END,"Logistic Regression FScore : "+str(f)+"\n")
text.insert(END,"Logistic Regression Accuracy : "+str(a)+"\n\n")
accuracy.append(a)
precision.append(p)
recall.append(r)
fscore.append(f)
def detectAttack():
filename = filedialog.askopenfilename(initialdir="Dataset")
test = pd.read_csv(filename)
test.fillna(0, inplace = True)
rawValues = test
rawValues = rawValues.values
test = test.values
test = normalize(test)
predict = classifier.predict(test)
print(predict)
for i in range(len(test)):
if predict[i] == 0:
text.insert(END,"X=%s, Predicted = %s" % (rawValues[i], ' Attack Observation Detected
: ')+"\n\n")
if predict[i] == 1:
text.insert(END,"X=%s, Predicted = %s" % (rawValues[i], ' No Attack Observation
Detected : ')+"\n\n")
def graph():
df = pd.DataFrame([['Perceptron','Precision',precision[0]],['Perceptron','Recall',recall[0]],
['Perceptron','F1 Score',fscore[0]],['Perceptron','Accuracy',accuracy[0]],
['KNN','Precision',precision[1]],['KNN','Recall',recall[1]],['KNN','F1
Score',fscore[1]],['KNN','Accuracy',accuracy[1]],
['SVM','Precision',precision[2]],['SVM','Recall',recall[2]],['SVM','F1
Score',fscore[2]],['SVM','Accuracy',accuracy[2]],
['Logistic Regression','Precision',precision[3]],['Logistic
Regression','Recall',recall[3]],['Logistic Regression','F1 Score',fscore[3]],['Logistic
Regression','Accuracy',accuracy[3]],
],columns=['Parameters','Algorithms','Value'])
df.pivot("Parameters", "Algorithms", "Value").plot(kind='bar')
plt.show()
font = ('times', 14, 'bold')

title = Label(main, text='Machine Learning Methods for Attack Detection in the Smart Grid')
title.config(bg='yellow3', fg='white')
title.config(font=font)
title.config(height=3, width=120)
title.place(x=0,y=5)
font1 = ('times', 13, 'bold')

uploadButton = Button(main, text="Upload Smart Grid Dataset", command=upload)
uploadButton.place(x=50,y=100)
uploadButton.config(font=font1)
pathlabel = Label(main)
pathlabel.config(bg='brown', fg='white')
pathlabel.config(font=font1)
pathlabel.place(x=460,y=100)
processButton = Button(main, text="Preprocess Data", command=processDataset)

processButton.place(x=50,y=150)
processButton.config(font=font1)
perceptronButton = Button(main, text="Run Perceptron Algorithm", command=runPerceptron)

perceptronButton.place(x=280,y=150)
perceptronButton.config(font=font1)
knnButton = Button(main, text="Run KNN Algorithm", command=runKNN)

knnButton.place(x=530,y=150)
knnButton.config(font=font1)
svmbutton = Button(main, text="Run Support Vector Machine", command=runSVM)

svmbutton.place(x=730,y=150)
svmbutton.config(font=font1)
lrButton = Button(main, text="Run Logistic Regression", command=logisticRegression)

lrButton.place(x=50,y=200)
lrButton.config(font=font1)
detectButton = Button(main, text="Detect Attack from Test Data", command=detectAttack)

detectButton.place(x=280,y=200)
detectButton.config(font=font1)
graphButton = Button(main, text="All Algorithms Performance Graph", command=graph)

