Wenting Wang,Dongqin Feng,Mingliang Chen,Shuxian Yang

DOI: https://doi.org/10.1109/ccdc62350.2024.10588015

2024-01-01

Abstract:This work investigates the problem of detecting and localizing attacks on a class of power cyber-physical systems (CPSs) in the presence of dynamic load alteration attacks (D-LAA). The power CPS is modeled as a discrete-time system with an unknown input, assuming that the sampling process is periodic and the D-LAA is bounded. This study delves into the investigation of attack detection and localization within a specific category of power cyber-physical systems (CPSs) when dealing with dynamic load alteration attacks (D-LAA). A novel Maximum Correntropy Robust Two-Stage Kalman Filter (MCRTSKF) is proposed so that the accurate state estimation for power CPS is achieved in spite of anomalous noise. Meanwhile, some essential parameters for the designed filter are obtained through the fixed-point iteration-stop parameter selection method. Furthermore, based on the state estimate value, the attack detection and localization procedure is presented. Finally, the validity and effectiveness of the proposed attack detection and localization schemes are illustrated by case studies on an IEEE 9-bus system.

Chunyu Chen,Kaifeng Zhang,Kun Yuan,Lingzhi Zhu,Minhui Qian

DOI: https://doi.org/10.1109/tii.2017.2765313

IF: 12.3

2017-01-01

IEEE Transactions on Industrial Informatics

Abstract:With the increase of cyberhacking activities, cyber attacks become urgent problems to system security. In this paper, cyber attacks on load frequency control (LFC) is studied. By unifying attack and detection, detection scheme considering specific attack strategies is presented. As for attack scheme design, four attack strategies are systematically analyzed with respect to their mechanism and influence on LFC performance, so that the most effective one is selected as the adopted attack scheme from the viewpoint of hackers. As for attack detection, a novel attack detection approach is proposed by analyzing differences between dynamic features of variables. Multilayer percepton classifier-based approach is used to extract the differences of area control error under attack and in normal situation, thus distinguishing compromised signals from normal ones. Simulation results show the effectiveness of the proposed detection approach.

Wenjun Bi,Kaifeng Zhang,Chunyu Chen

DOI: https://doi.org/10.3390/app11041584

2021-01-01

Abstract:Cyber attacks bring key challenges to the system reliability of load frequency control (LFC) systems. Attackers can compromise the measured data of critical variables of the LFC system, making the data received by the defender unreliable and resulting in system frequency fluctuation or even collapse. In this paper, to detect potential attacks on measured data, we propose a novel attack detection scheme using the dual-source data (DSD) of compromised variables. First, we study the characteristics of the compromised LFC system considering potentially vulnerable variables and different types of attack templates. Second, by designing a variable observer, the relationship between the known security variables and the variables which are at risk of being compromised in the LFC system is established. The features of the data obtained by the observer can reflect those of the true data. Third, a Siamese network (SN) is designed to quantify the distance between the characteristics of measured data and that of observed data. Finally, an attack detection scheme is designed by analyzing the similarity of the DSD. Simulation results verify the feasibility of the detection scheme studied in this paper.

Da-long LIU,Dong-qin FENG

DOI: https://doi.org/10.3785/j.issn.1008-973X.2018.09.014

2018-01-01

Abstract:As industrial control system is threatened by sinusoidal attack, the mathematical model was established using a typical loop of the control system; the Fourier transform and wavelet analysis was used to analyze its different characteristics in the aspect of attack ability and concealment. Then, an algorithm was developed against sinusoidal attack using multi-scale principal component analysis (MSPCA) with online implementation. Simulation of sinusoidal attack on Tenessee Eastman (TE) process show that sinusoidal attack not only causes physical damage, but also conceals the damage. When the frequency of sinusoidal attack is higher, the attack can not be detected by the traditional principal component analysis (PCA) method, meanwhile, our method can detect the attack quickly and accurately.

Qiang Lan,Shuyu Jia,Qinglai Guo,Li He,Peng Yang

DOI: https://doi.org/10.1109/ei252483.2021.9713104

2021-01-01

Abstract:Modern power system is a typical cyber-physical system due to the coupling of primary and secondary systems. The development of renewable energy and smart grids make many new application scenarios. Various new communication technologies make the system complex. Cyber systems and complex network environments have introduced a series of security issues. All of which make them easy to become ideal targets for cyberattacks. Therefore, it is of great significance to the research of cyber security in cyber-physical systems. This paper selects a scenario of centralized LFC, considers the linearized discrete system model under partial observation with Gaussian disturbance. Based on the known and un-changed characteristics of the physical model of the control system, dynamic watermarking is used to detect data integrity attacks from malicious sensors.

