Jordan Landford,Rich Meier,Richard Barella,Xinghui Zhao,Eduardo Cotilla-Sanchez,Robert B. Bass,Scott Wallace

DOI: https://doi.org/10.48550/arXiv.1509.05086

2015-09-17

Abstract:Modern power systems have begun integrating synchrophasor technologies into part of daily operations. Given the amount of solutions offered and the maturity rate of application development it is not a matter of "if" but a matter of "when" in regards to these technologies becoming ubiquitous in control centers around the world. While the benefits are numerous, the functionality of operator-level applications can easily be nullified by injection of deceptive data signals disguised as genuine measurements. Such deceptive action is a common precursor to nefarious, often malicious activity. A correlation coefficient characterization and machine learning methodology are proposed to detect and identify injection of spoofed data signals. The proposed method utilizes statistical relationships intrinsic to power system parameters, which are quantified and presented. Several spoofing schemes have been developed to qualitatively and quantitatively demonstrate detection capabilities.

Machine Learning,Cryptography and Security

Huiying Ren,Zhangshuan Hou,Pavel Etingov

DOI: https://doi.org/10.1109/pmaps.2018.8440495

2018-01-01

Abstract:This paper presents an online early anomaly detection framework for phasor measurement units (PMUs) to monitor power system dynamics and help prevent blackouts using machine learning approaches. Dynamical machine learning solutions including state space model and Kalman filter are presented in this study to learn the nonlinear and nonstationary PMU measurements and accurately predict system behaviors in real-time. The anomalies can be detected within seconds by comparing the predicted system behaviors with the real system observations. The method proposed in this framework uses PMU data with a given time window (e.g., 5 seconds) using a dynamic nonlinear model, and then predicts system behaviors during the following time window. High prediction accuracy is achieved by applying the dynamic nonlinear model to the real-world PMU measurements - the anomalies detected are successfully validated given the recorded real-world events. High-performance-computing (HPC) techniques are utilized to further reduce computational time to provide real time power system situational awareness.

Yichi Yang,Guang-chao Xu,Yifei Xu,ShuiGuang Deng

2017-01-01

Abstract:With the rapid development of infrastructure including power grids, managers in power industry these days are faced with an increasingly severe problem of theft of electricity. Theft of electricity has negative effects on many socioeconomic aspects, including impacting stable growth of economic for power enterprises and social development. The traditional anti-theft means require officers checking the integrity of kilowatt-hour meter and the correctness of wiring house by house, which requires enormous manpower and material resources. With the advancement of information collecting technology, power enterprises now possess relatively complete database of power consumption. As a result, performing data mining on existing database and identifying abnormal users has become a hot topic in the field of information technology. The purpose of this paper is to identify abnormal users with machine learning algorithms, providing power enterprises with means to detect theft of electricity at lower cost. The contributions of this paper are listed as follows: 1) Propose various features, providing means to describe users’ behaviors. First, monistic features (mean, difference, coefficient of variation, range, standard deviation), binary features (cosine similarity, Pearson product-moment correlation coefficient) and multivariate features are calculated based on user power consumption (monthly, seasonally, yearly, per holiday, per workday). Then principal component analysis is used to perform dimensionality reduction on the dataset. The dataset is finally scaled and oversampled to form the feature dataset. 2) Study various classification algorithms, optimize hyperparameters, providing models to detect theft of electricity. In this paper, the mechanism behind support vector machine, back-propagation neural network, random forest and XGBoost is studied and the hyperparameters are optimized. 3) Compare and evaluate different classifiers, and provide suggestions for real-world application. In this paper, different classifiers are evaluated with different metrics and the best classifier is recommended based on real-world dataset and different application scenarios.

