Qiangsheng Dai,Libao Shi

DOI: https://doi.org/10.1109/pesgm41954.2020.9281583

2020-01-01

Abstract:The intelligent electronic devices widely deployed across the distribution network are inevitably making the feeder automation (FA) system more vulnerable to cyber-attacks, which would lead to disastrous socio-economic impacts. This paper proposes a three-stage game-theoretic framework that the defender allocates limited security resources to minimize the economic impacts on FA system while the attacker deploys limited attack resources to maximize the corresponding impacts. Meanwhile, the probability of successful attack is calculated based on the Bayesian attack graph, and a fault-tolerant location technique for centralized FA system is elaborately considered during analysis. The proposed game-theoretic framework is converted into a two-level zero-sum game model and solved by the particle swarm optimization (PSO) combined with a generalized reduced gradient algorithm. Finally, the proposed model is validated on distribution network for RBTS bus 2.

Kang-Di Lu,Zheng-Guang Wu

DOI: https://doi.org/10.1109/tcsii.2022.3181827

2022-01-01

Abstract:In cyber-physical power systems (CPPSs), false data injection attack (FDIA) has drawn much attention due to its stealthiness. It is of great importance to investigate the potential behaviors of attackers to improve the cyber-security of CPPSs. However, most FDIA models are often constructed separately on the effect of attackers or the impact of attacks. Accordingly, this brief proposes a multi-objective stealthy FDIA scheme in AC grid model. The attack model is described as a multi-objective optimization problem, where minimization of contaminated measurements and maximization of the attack impact are considered as two objectives while remaining stealthy. To deal with the established attack model, a non-dominated sorting genetic algorithm II (NSGAII) is introduced as the solver. To improve the efficiency of generating attack vector, a new representation mechanism is proposed to describe locations and values of injected states. Additionally, during the evolutionary process, we propose a mutation operation to balance the sparsity and impact of FDIA. Simulation results on the IEEE 14-bus, 30-bus, and 118-bus systems demonstrate the feasibility of the NSGAII-based FDIA model.

Yun Liu,Yuanzheng Li,Yu Wang,Xian Zhang,Hoay Beng Gooi,Huanhai Xin

DOI: https://doi.org/10.1109/tii.2021.3071753

IF: 12.3

2021-01-01

IEEE Transactions on Industrial Informatics

Abstract:The optimal frequency control of autonomous microgrids (MGs), i.e., to achieve fast frequency recovery and dynamic power adjustment of the distributed generators in proportion to predefined participation factors, can be achieved in a fully distributed way based on the subgradient consensus protocol. However, such a distributively controlled MG is susceptible to different types of cyber attacks infiltrated from different locations. In this article, a robust and resilient distributed optimal frequency control scheme is proposed to address the threat of cyber attacks. It is facilitated by introducing an auxiliary networked system interconnecting with the original cooperative control system. On condition that the cyber attacks are within certain ranges, the robust design can maintain the functionalities by significantly attenuating the impact. Otherwise, the cyber attacks can be easily detected, and resilient reactions can be taken to mitigate their influences via isolation. Simulation results in a modified IEEE 34-bus MG validate the effectiveness of the proposed approach.

Peikai Li,Yun Liu,Huanhai Xin,Xichen Jiang

DOI: https://doi.org/10.1109/tii.2017.2788868

IF: 12.3

2018-01-01

IEEE Transactions on Industrial Informatics

Abstract:As distributed generators (DGs) rapidly integrate into current power systems, new methods to effectively manage them need to be developed. Toward this end, a large number of geographically dispersed DGs are generally aggregated into a virtual power plant (VPP). Then, distributed control schemes are used to achieve optimal economic dispatch of the VPP by maintaining equal incremental costs of DGs while the aggregated DG power matches the dispatch command. Often, one of the drawbacks of distributed schemes is that they are susceptible to communication failures and cyber-attacks (i.e., noncolluding and colluding attacks). In order to mitigate this problem, an attack-robust distributed economic dispatch strategy is proposed where we assume that every DG can monitor the behavior of its in-neighbors and has the network connectivity information. The proposed strategy detects the misbehaving DGs residing in the network and gradually isolates them so that the remaining well-behaving DGs could still accomplish the economic dispatch. The effectiveness of the proposed strategy is illustrated through simulations on the IEEE 123-bus test system.