graphButton.place(x=530,y=200)
graphButton.config(font=font1)
font1 = ('times', 12, 'bold')
text=Text(main,height=20,width=150)
scroll=Scrollbar(text)
text.configure(yscrollcommand=scroll.set)
text.place(x=10,y=250)
text.config(font=font1)
main.config(bg='burlywood2')
main.mainloop()
6. TESTING
Implementation and Testing:
Implementation is one of the most important tasks in project is the phase in which one has to be
cautions because all the efforts undertaken during the project will be very interactive.
Implementation is the most crucial stage in achieving successful system and giving the users
confidence that the new system is workable and effective. Each program is tested individually at
the time of development using the sample data and has verified that these programs link together
in the way specified in the program specification. The computer system and its environment are
tested to the satisfaction of the user.
Implementation
The implementation phase is less creative than system design. It is primarily concerned with user
training, and file conversion. The system may be requiring extensive user training. The initial
parameters of the system should be modifies as a result of a programming. A simple operating
procedure is provided so that the user can understand the different functions clearly and quickly.
The different reports can be obtained either on the inkjet or dot matrix printer, which is available
at the disposal of the user. The proposed system is very easy to implement. In general
implementation is used to mean the process of converting a new or revised system design into an
operational one.
Testing
Testing is the process where the test data is prepared and is used for testing the modules
individually and later the validation given for the fields. Then the system testing takes place
which makes sure that all components of the system property functions as a unit. The test data
should be chosen such that it passed through all possible condition. Actually testing is the state
of implementation which aimed at ensuring that the system works accurately and efficiently
before the actual operation commence. The following is the description of the testing strategies,
which were carried out during the testing period.
System Testing
Testing has become an integral part of any system or project especially in the field of
information technology. The importance of testing is a method of justifying, if one is ready to
move further, be it to be check if one is capable to with stand the rigors of a particular situation
cannot be underplayed and that is why testing before development is so critical. When the
software is developed before it is given to user to use the software must be tested whether it is
solving the purpose for which it is developed. This testing involves various types through which
one can ensure the software is reliable. The program was tested logically and pattern of
execution of the program for a set of data are repeated. Thus the code was exhaustively checked
for all possible correct data and the outcomes were also checked.
Module Testing
To locate errors, each module is tested individually. This enables us to detect error and correct it
without affecting any other modules. Whenever the program is not satisfying the required
function, it must be corrected to get the required result. Thus all the modules are individually
tested from bottom up starting with the smallest and lowest modules and proceeding to the next
level. Each module in the system is tested separately. For example the job classification module
is tested separately. This module is tested with different job and its approximate execution time
and the result of the test is compared with the results that are prepared manually. The comparison
shows that the results proposed system works efficiently than the existing system. Each module
in the system is tested separately. In this system the resource classification and job scheduling
modules are tested separately and their corresponding results are obtained which reduces the
process waiting time.
Integration Testing
After the module testing, the integration testing is applied. When linking the modules there may
be chance for errors to occur, these errors are corrected by using this testing. In this system all
modules are connected and tested. The testing results are very correct. Thus the mapping of jobs
with resources is done correctly by the system.
Acceptance Testing
When that user fined no major problems with its accuracy, the system passers through a final
acceptance test. This test confirms that the system needs the original goals, objectives and
requirements established during analysis without actual execution which elimination wastage of
time and money acceptance tests on the shoulders of users and management, it is finally
acceptable and ready for the operation.
Test Test Case Test Case Test Steps Test Test

Case Name Desc. Step Expected Actual Case Priority
Id Status
01 Upload Verify If Dataset we cannot we can do High High
Dataset Dataset may not do any further
Uploaded or upload further operations
not operations
02 Preprocess Verify If we cannot we can do High High
Dataset Preprocess Preprocess do any further
Dataset Dataset File further operations
Uploaded or may not operations
not upload
03 Run Verify Run If we cannot we can do High High
Algorithms Algorithms Algorithms do any further
or not May not be further operations
Run operations
04 Upload Test Verify If Test Data We cannot We can High High
Data & Upload Test & Predict run Run the
Predict Data & Attack not operation Operation
Attack Predict upload
Attack or
not
05 Performance Verify If We cannot We can High High
Graph Performance Performance run Run the
Graph or not Graph not operation Operation
upload
7. RESULTS
A smart grid is an electricity network enabling a two-way flow of electricity and data with digital
communications technology enabling to detect, react and pro-act to changes in usage and
multiple issues. Smart grids have self-healing capabilities and enable electricity customers to
become active participants. In some smart cities electricity consumption, opening or closing
doors etc are managed by this smart grid. Some malicious user can attack this smart grid system
to spread or inject false information and smart grid will get executed based on provide false
information which can cause huge financial loss.
To detect such attack existing techniques were using state vector estimation to check values are
in threshold and if values out of given threshold then it will consider as attack and this technique
is not reliable to detect attack when values are mixed with genuine and attack data as this
technique is not sufficient to detect unobserved data mixed with observe data and to avoid such
problem author of this paper is using various machine learning algorithms to detect such attacks
from observe and unobserved data.
Machine learning algorithms can make prediction by analyzing past historical data and its good
at noticing unobserved data mixed with observe data and due to this reason machine learning
algorithms can predict such false injection attack mixed with observe data.
To implement this project we are using dataset shown in below screen