Lipeng Zhu,David J. Hill

DOI: https://doi.org/10.48550/arXiv.2005.01060

2020-05-03

Systems and Control

Abstract:In modern smart grids deployed with various advanced sensors, e.g., phasor measurement units (PMUs), bad (anomalous) measurements are always inevitable in practice. Considering the imperative need for filtering out potential bad data, this paper develops a novel online bad PMU data detection (BPDD) approach for regional phasor data concentrators (PDCs) by sufficiently exploring spatial-temporal correlations. With no need for costly data labeling or iterative learning, it performs model-free, label-free, and non-iterative BPDD in power grids from a new data-driven perspective of spatial-temporal nearest neighbor (STNN) discovery. Specifically, spatial-temporally correlated regional measurements acquired by PMUs are first gathered as a spatial-temporal time series (TS) profile. Afterwards, TS subsequences contaminated with bad PMU data are identified by characterizing anomalous STNNs. To make the whole approach competent in processing online streaming PMU data, an efficient strategy for accelerating STNN discovery is carefully designed. Different from existing data-driven BPDD solutions requiring either costly offline dataset preparation/training or computationally intensive online optimization, it can be implemented in a highly cost-effective way, thereby being more applicable and scalable in practical contexts. Numerical test results on the Nordic test system and the realistic China Southern Power Grid demonstrate the reliability, efficiency and scalability of the proposed approach in practical online monitoring.

Yao Zheng,Wei Qiu,Wenxuan Yao,Bing Li,Junfeng Duan,He Yin

DOI: https://doi.org/10.1109/ETFG55873.2023.10407596

2023-01-01

Abstract:Cyber-attacks have the potential to evade bad synchrophasor data detection in wide-area monitoring systems (WAMS), thus having a detrimental impact on situational awareness and synchrophasor-based applications. To tackle this challenge, this paper proposes a model-free synchrophasor data authentication framework to defend against false data injection. The principal components analysis and gramian angular field are first combined to extract the critical features from the synchrophasor data in the distributed power system. Considering the massive synchrophasor measurement data, a convolutional neural network is further presented to fulfil the data authentication based on the extracted features. The efficacy of the real-time authentication framework is confirmed through various experiments. The experimental results demonstrate an accuracy rate of 93.15% when utilizing field synchrophasor data, without the need for knowledge of system model parameters.

Wei Qiu,Chengcheng Li,Qiu Tang,Kaiqi Sun,Yilu Liu,Wenxuan Yao

DOI: https://doi.org/10.17775/cseejpes.2021.02780

IF: 6.014

2022-01-01

CSEE Journal of Power and Energy Systems

Abstract:Synchrophasor measurements are essential to real-time situational awareness of the smart grid but vulnerable to cyber-attacks during the process of transmission and invocation. To ensure data security and mitigate the impact of spoofed synchrophasor measurements, this work proposes a novel object detection method using a Weight-based One-dimensional Convolutional Segmentation Network (WOCSN) with the ability of attack behavior identification and time localization. In WOCSN, automatic data feature extraction can be achieved by one-dimensional convolution from the input signal, thereby reducing the impact of handcrafted features. A weight loss function is designed to distribute the contribution for normal and attack signals. Then, attack time is located via the proposed binary method based on pixel segmentation. Furthermore, the actual synchrophasor data collected from four locations are used for the performance evaluation of the WOCSN. Finally, combined with designed evaluation metrics, the time localization ability of WOCSN is validated in the scenarios of composite attacks with different spoofed intensities and time-sensitivities.

energy & fuels,engineering, electrical & electronic

Jianhua Pei,Jingyu Wang,Ziyu Wang,Dongyuan Shi

DOI: https://doi.org/10.1109/tpwrs.2022.3221291

IF: 7.326

2023-11-01

IEEE Transactions on Power Systems

Abstract:Phasor measurement unit (PMU) data quality problems, such as data loss and modification caused by communication contingencies and cyber attacks, threaten the reliability and stability of modern power systems. In this paper, autoregressive Bayesian low-rank matrix/Hankel tensor factorization (BLMF/BLTF) algorithms are proposed to recover corrupted synchrophasor measurements by leveraging the latent electrical-temporal correlations between data points. To mitigate the impact of consecutive data anomalies on recovery, adaptive k-Medoids clustering based on dynamic time wrapping (DTW) distance and Canopy clustering is introduced to preprocess raw data. The effectiveness of the proposed algorithms in recovering missing or modified synchrophasor measurements is demonstrated through comprehensive case studies. Compared with previous works, the proposed algorithms rely on simpler prior hypotheses and can achieve higher recovery precision. Rank reduction and low-cost rolling prediction techniques make the proposed algorithms suitable not only for processing offline data blocks but also for online real-time recovery of PMU data streams.