Haicheng Tu,Hui-Liang Shen,Yongxiang Xia

DOI: https://doi.org/10.1109/iscas45731.2020.9180816

2020-01-01

Abstract:Under the variety of information and communication technologies, the control center can securely and reliably operate power grid during the system disturbances and natural events. Specifically, when the initial failures are detected by cyber monitoring, the system will timely take emergency protecting operations to restrain the spreading of failures. Although cyber network makes the system more robust, they also increase the risk from the cyber network. In this paper, we firstly consider a control strategy into the cascading failures model. Then, we study how the cyber attack - False negatives attack confuses the control center, and makes the control center can not take emergency operation timely, causing the failure continue spreading. We propose an optimization problem to model the above assumptions and, by solving the optimization problem, study the impact of different attack scenarios on power system.

Feiyang Hong,Zhejing Bao,Miao You

DOI: https://doi.org/10.1109/CCDC52312.2021.9601681

2021-01-01

Abstract:Recent studies show that the cyber-attacks such as false data injection attack (FDIA) are capable of severely threatening power system security, in such a way that the undetected errors are introduced into the states estimations by evading the conventional bad data detection (BDD) methods. This paper proposes a tri-level optimization model against the FDIA by formulating the attack actions and identifying the optimal defense strategies constrained by the limited resources. In the lower level, an economic dispatching is implemented to seek the operational strategy aiming at minimizing the operating costs under the given attack. The middle level formulates the behaviors of the attacker to discover the most destructive attack strategy intended by the attacker based on the defense strategy determined by the upper level. The upper level represents the actions of the planner and determines the optimal defense allocation on the measuring meters. The min-max-min tri-level model can be solved by the column-and-constraint generation (C&CG) algorithm. Simulations are implemented to identify the components which should be protected under the limited defense resources and severe attacks.

Qiangsheng Dai,Libao Shi,Yixin Ni

DOI: https://doi.org/10.1109/tpwrs.2019.2899983

IF: 7.326

2019-01-01

IEEE Transactions on Power Systems

Abstract:The extensive application of information and communication technology (ICT) can effectively improve the operational performance of active distribution systems (ADSs). On the other hand, the use of ICT may expose the systems to cyberattacks. Since feeder automation (FA) in advanced ADS provides fast-responding self-healing capability to restore service during an outage, the potential effect of cyberattacks on ADS becomes more devastating. In this paper, two simple yet powerful cyberattack methods targeting remote terminal units (RTUs) are proposed. The physical response of ADS to malicious cyberattacks on FA is elaborately investigated considering the output fluctuation of distributed generators. The impact of this specific cyberattack on ADS is quantified by a risk assessment index measured in scale and in duration to full restoration. The probability of RTU potentially being attacked is modeled based on search theory. Furthermore, a Bayesian attack graph model is applied and designed to quantify the probability of successfully exploiting the currently known and zero-day vulnerabilities. The proposed methodology is tested and validated via using a modified three-feeder ADS and the IEEE 123 Node Test Feeder.