In above dataset screen first record contains column names and other records contains columns
values and all those values are called as power vector generated from smart grid system and each
record is associated with 2 labels called ‘ATTACK’ or ‘NATURAL’ where attack means record
contains attack vector or natural means normal vector.
In above screen each record contains 192 column values and in last column we have values as
Natural or Attack and we will use above dataset to train all 4 machine learning algorithms.
SCREEN SHOTS
To run project double click on ‘run.bat’ file to get below screen

In above screen click on ‘Upload Smart Grid Dataset’ button and upload dataset
In above screen we are selecting and uploading ‘Dataset.csv’ file and then click on ‘Open’ button
to load dataset and to get below screen
In above screen dataset loaded and we can see above dataset showing non-numeric values and to
replace them click on ‘Preprocess Data’ to replace with numeric values
In above screen all string values and missing values are replace with numeric values and in
above screen in first 3 lines we can see dataset contains total 527 records and application using
474 records to train ML and 53 records to test ML accuracy. Now dataset is ready with train and
test parts and now click on ‘Run Perceptron Algorithm’ button to train perceptron algorithm on
above dataset and to get its accuracy
In above screen I clicked on all 4 algorithms button and then we got accuracy, precision, recall
and FSCORE of each algorithm and in all algorithm KNN is giving better performance result.
Now we can upload test data and then ML algorithm will predict class label as normal or attack.
In below test data we can see we have vector values but we don’t have class label and this class
label will be predicted by ML
In above test dataset screen we don’t have class label as natural or attack and now we will upload
above dataset to application and then ML predict class label for each record. Now click on
‘Detect Attack from Test Data’ button to get below screen
In above screen selecting and uploading ‘testData.csv’ file and then click on ‘Open’ button to get
below result
In above screen in square bracket we have grid vector values and after square bracket we can see
predicted result as below screen and to see predicted result just scroll down above screen textarea
In above screen we can see predicted result as ATTACK observation values detected
In above screen we can see NO attack detected for 4 th records and similarly scroll down to see
each record prediction result. Now click on ‘All Algorithms Performance Graph’ button to get
below graph
In above graph x-axis represents algorithm name and y-axis represents accuracy, precision, recall
and FSCORE for each algorithm and from above graph we can say KNN is giving better result
8. CONCLUSION
The attack detection problem has been reformulated as a machine learning problem and the
performance of supervised, semi supervised, classifier and feature space fusion, and online
learning algorithms have been analyzed for different attack scenarios. In a supervised binary
classification problem, the attacked and secure measurements are labeled in two separate classes.
In the experiments, we have observed that the state-of-the-art machine learning algorithms
perform better than the well-known attack detection algorithms that employ an SVE approach for
the detection of both observable and unobservable attacks. We have observed that the perceptron
is less sensitive and the k-NN is more sensitive to the system size than the other algorithms. In
addition, the imbalanced data problem affects the performance of the k-NN. Therefore, k-NN
may perform better in small-sized systems and worse in large-sized systems when compared to
other algorithms. The SVM performs better than the other algorithms in large-scale systems. In
the performance tests of the SVM, we observe a phase transition at κ ∗, which is the minimum
number of measurements that are required to be accessible by the attackers in order to construct
unobservable attacks. Moreover, a large value of κ does not necessarily imply high impact of
data injection attacks. For example, if the attack vector a has small values in all elements, then
the impact of a may still be limited. More important, if a is a vector with small values compared
with the noise, then even machine learning-based approaches may fail. We have observed two
challenges of SVMs in their application to attack detection problems in smart grid. First, the
performance of the SVM is affected by the selection of kernel types. For instance, we have
observed that the linear and Gaussian kernel SVM perform similarly in the IEEE 9-bus system.