engineering, electrical & electronic

Aidong Xu,Lin Chen,Xiaoyun Kuang,Huahui Lv,Hang Yang,Yixin Jiang,Bo Li

DOI: https://doi.org/10.1109/bigdatasecurity-hpsc-ids49724.2020.00021

2020-01-01

Abstract:In recent years, malicious programs seriously threaten the security of information system. Because of its particularity, complexity and vulnerability, power information system is difficult to detect and kill by traditional anti-virus software. To solve the above problems, this paper proposes a malicious behavior detection method based on deep learning, which can identify malicious programs and attack types according to the activities of malicious programs and malicious software behaviors. In this paper, a hybrid deep learning structure based on convolutional neural network (CNN) and long-and-short term memory (LSTM) network is proposed. The call sequence of API is combined with other statistical features. The vector information obtained is input into LSTM unit through convolution, and the classification results are obtained through the above model. Compared with the existing methods, this method significantly improves the preparation rate and execution efficiency.

Xiaomei Yang,Lin Yang,Xianyong Xiao,Yang Wang

DOI: https://doi.org/10.1109/tpwrs.2022.3200593

IF: 7.326

2022-01-01

IEEE Transactions on Power Systems

Abstract:Subsynchronous resonance (Sub-SR) is traditionally caused by turbine generators. In recent years, a new type of Sub-SR has occurred that is related to inverter-based resources (IBRs). In those events, supersynchronous resonance (Sup-SR) accompanied Sub-SR, a phenomenon commonly called frequency coupling. It is thus of great significance to detect whether there is a supersynchronous component, which can help to perform postincident analysis and design a mitigation strategy. This paper uses synchrophasor data provided by phasor measurement units (PMUs) to detect the Sup-SR. Due to the limitation of the reporting rate of PMUs, spectrum aliasing occurs between Sub-SR and Sup-SR, which imposes great challenges for detection. To address this issue, the influence of Sup-SR and Sub-SR on the positive and negative spectra of synchrophasors is analyzed. The results show that Sup-SR primarily affects the negative spectra of synchrophasors. Based on this finding, the difference between the measured spectra and the theoretical spectra with pure Sub-SR is utilized to detect Sup-SR. An adaptive threshold is further proposed using a histogram-based statistical approach to enhance the detection accuracy. Case studies demonstrate that the proposed algorithm can accurately detect the presence of Sup-SR from synchrophasor data.

engineering, electrical & electronic

Hongliang Fang,Jiang-Wen Xiao,Yan-Wu Wang

DOI: https://doi.org/10.1016/j.ijepes.2023.109075

IF: 5.659

2023-08-01

International Journal of Electrical Power & Energy Systems

Abstract:The widespread installation of advanced metering infrastructure (AMI) brings convenience to applications including but not limited to load management and demand response. However, AMI is also at risk of electricity theft and non-technical loss. Using the smart meter data provided by AMI to dig out user electricity consumption behavior is an effective way to construct electricity theft detectors. In this paper, a new intermittent electricity theft attack behavior is presented which switches between committing electricity theft and honestly consuming electricity alternately to skillfully evade the existing detectors. Based on the assumption that the labels of intermittent adversaries are unavailable, a new machine learning-based detection framework is proposed to detect this attack. Initially electricity features are constructed based on time intervals divided by a numerical iteration method. Then light gradient boosting method (LightGBM) is used to classify the normal users and adversaries. Further, the disperse degree of users is designed for capturing the differences between the intermittent adversaries and others. A new 2D label set is then constructed by combining the predicted labels of LightGBM and the disperse degree. Finally, a variational Bayesian Gaussian mixture model is employed based on the 2D label set to sort the users into the normal users and adversaries visually. Results of the case studies show that the presented attack can evade state-of-the-art detectors but still gain high profits. In addition, the proposed machine learning-based detector outperforms state-of-the-art detectors on both persistent attacks and intermittent attacks.

