Aidong Xu,Yixin Jiang,Yang Cao,Guoming Zhang,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ei247390.2019.9062014

2019-01-01

Abstract:With the rapid development of information technology and the Internet of Things, the common information technologies are being applied to the power grid. It brings about the tremendous improvement in productivity, yet breaks down the safety barrier, which makes the power grid a popular target for attacks. The Distribution Terminal Unit (DTU) is a critical part of the power grid because of the acts as access points in the substation and controls the grid equipment. However, DTUs are vulnerable to different types of attacks, which can cause significant property loss or even casualties To monitor the operation of DTU, we proposed a real-time monitoring system by analyzing the side-channel information of power consumption. To validate this idea, we design 3 types of attacks and collect the power information separately, then we choose representational power features and machine learning algorithm for detecting those attacks. We validate that it is feasible to detect attacks and achieves a detection accuracy above 99%.

Wenting Wang,Dongqin Feng,Mingliang Chen,Shuxian Yang

DOI: https://doi.org/10.1109/ccdc62350.2024.10588015

2024-01-01

Abstract:This work investigates the problem of detecting and localizing attacks on a class of power cyber-physical systems (CPSs) in the presence of dynamic load alteration attacks (D-LAA). The power CPS is modeled as a discrete-time system with an unknown input, assuming that the sampling process is periodic and the D-LAA is bounded. This study delves into the investigation of attack detection and localization within a specific category of power cyber-physical systems (CPSs) when dealing with dynamic load alteration attacks (D-LAA). A novel Maximum Correntropy Robust Two-Stage Kalman Filter (MCRTSKF) is proposed so that the accurate state estimation for power CPS is achieved in spite of anomalous noise. Meanwhile, some essential parameters for the designed filter are obtained through the fixed-point iteration-stop parameter selection method. Furthermore, based on the state estimate value, the attack detection and localization procedure is presented. Finally, the validity and effectiveness of the proposed attack detection and localization schemes are illustrated by case studies on an IEEE 9-bus system.

Kang-Di Lu,Zheng-Guang Wu

DOI: https://doi.org/10.1109/icarm54641.2022.9959185

2022-01-01

Abstract:The cyber-physical power system (CPPS) is evolved from the traditional power system by the deployment of information networks with control systems, computational units, and communication networks. However, their integration into CPPS introduces new challenges in maintaining security. Various malicious cyber-attacks are drawn much attention recently after the discovery of the impact on CPPS state estimation. Thus, it is of great significance for operators to detect cyber-attacks and identify the types of attacks in CPPS to make decisions appropriately. This problem can be viewed as a multi-class classification problem from the perspective of machine learning. Accordingly, this paper proposes an ensemble learning-based cyber-attacks detection model for CPPS state estimation. In the proposed model, we use the subspace features and then send the data to the classifier for ensemble, where decision trees and random vector functional link networks are introduced as the basic classifier. The proposed model is validated by employing simulated data on IEEE 14-bus and 30-bus systems. Simulation results demonstrate the performance of the proposed cyber-attacks detection model.