However, for the IEEE 57-bus system, the Gaussian kernel SVM outperforms its linear
counterparts. Moreover, the values of the phase transition points of the performance of the
Gaussian kernel SVM coincide with the theoretically computed κ ∗ values. This implies that the
feature vectors in F, which are computed using Gaussian kernels, are linearly separable for
higher values of κ. Interestingly, the transition points miss κ ∗ in the IEEE 118-bus system,
which means that alternative kernels, are needed for this system. Second, the SVM is sensitive to
the sparsity of the systems. To solve this problem, sparse SVM [48] and kernel machines [49]
can be employed. In this paper, we approached this problem using the SLR. However, obtaining
an optimal regularization parameter, λˆ, is computationally challenging [24]. To use information
extracted from test data in the computation of the learning models, semisupervised methods have
been employed in the proposed approach. In semisupervised learning algorithms, we have used
test data together with training data in an optimization algorithm used to compute the learning
model. The numerical results show that the semisupervised learning methods are more robust to
the degree of sparsity of the data than the supervised learning methods. We have employed
Adaboost and MKL as decision- and feature-level fusion algorithms. Experimental results show
that fusion methods provide learning models that are more robust to changes in the system size
and data sparsity than the other methods. On the other hand, computational complexities of most
of the classifier and feature fusion methods are higher than those of the single classifier and
feature extraction methods. Finally, we have analyzed online learning methods for real-time
attack detection problems. Since a sequence of training samples or just a single sample is
processed at each time, the computational complexity of most of the online algorithms is less
than the batch learning algorithms. In the experiments, we have observed that the classification
performance of online learning algorithms is comparable with that of the batch algorithms. In
future work, we plan to first apply the proposed approach and the methods to an attack
classification problem for deciding which of several possible attack types have occurred given
that an attack has been detected. Then, we plan to consider the relationship between
measurement noise and bias-variance properties of learning models for the development of attack
detection and classification algorithms. In addition, we plan to expand our analyses for varying
numbers of clusters G and cluster sizes Ng , ∀g = 1, 2,..., G, by relaxing the assumptions made
in this paper for attack detection in smart grid systems, e.g., when the samples are not i.i.d. but
rather are obtained from nonstationary distributions, such as when, concept drift [37] and data set
shift [38] occur
9. REFERENCES
[1] C. Rudin et al., “Machine learning for the New York City power grid,” IEEE Trans. Pattern
Anal. Mach. Intell., vol. 34, no. 2, pp. 328–345, Feb. 2012.
[2] R. N. Anderson, A. Boulanger, W. B. Powell, and W. Scott, “Adaptive stochastic control for
the smart grid,” Proc. IEEE, vol. 99, no. 6, pp. 1098–1115, Jun. 2011.
[3] Z. M. Fadlullah, M. M. Fouda, N. Kato, X. Shen, and Y. Nozaki, “An early warning system
against malicious activities for smart grid communications,” IEEE Netw., vol. 25, no. 5, pp. 50–
55, Sep./Oct. 2011.
[4] Y. Zhang, L. Wang, W. Sun, R. C. Green, and M. Alam, “Distributed intrusion detection
system in a multi-layer network architecture of smart grids,” IEEE Trans. Smart Grid, vol. 2, no.
4, pp. 796–808, Dec. 2011.
[5] M. Ozay, I. Esnaola, F. T. Yarman Vural, S. R. Kulkarni, and H. V. Poor, “Sparse attack
construction and state estimation in the smart grid: Centralized and distributed models,” IEEE J.
Sel. Areas Commun., vol. 31, no. 7, pp. 1306–1318, Jul. 2013. This article has been accepted for
inclusion in a future issue of this journal. Content is final as presented, with the exception of
pagination. OZAY et al.: MACHINE LEARNING METHODS FOR ATTACK DETECTION IN
THE SMART GRID 13
[6] A. Abur and A. G. Expósito, Power System State Estimation: Theory and Implementation.
New York, NY, USA: Marcel Dekker, 2004.
[7] Y. Liu, P. Ning, and M. K. Reiter, “False data injection attacks against state estimation in
electric power grids,” in Proc. 16th ACM Conf. Comput. Commun. Secur., Chicago, IL, USA,
Nov. 2009, pp. 21–32. [8] O. Kosut, L. Jia, R. J. Thomas, and L. Tong, “Malicious data attacks
on the smart grid,” IEEE Trans. Smart Grid, vol. 2, no. 4, pp. 645–658, Dec. 2011.
[9] E. Cotilla-Sanchez, P. D. H. Hines, C. Barrows, and S. Blumsack, “Comparing the