Kang-Di Lu,Zheng-Guang Wu

DOI: https://doi.org/10.1109/tpwrs.2022.3229667

IF: 7.326

2022-01-01

IEEE Transactions on Power Systems

Abstract:In cyber-physical power systems (CPPSs), additional control as the compensating control plays a very important part in load frequency control (LFC) systems. The additional control in the LFC system is constrained by limited communication resources and cyber-attacks, which may cause performance degradation or destabilize the system. Accordingly, this paper proposes resilient event-triggered LFC for CPPSs with an additional control loop under denial-of-service (DoS) attacks. Firstly, a resilient event-triggered communication scheme is presented to reduce the occupation of communication resources under DoS attacks in the additional control loop. Then, different from existing event-triggered LFC systems, this paper establishes a novel switched LFC system model, where the resilient event generator is integrated into an additional control loop when suffering from DoS attacks. It is the first time that the additional control loop of the LFC system simultaneously considers communication resources and cyber-security. Furthermore, we derive exponential stabilization criteria by applying the Lyapunov stability theory based on the established model. Criteria are derived to obtain the weighting matrix and controller gain simultaneously by applying the linear matrix inequality technique. Finally, a one-area and two multi-area CPPSs with the additional control loop under DoS attacks are used to testify the availability of the proposed resilient event-triggered LFC scheme.

Kang-Di Lu,Zheng-Guang Wu

DOI: https://doi.org/10.1109/icarm54641.2022.9959185

2022-01-01

Abstract:The cyber-physical power system (CPPS) is evolved from the traditional power system by the deployment of information networks with control systems, computational units, and communication networks. However, their integration into CPPS introduces new challenges in maintaining security. Various malicious cyber-attacks are drawn much attention recently after the discovery of the impact on CPPS state estimation. Thus, it is of great significance for operators to detect cyber-attacks and identify the types of attacks in CPPS to make decisions appropriately. This problem can be viewed as a multi-class classification problem from the perspective of machine learning. Accordingly, this paper proposes an ensemble learning-based cyber-attacks detection model for CPPS state estimation. In the proposed model, we use the subspace features and then send the data to the classifier for ensemble, where decision trees and random vector functional link networks are introduced as the basic classifier. The proposed model is validated by employing simulated data on IEEE 14-bus and 30-bus systems. Simulation results demonstrate the performance of the proposed cyber-attacks detection model.

Wenjun Bi,Kaifeng Zhang,Kun Yuan,Ying Wang,Chunyu Chen,Ke Wang

DOI: https://doi.org/10.1109/pesgm40551.2019.8973575

2019-01-01

Abstract:Cyber attack endangers the stability of load frequency control (LFC), and could cause severe damage to power system operation. In this paper, false data injection (FDI) attack on LFC is specifically investigated, and a novel composite detection and mitigation scheme is presented to achieve FDI attack defense. Instead of focusing solely on attack detection or mitigation, the composite scheme is designed by considering the inherently inseparable interconnection between detection and mitigation. Herein, for the first time an observer-based attack detector is used to quantify the FDI signal, which is then excluded from the H infinity-based control loop for attack mitigation, such that the frequency instability is significantly attenuated. From the simulation results of a multi-area LFC control system, the effectiveness of the proposed scheme is demonstrated.

Xin Zhao,Zhongjing Ma,Xingyu Shi,Suli Zou

DOI: https://doi.org/10.1109/tii.2024.3390549

IF: 12.3

2024-01-01

IEEE Transactions on Industrial Informatics

Abstract:Load frequency control (LFC) of modern power systems depends on open communication networks to transmit measurement/control signals, which may make the LFC scheme vulnerable to cyberattacks. Therefore, it is necessary to ensure the resilience of LFC systems against cyberattacks so as to detect the attack and maintain the stable operation of the system during the attack. This article aims to investigate the attack detection and mitigation scheme of LFC systems against false data injection attacks. A model-based unknown input observer (UIO) is designed to simultaneously estimate the system state and attack signal based on load prediction, where the attack estimation is utilized to achieve real-time attack detection. Moreover, we present a sufficient and necessary condition for the existence of the UIO and a design method of the UIO based on linear matrix inequalities. Based on the attack estimation, a resilient LFC scheme is proposed to mitigate the attack impact and restore the frequency and tie-line power within an accepted range during the attack. Finally, case studies are undertaken by the IEEE 9- and 39-bus test systems to show the effectiveness of the proposed scheme.