Qiangsheng Dai,Libao Shi,Yixin Ni

DOI: https://doi.org/10.1109/TSG.2019.2938203

IF: 10.275

2020-01-01

IEEE Transactions on Smart Grid

Abstract:The rapid deployment of intelligent electronic devices and the development of information and communication technology have improved distribution network (DN) reliability with feeder automation. Thus, the operation of DNs has become more dependent on the cyber-physical components. As the cyber security of smart grid has drawn increasing attention in recent years, this paper proposes a simple yet powerful type of attack targeting the remote terminal units. The proposed attack policy can manipulate the feeder automation operation with the aim of cutting off important power consumers. Regarding the realistic cyber-attacks that previously occurred, an optimal attack model is established for analyzing the attack policy. This optimization model aims to minimize the attack cost and the penalty of being caught or detected while maximizing the remuneration. A Bayesian attack graph model is adopted to quantify the successful probability of exploiting known and zero-day vulnerabilities. The probability of a cyber-attack being caught or detected is modeled based on search theory. Next, an enhanced self-adaptive evolutionary programming is developed to achieve satisfactory solutions for practical applications. Finally, the proposed model and corresponding solution strategies are verified using the RBTS bus 2 DN and the modified IEEE 123-node test feeder.

Qiangsheng Dai,Libao Shi,Yixin Ni

DOI: https://doi.org/10.1109/pesgm.2018.8586312

2018-01-01

Abstract:The operating conditions of distribution system can be perceived and optimized rapidly and effectively with the help of information and communication technology. However, some potential cybersecurity risk needs to arouse enough attention. In this paper, a novel and practical cyber-attack method targeting remote terminal unit (RTU) is proposed firstly. Regarding the enormous cyber-physical devices in a distribution system and the high maintenance costs, this paper also introduces a risk index to identify the vulnerability of a distribution system to be studied under cyber-attack. A Bayesian attack graph model is applied to quantify the probability of successfully exploiting known and zero-day vulnerabilities, and the relationship between the attack behavior and the feeder automation action is further analyzed. Simulation results demonstrate the effectiveness and validity of the proposed model and method.

z zhang,y tian,r deng,j ma

DOI: https://doi.org/10.1109/JIOT.2022.3161790

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:The smart grid (SG), as one of the largest evolutionary critical infrastructures, witnesses the deep integration of electricity facilities and Internet of Things (IoT). But recent events show that the vulnerabilities exposed in IoT devices can be exploited by adversaries to construct the cyberattacks on SG. To address this threat, plenty of countermeasures have been proposed to enhance the SG’s security. However, the additional costs introduced by some countermeasures make the utilities hesitate to implement them practically. To alleviate this concern, in this article, we propose a double-benefit moving target defense (dB-MTD) to protect the SG from cyber–physical attacks (CPAs) and also gain generation-cost benefits. The dB-MTD enables the prevention of stealthy CPAs on the transmission lines by perturbing the reactances with the distributed flexible AC transmission system (D-FACTS). To reduce the infrastructure cost, we minimize the number of required D-FACTS devices for a specific protection goal. Although it needs investment on D-FACTS, we find that the utility can make profits from the generation costs by appropriately setting the reactance perturbations. Therefore, we formulate an optimization problem to compute the optimal reactance perturbations to maximize the generation-cost benefits, without sacrificing the protection performance of dB-MTD. Finally, using the real-world load profiles, we conduct extensive simulations to evaluate the impact of CPA on the system operation and the benefits obtained by the dB-MTD from the aspects of the D-FACTS deployment and the generation-cost profits.

Kang-Di Lu,Zheng-Guang Wu

DOI: https://doi.org/10.1109/tii.2021.3129487

IF: 12.3

2022-01-01

IEEE Transactions on Industrial Informatics

Abstract:As the next-generation power grids, smart grids are integrated with advanced information and communication technology (ICT) to make the grid more efficient and stable than conventional power systems. Given the mounting cyber-attack threats, these critical ICT systems create great security issues for smart grids. Additionally, the clever attackers have the ability to not only access and monitor the smart grid, but also hack it by launching well-established cyber-attacks. Thus, this article is devoted to understanding the potential stealthy cyber-attack and its countermeasure. First, this article proposes a stealthy sparse cyber-attack model in an ac smart grid by considering both the residual test-based detector and the interval-state-estimation-based detector, which is not considered in previous studies. The design model is formulated as a constrained optimization problem by minimizing the number of contaminated meters, where the characteristics of two types of detector are considered simultaneously as the constraints for the first time. A constrained differential evolution (CDE) is proposed as the solver because the optimization problem is NP-hard. Then, a generalized-cumulative-sum-based detector is developed to detect the proposed cyber-attacks, where a fractional-order state transition matrix is originally introduced into the estimator to describe the dynamics of the power system. Numerical studies illustrate the feasibility of CDE-based stealthy sparse cyber-attacks and the effectiveness of the proposed countermeasure.