topological and electrical structure of the North American electric power infrastructure,” IEEE
Syst. J., vol. 6, no. 4, pp. 616–626, Dec. 2012.
[10] T. T. Kim and H. V. Poor, “Strategic protection against data injection attacks on power
grids,” IEEE Trans. Smart Grid, vol. 2, no. 2, pp. 326–333, Jun. 2011.
[11] E. J. Candès and T. Tao, “Decoding by linear programming,” IEEE Trans. Inf. Theory, vol.
51, no. 12, pp. 4203–4215, Dec. 2005.
[12] D. L. Donoho, “Compressed sensing,” IEEE Trans. Inf. Theory, vol. 52, no. 4, pp. 1289–
1306, Apr. 2006.
[13] M. Ozay, I. Esnaola, F. T. Yarman Vural, S. R. Kulkarni, and H. V. Poor, “Smarter security
in the smart grid,” in Proc. 3rd IEEE Int. Conf. Smart Grid Commun., Tainan, Taiwan, Nov.
2012, pp. 312–317. [14] L. Saitta, A. Giordana, and A. Cornuéjols, Phase Transitions in Machine
Learning. New York, NY, USA: Cambridge Univ. Press, 2011.
[15] M. Ozay, I. Esnaola, F. T. Yarman Vural, S. R. Kulkarni, and H. V. Poor, “Distributed
models for sparse attack construction and state vector estimation in the smart grid,” in Proc. 3rd
IEEE Int. Conf. Smart Grid Commun., Tainan, Taiwan, Nov. 2012, pp. 306–311.
[16] O. Bousquet, S. Boucheron, and G. Lugosi, “Introduction to statistical learning theory,” in

Advanced Lectures on Machine Learning, O. Bousquet, U. von Luxburg, and G. Rätsch, Eds.
Berlin, Germany: Springer-Verlag, 2004.
[17] S. Kulkarni and G. Harman, An Elementary Introduction to Statistical Learning Theory.

Hoboken, NJ, USA: Wiley, 2011.
[18] Q. Wang, S. R. Kulkarni, and S. Verdú, “Divergence estimation for multidimensional

densities via k-nearest-neighbor distances,” IEEE Trans. Inf. Theory, vol. 55, no. 5, pp. 2392–
2405, May 2009.
[19] S. Theodoridis and K. Koutroumbas, Pattern Recognition. Orlando, FL, USA: Academic,
2006. [20] R. D. Duda, P. E. Hart, and D. G. Stork, Pattern Classification. New York, NY, USA:
Wiley, 2001.
[21] I. Steinwart and A. Christmann, Support Vector Machines. New York, NY, USA: Springer-
Verlag, 2008.
[22] S. R. Kulkarni and G. Harman, “Statistical learning theory: A tutorial,” Wiley Interdiscipl.
Rev., Comput. Statist., vol. 3, no. 6, pp. 543–556, 2011.
[23] O. Chapelle, “Training a support vector machine in the primal,” Neural Comput., vol. 19,
no. 5, pp. 1155–1178, 2007.
[24] S. Boyd, N. Parikh, E. Chu, B. Peleato, and J. Eckstein, “Distributed optimization and
statistical learning via the alternating direction method of multipliers,” Found. Trends Mach.
Learn., vol. 3, no. 1, pp. 1–122, Jan. 2011.
[25] O. Chapelle, B. Schölkopf, and A. Zien, Eds., Semi-Supervised Learning. Cambridge, MA,
USA: MIT Press, 2006.
[26] T. Joachims, “Transductive inference for text classification using support vector machines,”
in Proc. 16th Int. Conf. Mach. Learn., Bled, Slovenia, Jun. 1999, pp. 200–209.
[27] O. Chapelle, V. Sindhwani, and S. S. Keerthi, “Optimization techniques for semi-supervised

support vector machines,” J. Mach. Learn. Res., vol. 9, no. 6, pp. 203–233, 2008.
[28] Y. Freund and R. E. Schapire, “A decision-theoretic generalization of on-line learning and