Chunyu Chen,Mingjian Cui,Xinan Wang,Kaifeng Zhang,Shengfei Yin

DOI: https://doi.org/10.1109/access.2018.2845300

IF: 3.9

2018-01-01

IEEE Access

Abstract:In this paper, optimal attack schemes against load frequency control (LFC) are studied by considering coordinated attack. By attacking sensor measurement (load) simultaneously, the attacker disrupts the normal operation of LFC, thus causing excess system frequency/generation excursions. From the perspective of the attacker, LFC system information availability is essential to the attack scheme design. In this paper, two scenarios, where LFC system information is and is not available to the attacker, are considered and optimal attack schemes are studied for these two scenarios, respectively. The optimal attack scheme design is modeled by an optimization problem with different objectives (attack goals): 1) maximization of frequency/generation disruption and 2) least-effort attack (minimization of attack cost). In consideration of counterattack, a threshold-based detection method is used to detect the optimal attack schemes. Two case studies, corresponding to these two scenarios, are simulated, and the results show that attack performances vary with different attack goals and the detection approach can screen out the compromised signals.

Lei Wang,Pengcheng Xu,Zhaoyang Qu,Xiaoyong Bo,Yunchang Dong,Zhenming Zhang,Yang Li

DOI: https://doi.org/10.3389/fenrg.2021.666130

IF: 3.4

2021-04-21

Frontiers in Energy Research

Abstract:Existing coordinated cyber-attack detection methods have low detection accuracy and efficiency and poor generalization ability due to difficulties dealing with unbalanced attack data samples, high data dimensionality, and noisy data sets. This paper proposes a model for cyber and physical data fusion using a data link for detecting attacks on a Cyber–Physical Power System (CPPS). The two-step principal component analysis (PCA) is used for classifying the system’s operating status. An adaptive synthetic sampling algorithm is used to reduce the imbalance in the categories’ samples. The loss function is improved according to the feature intensity difference of the attack event, and an integrated classifier is established using a classification algorithm based on the cost-sensitive gradient boosting decision tree (CS-GBDT). The simulation results show that the proposed method provides higher accuracy, recall, and F-Score than comparable algorithms.

energy & fuels

Guangdou Zhang,Jian Li,Olusola Bamisile,Yankai Xing,Dongsheng Cai,Qi Huang

DOI: https://doi.org/10.1109/tpwrs.2022.3171101

IF: 7.326

2023-01-01

IEEE Transactions on Power Systems

Abstract:In the power system, the application of the signals transmitted from the sensors to the controller can significantly improve the dynamic performance. However, cyber-attacks and time delays exist widely in the communication network, which has a considerable effect on stability, operation, and control. In this paper, an ${{\boldsymbol{H}}_\infty }$ load frequency control (LFC) scheme for multi-area power systems under cyber-attacks and time-varying delays is investigated. First, false data injection attacks (FDIA), as well as denial of service (DoS) attacks, are viewed as two typical cyber-attacks and introduced into the multi-area power system. Then, the state-space equations of the LFC power system under these two attacks and time-varying delays are analyzed and modeled. Furthermore, by using Lyapunov stability theory and linear matrix inequality (LMI) method, an ${{\boldsymbol{H}}_\infty }$ LFC scheme for attacked and delayed power systems is developed. The purpose of the proposed controller is to guarantee the closed-loop system exponentially mean-square stable with prescribed ${{\boldsymbol{H}}_\infty }$ performance. Finally, a three-area LFC system is employed to demonstrate the effectiveness of the proposed mechanism. The simulation results verified that the control performance of an attacked and delayed system can be improved significantly via the designed controller.

Shuyu Jia,Qinglai Guo

DOI: https://doi.org/10.1109/jiot.2023.3332366

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:The real-time control of modern power systems faces cyber risks owing to the deep coupling of cyber systems and physical systems. Attack detection plays an important role in cybersecurity issues. In load frequency control systems, for example, detecting whether malicious data are injected guarantees the stability of the frequency. As an effective active attack detection algorithm, the dynamic watermarking algorithm faces challenge of parameter uncertainty in real-world applications. Here, we quantitatively analyze the influence of uncertain parameters for the dynamic-watermarking-based detection algorithm. By introducing the parameter identification algorithm, we propose an active attack detection framework for LFC systems with uncertain parameters, which is constructed for an online application. The proposed framework is validated in a real-world three-region power system simulation. The results show that the introduction of the parameter identification steps ensures the validity of the detection algorithm and can effectively avoid the malfunction of the detection mechanism caused by uncertain parameters.