engineering, electrical & electronic

Xijuan Sun,Di Wu,Arnaud Zinflou,Benoit Boulet

DOI: https://doi.org/10.48550/arXiv.2303.06431

IF: 5.414

2023-03-11

Machine Learning

Abstract:Hacking and false data injection from adversaries can threaten power grids' everyday operations and cause significant economic loss. Anomaly detection in power grids aims to detect and discriminate anomalies caused by cyber attacks against the power system, which is essential for keeping power grids working correctly and efficiently. Different methods have been applied for anomaly detection, such as statistical methods and machine learning-based methods. Usually, machine learning-based methods need to model the normal data distribution. In this work, we propose a novel anomaly detection method by modeling the data distribution of normal samples via multiple encoders and decoders. Specifically, the proposed method maps input samples into a latent space and then reconstructs output samples from latent vectors. The extra encoder finally maps reconstructed samples to latent representations. During the training phase, we optimize parameters by minimizing the reconstruction loss and encoding loss. Training samples are re-weighted to focus more on missed correlations between features of normal data. Furthermore, we employ the long short-term memory model as encoders and decoders to test its effectiveness. We also investigate a meta-learning-based framework for hyper-parameter tuning of our approach. Experiment results on network intrusion and power system datasets demonstrate the effectiveness of our proposed method, where our models consistently outperform all baselines.

Lipeng Zhu,Chao Lu,Zhao Yang Dong,Chao Hong

DOI: https://doi.org/10.1109/tii.2017.2696534

IF: 12.3

2017-01-01

IEEE Transactions on Industrial Informatics

Abstract:In terms of machine learning-based power system dynamic stability assessment, it is feasible to collect learning data from massive synchrophasor measurements in practice. However, the fact that instability events rarely occur would lead to a challenging class imbalance problem. Besides, short-term feature extraction from scarce instability seems extremely difficult for conventional learning machines. Faced with such a dilemma, this paper develops a systematic imbalance learning machine for online short-term voltage stability assessment. A powerful time series shapelet (discriminative subsequence) classification method is embedded into the machine for sequential transient feature mining. A forecasting-based nonlinear synthetic minority oversampling technique is proposed to mitigate the distortion of class distribution. Cost-sensitive learning is employed to intensify bias toward those scarce yet valuable unstable cases. Furthermore, an incremental learning strategy is put forward for online monitoring, contributing to adaptability and reliability enhancement along with time. Simulation results on the Nordic test system illustrate the high performance of the proposed learning machine and of the assessment scheme.

Diane Tuyizere,Remy Ihabwikuzo

2023-07-07

Abstract:This research proposes a machine learning-based attack detection model for power systems, specifically targeting smart grids. By utilizing data and logs collected from Phasor Measuring Devices (PMUs), the model aims to learn system behaviors and effectively identify potential security boundaries. The proposed approach involves crucial stages including dataset pre-processing, feature selection, model creation, and evaluation. To validate our approach, we used a dataset used, consist of 15 separate datasets obtained from different PMUs, relay snort alarms and logs. Three machine learning models: Random Forest, Logistic Regression, and K-Nearest Neighbour were built and evaluated using various performance metrics. The findings indicate that the Random Forest model achieves the highest performance with an accuracy of 90.56% in detecting power system disturbances and has the potential in assisting operators in decision-making processes.

Machine Learning,Systems and Control

Siddhartha Deb Roy,Sanjoy Debbarma,Josep M. Guerrero

DOI: https://doi.org/10.1016/j.ijepes.2022.108409

2022-06-28

Abstract:This paper focuses on detecting cyber-attacks targeting the Automatic Generation Control (AGC) loop and market operation. To achieve this, a new data-driven learning algorithm is proposed that ensembles various learning tools such as K-Means clustering, Synthetic Minority Oversampling Technique oversampling, and Support Vector Data Description models as the base learners. Next, this paper devises a new feature variable, EF , which generates a relatively higher value for attack scenarios than normal grid states, thus aiding the classifier in predictions with low false alarms. The proposed approach can detect a wide range of cyber-attacks, including unseen attack cases. This paper further modelled and validated the detection of profit-oriented intelligent market operation attacks, absent in most of the previous works. Such attacks project themselves within the proximity of nominal grid states, making them difficult to predict. The algorithm's performance is finally compared with other learning models, and it is found that the proposed technique has superior prediction with True Positive Rate, True Negative Rate, and Geometric Accuracy as 98.13%, 99.85%, and 98.98%, respectively.