an application to boosting,” J. Comput. Syst. Sci., vol. 55, no. 1, pp. 119–139, 1997.
[29] F. R. Bach, G. R. G. Lanckriet, and M. I. Jordan, “Multiple kernel learning, conic duality,
and the SMO algorithm,” in Proc. 21st Int. Conf. Mach. Learn., Banff, AB, Canada, Jul. 2004,
pp. 6–13.
[30] L. I. Kuncheva, Combining Pattern Classifiers: Methods and Algorithms. Hoboken, NJ,
USA: Wiley, 2004.
[31] R. E. Schapire and Y. Freund, Boosting: Foundations and Algorithms. Cambridge, MA,
USA: MIT Press, 2012.
[32] A. Rakotomamonjy, F. Bach, S. Canu, and Y. Grandvalet, “SimpleMKL,” J. Mach. Learn.

Res., vol. 9, pp. 2491–2521, Nov. 2008.
[33] S. Kakade and A. T. Kalai, “From batch to transductive online learning,” in Advances in
Neural Information Processing Systems 18, Y. Weiss, B. Schölkopf, and J. Platt, Eds.
Cambridge, MA, USA: MIT Press, 2005, pp. 611–618.
[34] F. Orabona, J. Keshet, and B. Caputo, “Bounded kernel-based online learning,” J. Mach.
Learn. Res., vol. 10, pp. 2643–2666, Dec. 2009.
[35] P. Carbonetto, M. Schmidt, and N. de Freitas, “An interior-point stochastic approximation

method and an L1-regularized delta rule,” in Advances in Neural Information Processing
Systems 21, D. Koller, D. Schuurmans, Y. Bengio, and L. Bottou, Eds. Red Hook, NY, USA:
Curran Associates, 2008, pp. 233–240. [36] R. D. Zimmerman, C. E. Murillo-Sánchez, and R. J.
Thomas, “MATPOWER: Steady-state operations, planning, and analysis tools for power systems
research and education,” IEEE Trans. Power Syst., vol. 26, no. 1, pp. 12–19, Feb. 2011.
[37] P. L. Bartlett, S. Ben-David, and S. R. Kulkarni, “Learning changing concepts by
exploiting the structure of change,” Mach. Learn., vol. 41, no. 2, pp. 153–174, 2000.
[38] J. Quioñero-Candela, M. Sugiyama, A. Schwaighofer, and N. D. Lawrence, Eds., Dataset

Shift in Machine Learning. Cambridge, MA, USA: MIT Press, 2009.
[39] C.-C. Chang and C.-J. Lin, “LIBSVM: A library for support vector machines,” ACM Trans.
Intell. Syst. Technol., vol. 2, no. 3, 2011, Art. ID 27.
[40] R.-E. Fan, K.-W. Chang, C.-J. Hsieh, X.-R. Wang, and C.-J. Lin, “LIBLINEAR: A library
for large linear classification,” J. Mach. Learn. Res., vol. 9, pp. 1871–1874, Jun. 2008.
[41] S. S. Keerthi and C.-J. Lin, “Asymptotic behaviors of support vector machines with
Gaussian kernel,” Neural Comput., vol. 15, no. 7, pp. 1667–1689, 2003.
[42] K. Koh, S.-J. Kim, and S. Boyd, “An interior-point method for largescale 1-regularized
logistic regression,” J. Mach. Learn. Res., vol. 8, pp. 1519–1555, Jul. 2007.
[43] L. Devroye, L. Györfi, and G. Lugosi, A Probabilistic Theory of Pattern Recognition. New
York, NY, USA: Springer-Verlag, 1996.
[44] T. Joachims, “Making large-scale support vector machine learning practical,” in Advances
in Kernel Methods, B. Schölkopf, C. J. C. Burges, and A. J. Smola, Eds. Cambridge, MA, USA:
MIT Press, 1999, pp. 169–184.
[45] F. Orabona. (2009). DOGMA: A MATLAB Toolbox for Online Learning. [Online].
Available: http://dogma.sourceforge.net [46] D. L. Donoho and M. Elad, “Optimally sparse
representation in general (nonorthogonal) dictionaries via 1 minimization,” Proc. Nat. Acad. Sci.
United States Amer., vol. 100, no. 5, pp. 2197–2202, 2003.
[47] K. P. Murphy, Machine Learning: A Probabilistic Perspective. Cambridge, MA, USA: MIT
Press, 2012. [48] J. Bi, K. Bennett, M. Embrechts, C. Breneman, and M. Song, “Dimensionality
reduction via sparse support vector machines,” J. Mach. Learn. Res., vol. 3, pp. 1229–1243, Mar.
2003.
[49] M. Wu, B. Schölkopf, and G. Bakir, “A direct method for building sparse kernel learning
algorithms,” J. Mach. Learn. Res., vol. 7, pp. 603–624, Apr. 2006.