Kang-Di Lu,Zheng-Guang Wu

DOI: https://doi.org/10.1109/tcsii.2022.3181827

2022-01-01

Abstract:In cyber-physical power systems (CPPSs), false data injection attack (FDIA) has drawn much attention due to its stealthiness. It is of great importance to investigate the potential behaviors of attackers to improve the cyber-security of CPPSs. However, most FDIA models are often constructed separately on the effect of attackers or the impact of attacks. Accordingly, this brief proposes a multi-objective stealthy FDIA scheme in AC grid model. The attack model is described as a multi-objective optimization problem, where minimization of contaminated measurements and maximization of the attack impact are considered as two objectives while remaining stealthy. To deal with the established attack model, a non-dominated sorting genetic algorithm II (NSGAII) is introduced as the solver. To improve the efficiency of generating attack vector, a new representation mechanism is proposed to describe locations and values of injected states. Additionally, during the evolutionary process, we propose a mutation operation to balance the sparsity and impact of FDIA. Simulation results on the IEEE 14-bus, 30-bus, and 118-bus systems demonstrate the feasibility of the NSGAII-based FDIA model.

Kang-Di Lu,Zheng-Guang Wu,Tingwen Huang

DOI: https://doi.org/10.1109/tmech.2022.3214314

2023-01-01

Abstract:With the rapid development of communication, control, and computer technology, traditional power systems have evolved into cyber-physical power system (CPPS). However, CPPS not only affords convenience but also introduces more cyber-attacks. Among many types of cyber-attacks, false data injection attacks (FDIAs) have drawn much attention in the CPPS security domain due to their stealthiness. Most FDIAs are based on the static model on a single snapshot and often ignore the reality of dynamically time-evolving CPPS. Accordingly, this article proposes a novel three-stage dynamic false data injection attack (DFDIA) model in CPPS by considering potential dynamic behaviors. To consider both attack location and attack amplitude, the designing DFDIA is formulated as two constrained single-objective optimization problems. Two versions of constrained differential evolution are presented as the solver to determine the attack location and optimize the attack vector for collaboratively altering the meter measurements. Then, an interval state forecasting-based countermeasure is proposed to detect the established DFDIA. In this detector, the variation bounds of state values are determined via ensemble deep learning-based state forecasting method. Finally, extensive simulation results on several IEEE bus systems demonstrate the feasibility of DFDIA and the effectiveness of the defense mechanism.

Tailin Zhou,Kaishun Xiahou,L. L. Zhang,Q. H. Wu

DOI: https://doi.org/10.1109/tii.2020.3048386

IF: 12.3

2021-01-01

IEEE Transactions on Industrial Informatics

Abstract:This article studies the online detection of false data injection attacks (FDIAs) and coordinated cyber-physical attacks (CCPAs) on power systems. By analyzing the hidden physical meaning of CCPAs, a cyber-physical FDIA with CCPA as a special case is proposed to establish the connection between FDIA and CCPA. Based on a discrete-time system dynamic model, an adaptive nonparametric cumulative sum (AN-CUSUM) detector is devised to deal with FDIAs and CCPAs simultaneously. The AN-CUSUM algorithm estimates the abnormal change of the state vector caused by attacks one step in advance and standardizes the decision statistics of conventional cumulative sum (CUSUM) to simplify the setting of thresholds. The proposed detector is robust to a wide range of time-varying system states and attack magnitudes. Moreover, a verification method is designed in the proposed detector to differentiate CCPAs and FDIAs according to unique characteristics of CCPAs, namely, the construction of CCPAs depends on the physical system parameter. Numerical results reveal that the proposed detector is more reliable to detect both FDIAs and CCPAs than existing CUSUM-based methods.

Andrew D. Syrmakesis,Cristina Alcaraz,Nikos D. Hatziargyriou

DOI: https://doi.org/10.1016/j.ijcip.2024.100678

IF: 3.683

2024-04-30

International Journal of Critical Infrastructure Protection

Abstract:In power systems, generation must be maintained in constant equilibrium with consumption. A key indicator for this balance is the frequency of the power grid. The load frequency control (LFC) system is responsible for maintaining the frequency close to its nominal value and the power deviation of tie-lines at their scheduled levels. However, the remote communication system of LFC exposes it to several cyber threats. A successful cyberattack against LFC attempts to affect the field measurements that are transferred though its remote control loop. In this work, a data-driven, attack recovery method is proposed against denial of service and false data injection attacks, called DAR-LFC. For this purpose, a deep neural network is developed that generates estimations of the area control error (ACE) signal. When a cyberattack against the LFC occurs, the proposed estimator can temporarily compute and replace the affected ACE, mitigating the effects of the cyberattacks. The effectiveness and the scalability of the DAR-LFC is verified on a single and a two area LFC simulations in MATLAB/Simulink.