Wu Wang,Fouzi Harrou,Benamar Bouyeddou,Sidi-Mohammed Senouci,Ying Sun

DOI: https://doi.org/10.1007/s10586-021-03426-w

2021-10-05

Cluster Computing

Abstract:Presently, Supervisory Control and Data Acquisition (SCADA) systems are broadly adopted in remote monitoring large-scale production systems and modern power grids. However, SCADA systems are continuously exposed to various heterogeneous cyberattacks, making the detection task using the conventional intrusion detection systems (IDSs) very challenging. Furthermore, conventional security solutions, such as firewalls, and antivirus software, are not appropriate for fully protecting SCADA systems because they have distinct specifications. Thus, accurately detecting cyber-attacks in critical SCADA systems is undoubtedly indispensable to enhance their resilience, ensure safe operations, and avoid costly maintenance. The overarching goal of this paper is to detect malicious intrusions that already detoured traditional IDS and firewalls. In this paper, a stacked deep learning method is introduced to identify malicious attacks targeting SCADA systems. Specifically, we investigate the feasibility of a deep learning approach for intrusion detection in SCADA systems. Real data sets from two laboratory-scale SCADA systems, a two-line three-bus power transmission system and a gas pipeline are used to evaluate the proposed method's performance. The results of this investigation show the satisfying detection performance of the proposed stacked deep learning approach. This study also showed that the proposed approach outperformed the standalone deep learning models and the state-of-the-art algorithms, including Nearest neighbor, Random forests, Naive Bayes, Adaboost, Support Vector Machine, and oneR. Besides detecting the malicious attacks, we also investigate the feature importance of the cyber-attacks detection process using the Random Forest procedure, which helps design more parsimonious models.

Kuo Zhang,Zheng-Guang Wu

DOI: https://doi.org/10.1109/iccss53909.2021.9722027

2021-01-01

Abstract:False data injection attack(FDIA) is a traditional attack for the smart grid. There are many methods for the detection of the FDIA, but few of them can send the attack alarm successfully without an attack model. In this paper, we propose a reinforcement learning-based FDIA detection method for the distributed smart grid. The detection problem is formulated as a partially observable Markov decision process(POMDP) problem, and the observation of the POMDP can be obtained from the estimation of state and attack which come from the Kalman filter. By using the Sarsa algorithm, we can get a Q-table through online training. Finally, we use the IEEE-118 bus power system to evaluate the performance of our detector, and numerical results show the accurate response for the FDIA.

Kecheng Li,Genyuan Yang,Shanling Dong,Meiqin Liu

DOI: https://doi.org/10.23919/ccc63176.2024.10661728

2024-01-01

Abstract:The increasing integration of smart grid technologies in multiregional power systems improves efficiency but also exposes them to cyber security threats, especially false data injection attacks. In this paper, we address this challenge by proposing a distributed detection framework tailored for multi-regional power systems. Traditional centralized approaches are insufficient to cope with the dynamic and decentralized nature of these systems. The framework aims to simultaneously monitor and analyze multiple regions in real-time, enhancing the system’s ability to withstand false data injection attacks. This study outlines the proposed framework and provides simulation results for validation, emphasizing the need for proactive defense mechanisms in safeguarding the data integrity of power systems.

Kang-Di Lu,Zheng-Guang Wu

DOI: https://doi.org/10.1109/tcsii.2022.3181827

2022-01-01

Abstract:In cyber-physical power systems (CPPSs), false data injection attack (FDIA) has drawn much attention due to its stealthiness. It is of great importance to investigate the potential behaviors of attackers to improve the cyber-security of CPPSs. However, most FDIA models are often constructed separately on the effect of attackers or the impact of attacks. Accordingly, this brief proposes a multi-objective stealthy FDIA scheme in AC grid model. The attack model is described as a multi-objective optimization problem, where minimization of contaminated measurements and maximization of the attack impact are considered as two objectives while remaining stealthy. To deal with the established attack model, a non-dominated sorting genetic algorithm II (NSGAII) is introduced as the solver. To improve the efficiency of generating attack vector, a new representation mechanism is proposed to describe locations and values of injected states. Additionally, during the evolutionary process, we propose a mutation operation to balance the sparsity and impact of FDIA. Simulation results on the IEEE 14-bus, 30-bus, and 118-bus systems demonstrate the feasibility of the NSGAII-based FDIA model.