Kang-Di Lu,Zheng-Guang Wu,Tingwen Huang

DOI: https://doi.org/10.1109/tmech.2022.3214314

2023-01-01

Abstract:With the rapid development of communication, control, and computer technology, traditional power systems have evolved into cyber-physical power system (CPPS). However, CPPS not only affords convenience but also introduces more cyber-attacks. Among many types of cyber-attacks, false data injection attacks (FDIAs) have drawn much attention in the CPPS security domain due to their stealthiness. Most FDIAs are based on the static model on a single snapshot and often ignore the reality of dynamically time-evolving CPPS. Accordingly, this article proposes a novel three-stage dynamic false data injection attack (DFDIA) model in CPPS by considering potential dynamic behaviors. To consider both attack location and attack amplitude, the designing DFDIA is formulated as two constrained single-objective optimization problems. Two versions of constrained differential evolution are presented as the solver to determine the attack location and optimize the attack vector for collaboratively altering the meter measurements. Then, an interval state forecasting-based countermeasure is proposed to detect the established DFDIA. In this detector, the variation bounds of state values are determined via ensemble deep learning-based state forecasting method. Finally, extensive simulation results on several IEEE bus systems demonstrate the feasibility of DFDIA and the effectiveness of the defense mechanism.

Jichao Bi,Fengji Luo,Gaoqi Liang,Xiaofan Yang,Shibo He,Zhao Yang Dong

DOI: https://doi.org/10.1109/TNSE.2022.3197682

IF: 6.6

2023-01-01

IEEE Transactions on Network Science and Engineering

Abstract:Cyber-physical security has been becoming an important issue for many critical infrastructures in human society, including electrical power grids. This paper proposes an impact assessment framework for smart grids suffering false data injection attack against smart meters. Firstly, the propagation model of malicious false data codes in smart meter communication networks is established. Based on this, a security-constrained economic dispatch model is formulated to assess how false data codes would mislead the grid operator's actions. A defense strategy is proposed, which enhances the grid's vulnerability through effectively deploying defense resources in smart meter networks. Extensive numerical simulations are conducted to evaluate the impact of different attack scenarios as well as the effectiveness of the defense strategy.

Bingjing Yan,Zhenze Jiang,Pengchao Yao,Qiang Yang,Wei Li,Albert Y. Zomaya

DOI: https://doi.org/10.23919/pcmp.2023.000138

IF: 10.5

2024-01-01

Protection and Control of Modern Power Systems

Abstract:Modern power grid is fast emerging as a complex cyber-physical power system (CPPS) integrating physical current-carrying components and processes with cyber-embedded computing, which faces increasing cyberspace security threats and risks. In this paper, the state (i.e., voltage) offsets resulting from false data injection (FDI) attacks and the bus safety characterization are applied to quantify the attack consequences. The state offsets are obtained by the state estimation method, and the bus safety characterization considers the power network topology as well as the vulnerability and connection relationship of buses. Considering the indeterminacy of attacker's resource consumption and reward, a zero-sum game-theoretical model from the defender's perspective with incomplete information is explored for the optimal allocation of limited defensive resources. The attacker aims to falsify measurements without triggering threshold alarms to break through the protection, leading to load shedding, over-voltage or under-voltage. The defender attempts to ensure the estimation results to be as close to the actual states as possible, and guarantee the system's safety and efficient defensive resource utilization. The proposed solution is extensively evaluated through simulations using the IEEE 33-bus test network and real-time digital simulator (RTDS) based testbed experiments of the IEEE 14-bus network. The results demonstrate the effectiveness of the proposed game-theoretical approach for optimal defensive resource allocation in CPPS when limited resources are available when under FDI attacks.