engineering, multidisciplinary,computer science, information systems

Zhihua Wu,Engang Tian,Hongtian Chen

DOI: https://doi.org/10.1109/tmech.2022.3201875

2023-04-18

IEEE/ASME Transactions on Mechatronics

Abstract:In recent years, electric vehicles (EVs) have been widely used due to their remarkable decrease in carbon emissions and gasoline consumption. When the EVs are incorporated into the load frequency control (LFC) system, which can be seen as both the power supply and load of the power systems. However, the LFC system with EVs is vulnerable to the covert attacks and consequently the reliable operation performance and security of the power system will be affected. To solve this security issue, the real-time monitoring and detection problems are investigated in this article. First, a networked LFC system with EVs is well established, which takes load disturbances, measurement noises, and covert attacks into account so as to truly reflect the operation process of the power system. Then, an sliding mode observer (SMO) is proposed to accurately estimate the internally physical state of the LFC system with EVs. In order to detect and disclose the covert attacker, a dual time-varying coding detection scheme is proposed, wherein both the control and measurement signals are encrypted before transmitting to the communication network. Subsequently, a dual time-varying coding-based detection algorithm is established, which ensures that the covert attacks can be detected without significant delay. Finally, one simulation is presented to provide tangible evidence of the effectiveness of the proposed real-time monitoring and detection methodology.

automation & control systems,engineering, electrical & electronic, manufacturing, mechanical

Wenfeng Deng,Zili Xiang,Keke Huang,Jie Liu,Chunhua Yang,Weihua Gui

DOI: https://doi.org/10.1109/tie.2023.3294646

IF: 7.7

2024-01-01

IEEE Transactions on Industrial Electronics

Abstract:The massive integration of advanced cyber technologies with power grids has expanded the attack surface area of cyber-physical power systems (CPPSs), where timely detection is of paramount importance for their safe and reliable operation. However, most studies on securing CPPS rarely considered resource constraints, resulting in the unsatisfactory performance of security solutions in practical applications. To gain insight into attack behavior in realistic scenarios, this article fully develops the concept of load redistribution (LR) attacks and designs an intelligent version that considers both concealment property and resource limitation. Then, aiming to develop an effective countermeasure, this article provides a novel attack detection method based on power load pattern learning, which consists of a power load predictor and subsequent attack detector, to determine the existence of intelligent LR attacks. Specifically, a multichannel power load predictor based on the SARIMAX model is proposed to capture both temporal and spatial correlations of power load data for accurate prediction. Using augmented features, a dictionary-learning-based attack detector that can handle the class imbalance problem by unsupervised learning is capable to detect the intelligent LR attacks. Finally, experiments on numerical simulation and the CPPS-HITL platform are conducted to verify the effectiveness and practical availability of the proposed method.

Meng Zhang,Shanling Dong,Peng Shi,Guanrong Chen,Xiaohong Guan

DOI: https://doi.org/10.1109/tase.2022.3208016

IF: 6.636

2022-01-01

IEEE Transactions on Automation Science and Engineering

Abstract:Information and communication technology tremendously facilitates the operation efficiency and economy of modern power systems in recent years. However, risks such as bandwidth constraints and malicious attacks threaten the secure load frequency control (LFC) of power systems. To mitigate such risks, this paper proposes distributed observer-based event-triggered LFC schemes for multi-area power systems under cyber attacks. Considering the practical situation that only local system output information may be available, distributed observer-based LFC schemes are designed. Meanwhile, to reduce the communication burden, an event-triggered mechanism is adopted to design control laws, where both static and dynamic event-triggered approaches are taken and the dynamic one is proved to be more economical in terms of control cost. Verifiable sufficient conditions are established to guarantee the stability of the closed-loop system in the presence of cyber attacks and the controller gains are explicitly derived. Finally, validation studies on a three-area interconnected power system are carried out to demonstrate the proposed control schemes. Note to Practitioners—Load frequency is a crucial index for evaluating the quality of electric energy and thus LFC has brought considerable attention in the area of power systems control. Although many achievements have been made on the LFC of multi-area power systems, the risks such as bandwidth constraints and malicious attacks affect the normal operation of LFC due to the interconnection between different power systems. To deal with these risks, this paper focuses on designing event-triggered LFC to guarantee the stability of the frequency deviation while reducing the communication burden and mitigating cyber attacks. More importantly, the proposed event-triggered LFC is designed based on an observer and can be implemented in a distributed manner, which is relatively practical in real applications. The results presented in this paper aim to provide a helpful reference for stable and secure LFC design of multi-area power systems, such that the corresponding application research can be promoted.

automation & control systems