Dou An,Feiye Zhang,Qingyu Yang,Chengwei Zhang

DOI: https://doi.org/10.1109/tase.2022.3149764

IF: 6.636

2022-01-01

IEEE Transactions on Automation Science and Engineering

Abstract:A smart grid integrates advanced sensors, efficient measurement methods, progressive control technologies, and other techniques and devices to achieve safe, efficient and economical operation of the grid system. However, the diversified and open environment of a smart grid makes energy and information of the smart grid vulnerable to malicious attacks. As a representative cyber-physical attack, the data integrity attack has an extremely severe impact on the grid operation for it can bypass the traditional detection mechanisms by adjusting the attack vector. In this paper, we first present the attack strategy against dynamic state estimation of power grid in the perspective of adversary and formulate the data integrity attack detection problem that has the characteristic of sequential decision making as a partially observable Markov decision process. Then, a deep reinforcement learning-based approach is proposed to detect against data integrity attacks, which utilizes the Long Short-Term Memory layer to extract the state features of previous time steps in determining whether the system is currently under attack. Moreover, the noisy networks are employed to ensure effective agent exploration, which prevents the agent from sticking to the non-optimal policy. The principle of a multi-step learning is adopted to increase the estimation accuracy of Q value. To address the sparse rewards problem, the prioritized experience replay is proposed to increase training efficiency. Simulation results demonstrated that the proposed detection approach surpasses the benchmarks in the comparison metrics: delay error rate and false rate. Note to Practitioners—In this paper, we present a deep reinforcement learning-based algorithm to defend against the data integrity attacks of smart grid. Most of the previous works discretized the system states and utilized the current state information to identify whether the system is under attack. For this reason, the detection policy may totally ignored the continuously changing characteristics of the grid states, which will lead to poor detection performance. Moreover, the attacked system states only accounts for a small part of the entire grid operation states, the probability of sampling the experience containing the attack state is extremely small, which limits the learning efficiency of previous RL-based detection approaches. In order to increase the accuracy of detection, we first present the attack strategy against power grid’s dynamic state estimation in the perspective of adversary and formulate the partially observable Markov decision process model of attack detection problem. Moreover, we propose a deep reinforcement learning-based detection approach combining the LSTM network to extract the system state features of the previous time steps to determine whether the system is currently being attacked. To address the sparse rewards problem, the prioritized experience replay is used to increase learning efficiency. The experiments demonstrate the effectiveness of proposed detection scheme compared with benchmarks in terms of detection delay as well as accuracy. In conclusion, the proposed detection scheme is helpful in defending against the data integrity attacks without obtaining the opponent’s strategy in advance and can be conveniently applied to the real-world security management system of smart grid.

automation & control systems

Zhenyong Zhang,Ke Zuo,Ruilong Deng,Fei Teng,Mingyang Sun

DOI: https://doi.org/10.1109/jiot.2023.3264492

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Machine learning-based intelligent systems enhanced with Internet of Things (IoT) technologies have been widely developed and exploited to enable the real-time stability assessment of a large-scale electricity grid. However, it has been extensively recognized that the IoT-enabled communication network of power systems is vulnerable to cyberattacks. In particular, system operating states, critical attributes that act as input to the data-driven stability assessment, can be manipulated by malicious actors to mislead the system operator into making disastrous decisions and thus cause major blackouts and cascading events. In this article, we explore the vulnerability of the data-driven power system stability assessment, with a special emphasis on decision tree-based stability assessment (DTSA) approaches, and investigate the feasibility of constructing a physics-constrained adversarial attack (PCAA) to undermine the DTSA. The PCAA is formulated as a nonlinear programming problem considering the misclassification constraint, power limits, and bad data detection, computing potential adversarial perturbations that reverse the “stable/unstable” prediction of the real-time input while remaining invisible/stealthy. Extensive experiments based on the IEEE 68-bus system are conducted to evaluate the impact of PCAAs on predictions of DTSA and their transferability.