Rong Zeng,Yijia Cao,Yong Li,Sijia Hu,Xia Shao,Liwei Xie,Liang Hou,Long Zhao,Mohammad Shahidehpour

DOI: https://doi.org/10.1109/tsg.2023.3302287

IF: 10.275

2023-01-01

IEEE Transactions on Smart Grid

Abstract:The power system has become the key target of national cyber confrontation. To enhance the risk management capability of the distribution network (DN) while assessing the cyberattack risk quickly and accurately, this paper proposes a general real-time cyberattack risk assessment method for DN involving the influence of distributed feeder automation systems (DFAs). In particular, to clarify the quantitative relationship between cyberattack intrusion and DN state deterioration, we constructed the quantitative model of the cyber physical distribution network (CPDN) under cyberattack, which involves the influence of DFAs’ behavior. In addition, in order to intuitively demonstrate the cyberattack risk, we developed a novel entropy-like risk assessment system upon the quantitative model of CPDN. The real two-feeder test platform with cyberattack simulation devices is used to verify the correctness and practicality of the proposed method. In this process, a digital cyberattack risk assessment unit is created, contributing to the system-level application of risk management.

engineering, electrical & electronic

Li Ma,Lingfeng Wang,Zhaoxi Liu

DOI: https://doi.org/10.1109/tpwrs.2022.3165169

IF: 7.326

2023-01-01

IEEE Transactions on Power Systems

Abstract:Cyberattacks are increasingly threatening the normal operation of electric power grids. The purpose of this study is to develop an optimization model for planning and operation of distribution systems to enhance the resilience to cyberattacks. A new distribution system planning method is presented utilizing a Defender-Attacker-Defender (DAD) tri-level model to improve the system resilience to withstand potential disruptions from cyberattacks. In the first level of the model, the system planner optimizes the Soft Open Points (SOPs) installation in the planning stage. The attacker’s objective in the second level of the model is to change the status of the network circuit breakers and jam the communication maximizing disruption of the system. The optimization of Distribution Generators’ (DGs’) outputs, SOPs’ power flow, and topology reconfiguration are comprehensively considered in the third level. The novel model presented in this paper considers hardening measures of the SOPs in response to the attacks on distribution systems. The Column and Constraint Generation (C&CG) algorithm is utilized to solve the proposed DAD model. A procedure is devised to solve the two-layer subproblem (the Attacker-Defender model), with the bottom layer being a Mixed Integer Second Order Cone Programming (MISOCP) problem. Finally, the proposed models are validated in 33-bus and 135-bus test systems. The results show that the installation of SOPs significantly improves the service restoration under cyberattacks. Both the number and location of SOPs influence the extent of restored service, and differing SOP allocation schemes may lead to similar restoration outcomes. The proposed models and techniques could also be extended to deal with other similar problems in industrial cyber-physical systems.

Rong Zeng,Yong Li,Sijia Hu,Jiayan Liu,Huidi Wu,Jie Chen,Yong Xu,Xusheng Yang,Yijia Cao