engineering, electrical & electronic

Weijie Hao,Tao Yang,Qiang Yang

DOI: https://doi.org/10.1109/tase.2021.3073396

IF: 6.636

2023-01-01

IEEE Transactions on Automation Science and Engineering

Abstract:Critical industrial infrastructures are currently facing increasing cyberspace threats in their underlying information and communication systems. The advanced monitoring, control, and management functionalities of the industrial systems firmly rely on the reliable and secure operations of the industrial control system (ICS) network. This article characterizes the ICS network traffic and presents a scalable and efficient solution for real-time ICS network traffic anomaly detection, considering various forms of ICS anomaly events. The events due to the cyberattacks, malicious operating behaviors, and network anomalies can be effectively detected without sophisticated computational requirements and retrieval of communication protocols. The proposed hybrid statistical-machine learning model integrates a seasonal autoregressive integration moving average (SARIMA)-based dynamic threshold model and a long short-term memory (LSTM) model to jointly identify the abnormal traffic patterns with low false omission rates. The proposed solution is extensively evaluated at a realistic ICS cyber–physical system (CPS) testbed, and the numerical results confirm its high detection accuracy and low computational complexity. Note to Practitioners—This article was motivated by the challenge of real-time anomaly detection in industrial cyber–physical systems (CPSs). The existing industrial control system (ICS) network anomaly detection solutions are generally carried out based on a single model based on the historian database and cannot dynamically classify the abnormal conditions in a real-time fashion. A novel hybrid statistical-machine learning model is developed that integrates a seasonal autoregressive integration moving average (SARIMA)-based dynamic threshold model and a long short-term memory (LSTM) model to jointly identify the anomalous events through traffic pattern analysis. The proposed anomaly detection solution can efficiently provide accurate detection for cyberattacks, malicious operating behaviors, and network anomalies while meeting the real-time requirements of ICS networks. The proposed solution can be deployed in the realistic ICS CPSs, e.g., the power generation system, gas pipeline systems, and urban railway transportation systems. The preliminary numerical results obtained from the ICS-CPS testbed suggested that it can provide high detection accuracy with low computational complexity and, hence, can be adopted with minimal deployment hurdles.

Liu Jie,Cao Xiang,Wang Diangang,Pan Kejia,Zhang Cheng,Wang Xin

DOI: https://doi.org/10.1051/matecconf/201818903001

2018-01-01

MATEC Web of Conferences

Abstract:This paper tackles a new challenge in abnormal electricity detection: how to promptly detect stealing electricity behavior by a large-scale data from power users. Proposed scheme firstly forms power consumption gradient model by extracting daily trend indicators of electricity consumption, which can exactly reflect the short-term power consumption trend for each user. Furthermore, we design the line-losing model by analyzing the difference between power supplying and actual power consumption. Finally, a hybrid deep neural network detection model is built by combining with the power consumption gradient model and the line-losing model, which can quickly pin down to the abnormal electricity users. Comprehensive experiments are implemented by large-scale user samples from the State Grid Corporation and Tensorflow framework. Extensive results show that comparing with the state-of-the-arts, proposed scheme has a superior detection performance, and therefore is believed to be able to give a better guidance to abnormal electricity detection.

Md Zubair,Helge Janicke,Ahmad Mohsin,Leandros Maglaras,Iqbal H. Sarker

DOI: https://doi.org/10.3390/s24123712

IF: 3.9

2024-06-08

Sensors

Abstract:Cybersecurity has become a major concern in the modern world due to our heavy reliance on cyber systems. Advanced automated systems utilize many sensors for intelligent decision-making, and any malicious activity of these sensors could potentially lead to a system-wide collapse. To ensure safety and security, it is essential to have a reliable system that can automatically detect and prevent any malicious activity, and modern detection systems are created based on machine learning (ML) models. Most often, the dataset generated from the sensor node for detecting malicious activity is highly imbalanced because the Malicious class is significantly fewer than the Non-Malicious class. To address these issues, we proposed a hybrid data balancing technique in combination with a Cluster-based Under Sampling and Synthetic Minority Oversampling Technique (SMOTE). We have also proposed an ensemble machine learning model that outperforms other standard ML models, achieving 99.7% accuracy. Additionally, we have identified the critical features that pose security risks to the sensor nodes with extensive explainability analysis of our proposed machine learning model. In brief, we have explored a hybrid data balancing method, developed a robust ensemble machine learning model for detecting malicious sensor nodes, and conducted a thorough analysis of the model's explainability.