Ahmed S. Musleh,Guo Chen,Zhao Yang Dong,Chen Wang,Shiping Chen

DOI: https://doi.org/10.1109/tii.2022.3178418

IF: 12.3

2022-11-13

IEEE Transactions on Industrial Informatics

Abstract:Automatic generation control (AGC) is paramount in maintaining the stability and operation of power grids. Its dependence on communication systems makes it vulnerable to various cyberphysical attacks. False data injection attacks (FDIA) are particularly difficult to detect and represent a major threat to AGC systems. This article proposes a novel spatio-temporal learning algorithm that can learn the normal dynamics of the power grid with AGC system to deal with this problem. The algorithm first uses a long short-term memory autoencoder to learn the normal dynamics. It then utilizes this unsupervised learned model in detecting the various possibilities of FDIA affecting the AGC system by evaluating the reconstruction residual of each measurements sample. The proposed algorithm is data-driven which makes it resilient against AGC's parameters uncertainties and modeling nonlinearities. The effectiveness of the developed algorithm is evaluated through test cases with various basic and stealth FDIAs.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Feiye Zhang,Qingyu Yang

DOI: https://doi.org/10.3389/fenrg.2022.1005660

IF: 3.4

2022-09-16

Frontiers in Energy Research

Abstract:The smart grid greatly facilitates the transmission of power and information by integrating precise measurement technology and efficient decision support systems. However, deep integration of cyber and physical information entails multiple challenges to grid operation. False data injection attacks can directly interfere with the results of state estimation, which can cause the grid regulator to make wrong decisions and thus poses a huge threat to the stability and security of grid operation. To address this issue, we propose a detection approach against false data injection attacks for dynamic state estimation. The Kalman filter is used to dynamically estimate the state values from IEEE standard bus systems. A long short-term memory (LSTM) network is utilized to extract the sequential observations from states at multiple time steps. In addition, we transform the attack detection problem into supervised learning problem and propose a deep neural network-based detection approach to identify attacks. We evaluate the effectiveness of the proposed detection approach in multiple IEEE standard bus systems. The simulation results demonstrate that the proposed detection approach outperforms benchmarks in improving the detection accuracy of malicious attacks.

energy & fuels

Xinyu Wang,Xiangjie Wang,Xiaoyuan Luo,Xinping Guan,Shuzheng Wang

DOI: https://doi.org/10.1016/j.gloei.2024.06.003

2024-06-01

Global Energy Interconnection

Abstract:Owing to the integration of energy digitization and artificial intelligence technology, smart energy grids can realize the stable, efficient and clean operation of power systems. However, the emergence of cyber-physical attacks, such as dynamic load-altering attacks (DLAAs) has introduced great challenges to the security of smart energy grids. Thus, this study developed a novel cyber-physical collaborative security framework for DLAAs in smart energy grids. The proposed framework integrates attack prediction in the cyber layer with the detection and localization of attacks in the physical layer. First, a data-driven method was proposed to predict the DLAA sequence in the cyber layer. By designing a double radial basis function network, the influence of disturbances on attack prediction can be eliminated. Based on the prediction results, an unknown input observer-based detection and localization method was further developed for the physical layer. In addition, an adaptive threshold was designed to replace the traditional precomputed threshold and improve the detection performance of the DLAAs. Consequently, through the collaborative work of the cyber-physics layer, injected DLAAs were effectively detected and located. Compared with existing methodologies, the simulation results on IEEE 14-bus and 118- bus power systems verified the superiority of the proposed cyber-physical collaborative detection and localization against DLAAs.

Xin Ge,Minnan Yue

DOI: https://doi.org/10.1007/s00202-024-02277-z

IF: 1.63

2024-02-27

Electrical Engineering

Abstract:LR attacks pose a significant menace to the safety of smart grids as they involve the manipulation of accurate measurements, resulting in system line overload and potential sequential outages. While previous research has focused on detecting LR attacks that cause line overloads, this paper introduces a mechanism capable of identifying both line overload and sequential output-generating by attacks. The proposed approach employs a deep learning network to analyze cyber load data estimated by the energy management system. To evaluate the effectiveness of the identification process, the IEEE standard 118 bus system is subjected to various attack scenarios and parameters. Results demonstrate that the proposed mechanism can effectively differentiate among LR attacks that aim to overload the lines, those that have cascading output potential, and a secure system state with a high degree of precision. In contrast to previous studies, the authors consider loads as input features to the network, improving accuracy and reducing delicacy to factors like measurement noise. The proposed detection mechanism offers an efficient, fast, and practical approach to identifying LR attacks in smart grids.

