USING A K-NEAREST NEIGHBORS MACHINE LEARNING APPROACH TO DETECT CYBERATTACKS ON THE NAVY SMART GRID

Abstract

In 2019, the Naval Facilities Engineering Command (NAVFAC) deployed the Navy smart grid across multiple bases in the United States. The smart grid can improve the reliability, availability, and efficiency of electricity supply. While this brings about immense benefit, placing the grid on a network connected to the internet increases the threat of cyberattacks aimed at intelligence collection, disruption, and destruction. In this thesis, we propose an Intrusion Detection System (IDS) for the NAVFAC smart grid. This IDS comprises a feature extractor, classifier, anomaly detector, and response manager. We use the K-Nearest Neighbors machine learning algorithm to show that various attacks (web attacks, FTP/SSH attacks, DOS, DDOS and port scanning) can be grouped into broader attack classes of Active, Denial, and Probe for appropriate response management. We also show that in order to reduce the load on the security operations center (SOC), the accuracy of the classifier can be maximized by optimizing the value of k, which is the number of data points nearest to the sample under consideration that decides the class assigned.