DOI: https://doi.org/10.1109/TSG.2024.3439751

IF: 10.275

2024-01-01

IEEE Transactions on Smart Grid

Abstract:Distributed feeder automation system (DFAs), as a promising protection technology for power distribution system (PDS) with distributed generation, its vulnerability to cyberattacks and hybrid attacks (contains both physical and cyberattacks) is gradually recognized and haunts utilities, creating potential risks for its large-scale applications. This paper proposes a novel bilevel resilient control solution (BRCS) deployed to DFAs without hardware burden. Two key modules are developed: 1) Lightweight distributed cyberattack detection module (DCDM), deployed into agents of DFAs, based on unsupervised learning to realize the quick detection and reporting of cyberattacks; 2) Robust centralized fault section localization module (CFSLM), installed in DFAs’ host workstation located in control center, achieving the correctly fault section localization and the high dimensionally awareness of attack events in cyberattack and hybrid attack scenarios. By adopting BRCS, outages and load losses caused by cyberattacks can be 100% avoided, and faults caused by physical attacks can be correctly isolated at once. Finally, the effectiveness and performance of the proposal are verified and conducted by the real two-feeder test platform with DFAs. In this process, a digital high-dimensional awareness and control unit is created against cyber and hybrid attacks, contributing to the system-level application of risk management and resilient control.

Yingmeng Xiang,Lingfeng Wang,Nian Liu,Ruosong Xiao,Kaigui Xie

DOI: https://doi.org/10.1109/pmaps.2016.7764213

2016-01-01

Abstract:Power system operation is facing increasing cyber and physical attack risks and it is pressing to develop effective methods to improve the resiliency of electric power infrastructure against malicious attacks. In this study, a holistic resiliency framework is proposed by extending the conventional security-constrained optimal power flow analysis (SCOPF) to incorporate the presumed risk caused by the attacks. The improved solution method is studied by combining particle swarm optimization, primal-dual interior point (PDIP) method and parallel computing. The case studies conducted on IEEE 39-bus and 118-bus systems demonstrate the proposed SCOPF model is able to improve the resiliency of power system for the presumed attacks. This study can provide some meaningful insights on improving the power system operation resiliency.

Yirui Zhao,Yijia Cao,Yong Li,Zhiyi Li,Wenxuan Yao,Xingyu Shi

DOI: https://doi.org/10.1109/tii.2023.3295417

IF: 12.3

2023-01-01

IEEE Transactions on Industrial Informatics

Abstract:Developing efficient defensive strategies against cyber-attacks is a major concern of modern power system research. With the goal of minimizing the expected load loss, this article proposes a robust probabilistic substation-based defender-attacker-defender (DAD) model to allocate the substation's defensive resources. The proposed model aims to minimize the risk of cyber-attacks on intelligent electronic devices (IEDs). The game between the defender and the attacker concerning multiple substations, IEDs, and their connected lines is particularly modeled. In addition, we extend the proposed probabilistic DAD model to an observability-ensured DAD model where the existing phasor measurement units in the power grids are considered in the defensive resource allocation. Integrated with the logarithmic transformation and piecewise linearization techniques, a customized column-and-constraint generation algorithm is developed to solve the proposed model. Finally, the numerical results on IEEE RTS 24-bus and 118-bus systems validate the proposed model.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Yirui Zhao,Yong Li,Yijia Cao,Mingyu Yan

DOI: https://doi.org/10.1016/j.apenergy.2023.121551

IF: 11.2

2023-07-22

Applied Energy

Abstract:Substation with various communication and control devices has become a major target of cyber-attacks. In general, two main types of cyber-attacks can be performed on substations through direct intelligent electronic device connections from remote accesses or via compromising local substation supervisory control center and data acquisition systems, thus respectively resulting in different damage to the power systems. In this paper, the combination of two types of cyber-attacks on the power systems are considered. The generalized stochastic Petri net is utilized to simulate dynamic intrusion processes of these two types of cyber-attacks. Furthermore, the successful attack probabilities of cyber-attacks are calculated based on simulation results. Then, a probabilistic bi-level optimization model is proposed to identify critical components with the maximum cyber risk and the types of cyber-attacks. The two types of cyber-attacks initiated from substation space to individual components are particularly modeled in the proposed model. Finally, a two-stage algorithm using the network flow is proposed to solve the proposed model more efficiently. Simulation results tested on the IEEE RTS 24-bus and the 118-bus systems validate the effectiveness of the proposed model. Results also show that the devised algorithm can improve the computation performance in dealing with larger-scale power systems.

energy & fuels,engineering, chemical