# Detecting Cyber-attacks to Smart Grids and Increasing Resiliency Using Data Driven Algorithms

## Date

## Authors

## Journal Title

## Journal ISSN

## Volume Title

## Publisher

## Abstract

Data driven algorithms can be generally divided into two main categories including optimization methods and machine learning approaches. Optimization methods try to find the optimal decision states by finding the feasible boundaries of the problem. On the other hand, machine learning algorithms aim to find the solutions by iterating via small steps toward the optimal answer following the gradient descents. These two data-driven algorithms are widely deployed in many science and engineering fields and in this dissertation, we use both of these methods to address cyber-security issues of smart grids. We first use the optimization algorithm to present two bi-level problems to address the bidding problem in electricity markets and cyber-attack detection in virtual bidding process in electricity markets. We investigate False Data Injection (FDI) problem in smart grids and the approaches the detect attacks. Both models are solved using mathematical programming with equality constraint (MPEC) and the possible cyber-attack's locations and malicious data are identified. We then study the machine learning abilities to learn the cyber-attacker's behavior using real data. We use the Day-ahead (DA) and Real-time (RT) electricity price and demand to create our initial model of the cyber-attacker. Then, we apply a zero-sum game between the cyber-attacker and system defender using novel machine learning method known as Generative Adversarial Networks (GANs). Then, we present a new deep learning structure to model both cyber-attacker and system defender and aslo flexibility of the system defender to learn different possible attacks. We also use another machine learning approach to mitigate the cyber-attacks effects. Particularly, we use Reinforcement Learning (RL) to investigate the optimal possible actions after the cyber-attack happens in the system. In order to model the possible attack's locations we use multi-stage game between the cyber-attacker and system defender. To model the attacker's moves, we use the Hamiltonian Markov Chain Monte Carlo (H-MCMC) and sample from the posterior distribution of the attack's locations. we then train a deep RL network to learn the optimal actions regarding given game stage and possible future game stages.