Machine Learning Methods For Attack Detection in The Smart Grid Final

Uploaded by

Machine Learning Methods For Attack Detection in The Smart Grid Final

Uploaded by

MACHINE LEARNING METHODS FOR ATTACK

DETECTION IN THE SMART GRID

1.1 Objective of the project:

“Machine learning for the New York City power grid,”

“Adaptive stochastic control for the smart grid,”

“Distributed intrusion detection system in a multi-layer network architecture of smart

“Strategic protection against data injection attacks on power grids,”

“Decoding by linear programming,”

Suppose x is an unknown vector in Ropf m (a digital image or signal); we plan to measure n

3.1 Existing System

Disadvantages of Existing System:

3.2 Proposed System

Advantages of Proposed System:

Work down Structure:

python 3.7.0 or 3.7.4

Models and Diagrams:

Scalability: Scalability is the measure of a system's ability to increase or decrease in

3.3. PROCESS MODEL USED WITH JUSTIFICATION

SDLC (Umbrella Model):

Business Requirement Umbrella

Requirements Gathering stage:

 Feasibility study is all about identification of problems in a project.

Development (Coding) Stage:

Integration & Test Stage:

 Installation & Acceptance Test:

3.4. Software Requirement Specification

3.4.1. Overall Description

A Software Requirements Specification (SRS) – a requirements specification for a software

System requirements specification: A structured collection of information that embodies the

 Business requirements describe in business terms what must be delivered or

 Product requirements describe properties of a system or product (which could be one of

 Process requirements describe activities performed by the developing organization. For

The required software is python.

 Processor - Intel i3(min)

 Speed - 1.1 GHz

 Operating System - Windows10(min)

Upload Submission File

Successfully Upload Dataset

Successfully Preprocess Dataset

Successfully Run Algorithms

Upload Test Data & Predict Attack

Successfully Upload Test Data & Predict Attack

Successfully Performance Graph

A collaboration diagram describes interactions among objects in terms of sequenced

9: Performance Graph 3: Successfully Preprocess Dataset

Upload Test Data

A deployment diagram in the Unified Modeling Language models the physical

Activity diagram is another important diagram in UML to describe dynamic aspects of

Why Python was created?

Why the name Python?

A simple language which is easier to learn

Free and open-source

Python has a large community constantly improving it in each iteration.

Extensible and Embeddable

A high-level, interpreted language

Large standard libraries to solve common tasks

1. Simple Elegant Syntax

2. Not overly strict

3. Expressiveness of the language

4. Great Community and Support

5.2 Sample Code:

from tkinter import messagebox

font = ('times', 14, 'bold')

font1 = ('times', 13, 'bold')

processButton = Button(main, text="Preprocess Data", command=processDataset)

perceptronButton = Button(main, text="Run Perceptron Algorithm", command=runPerceptron)

knnButton = Button(main, text="Run KNN Algorithm", command=runKNN)

svmbutton = Button(main, text="Run Support Vector Machine", command=runSVM)

lrButton = Button(main, text="Run Logistic Regression", command=logisticRegression)

detectButton = Button(main, text="Detect Attack from Test Data", command=detectAttack)

graphButton = Button(main, text="All Algorithms Performance Graph", command=graph)

Test Test Case Test Case Test Steps Test Test

To implement this project we are using dataset shown in below screen

To run project double click on ‘run.bat’ file to get below screen

[9] E. Cotilla-Sanchez, P. D. H. Hines, C. Barrows, and S. Blumsack, “Comparing the

[16] O. Bousquet, S. Boucheron, and G. Lugosi, “Introduction to statistical learning theory,” in