engineering, electrical & electronic,instruments & instrumentation,chemistry, analytical

Kursat Rasim Mestav,Xinyi Wang,Lang Tong

DOI: https://doi.org/10.48550/arXiv.2012.05163

2021-06-23

Abstract:A deep learning approach is proposed to detect data and system anomalies using high-resolution continuous point-on-wave (CPOW) or phasor measurements. Both the anomaly and anomaly-free measurement models are assumed to have unknown temporal dependencies and probability distributions. Historical training samples are assumed for the anomaly-free model, while no training samples are available for the anomaly measurements. By transforming the anomaly-free observations into uniform independent and identically distributed sequences via a generative adversarial network, the proposed approach deploys a uniformity test for anomaly detection at the sensor level. A distributed detection scheme that combines sensor level detections at the control center is also proposed that combines local detections to form more reliable detections. Numerical results demonstrate significant improvement over the state-of-the-art solutions for various bad-data cases using real and synthetic CPOW and PMU data sets.

Systems and Control,Machine Learning,Signal Processing

A.K.M. Ahasan Habib,Mohammad Kamrul Hasan,Rosilah Hassan,Shayla Islam,Rahul Thakkar,Nguyen Vo

DOI: https://doi.org/10.1016/j.egyr.2023.05.087

IF: 5.2

2023-10-01

Energy Reports

Abstract:Smart grid networks face several cyber-attacks, where distributed denial-of-service (DDoS) attacks distract the grid network. The synchrophasor technique protects the wide-area measurement system (WAMS) from the complex problem and addresses different issues in a grid. The DDoS attack detection strategy is complicated due to attack complexities, vendor specifications, and communication standard protocols. Attacker target phasor measurement unit (PMU) data on the phasor data concentrator (PDC) database in WAMS. However, during the cyber-attack, the framework ensures the end application uses the normal PDC datastream. The proposed attack detection technique efficiently verifies PMU-generated data in WAMS. However, numerous machine learning algorithms are used to detect DDoS attacks, but the best detection model is still given open choices. The motivation of this study: (a) which machine learning algorithm will be suitable for DDoS attack detection and (b) what would be the accuracy of training algorithms. This study presents a machine learning-based hybrid technique that achieves 83.23% accuracy. Python compiler is used to execute the proposed model, and the result shows that the proposed detection approach efficiently improves the DDoS attack detection accuracy.

energy & fuels

Ming Yi,Meng Wang,Tianqi Hong,Dongbo Zhao

DOI: https://doi.org/10.1109/tpwrs.2023.3254909

IF: 7.326

2024-01-01

IEEE Transactions on Power Systems

Abstract:Phasor measurement units (PMUs) provide high temporal-resolution synchrophasor measurements for power system monitoring and control. The frequent data quality issues, such as missing and bad data, prevent the incorporation of synchrophasor data in real-time operations. Most existing data-driven data recovery methods assume the power system dynamics can be approximated by a linear dynamical system, and the recovery performance degrades significantly when the power system is experiencing nonlinear dynamics during significant events. This paper proposes a data-driven Bayesian nonlinear synchrophasor data recovery method (Ba-NSDR) that can recover a consecutive time period of simultaneous data losses or errors across all channels, even when the underlying system is highly nonlinear. The idea is to lift the Hankel matrix of the spatial-temporal synchrophasor data to a higher dimension such that the lifted Hankel matrix is low-rank in that space and can be processed with the kernel trick. Our proposed Bayesian method then infers the probabilistic distributions of synchrophasor from the partial observations. Some distinctive features of Ba-NSDR include an uncertainty index to measure the accuracy of the recovery result and the robustness to parameter selections. Our method is verified on both synthetic and recorded event datasets.

engineering, electrical & electronic