engineering, electrical & electronic

Yuehao Shen,Zhijun Qin

DOI: https://doi.org/10.1038/s41598-024-52954-z

IF: 4.6

2024-02-03

Scientific Reports

Abstract:Replay attack and false data injection attack (FDIA) are two common types of cyber-attacks against supervisory control and data acquisition systems, aiming to disrupt the normal operation of the power system by falsifying meter measurements. In this paper, we proposed a systematic methodology to defend hybrid attack with both replay attack and FDIA. Specifically, we propose a detection method applying random matrix theory to: (1) detect the hybrid attack on static state estimation, and (2) distinguish FDIA from replay attack as well as localize falsified measurements. Firstly, short-term forecast on load and renewable power generation is conducted to obtain the predicted measurements. Secondly, random variables are calculated by differentiating the forecasting measurements and real-time measurements. A random matrix is consequently constructed with the above random variables. Thirdly, hybrid attacks are detected by the changes of the linear eigenvalue statistics of the random matrix obtained by the sliding time window. More importantly, a novel multi-label classifier to distinguish replay attack from FDIA is designed to localize FDIA by combining SVD decomposition and eigenvalue analysis with convolutional neural network (SVD-CNN). Finally, comprehensive simulations on the IEEE 14-bus system and IEEE 57-bus system are provided to validate the performance of the proposed method. It is shown that the proposed detection method has strong detection ability by filtering measurement noise. Moreover, the proposed SVD-CNN improves the accuracy in FDIA localization.

multidisciplinary sciences

Yucheng Ding,Kang Ma,Tianjiao Pu,Xinying Wang,Ran Li,Dongxia Zhang

DOI: https://doi.org/10.3390/electronics10121459

IF: 2.9

2021-06-18

Electronics

Abstract:A smart grid improves power grid efficiency by using modern information and communication technologies. However, at the same time, due to the dependence on information technology and the deep integration of electrical components and computing information in cyber space, the system might become increasingly vulnerable to cyber-attacks. Among various emerging security problems, a false data injection attack (FDIA) is a new type of attack against the state estimation. In this article, a deep learning-based identification scheme is developed to detect and mitigate information corruption. The scheme implements a conditional deep belief network (CDBN) to analyze time-series input data and leverages captured features to detect the FDIA. The performance of our detection mechanism is validated by using the IEEE 14-bus test system for simulation. Different attack scenarios and parameters are set to demonstrate the feasibility and effectiveness of the developed scheme. Compared with the artificial neural network (ANN) and the support vector machine (SVM), the experimental analyses indicate that the results of our detection mechanism are better than those of the other two in terms of FDIA detection accuracy and robustness.

engineering, electrical & electronic,computer science, information systems,physics, applied

Abdulaziz Almalaq,Saleh Albadran,Mohamed A. Mohamed

DOI: https://doi.org/10.3390/math10152574

IF: 2.4

2022-07-26

Mathematics

Abstract:Modern intelligent energy grids enable energy supply and consumption to be efficiently managed while simultaneously avoiding a variety of security risks. System disturbances can be caused by both naturally occurring and human-made events. Operators should be aware of the different kinds and causes of disturbances in the energy systems to make informed decisions and respond accordingly. This study addresses this problem by proposing an attack detection model on the basis of deep learning for energy systems, which could be trained utilizing data and logs gathered through phasor measurement units (PMUs). Property or specification making is used to create features, and data are sent to various machine learning methods, of which random forest has been selected as the basic classifier of AdaBoost. Open-source simulated energy system data are used to test the model containing 37 energy system event case studies. In the end, the suggested model has been compared with other layouts according to various assessment metrics. The simulation outcomes showed that this model achieves a detection rate of 93.6% and an accuracy rate of 93.91%, which is greater compared to the existing methods.

mathematics

Jun Zhang,Lei Pan,Qing-Long Han,Chao Chen,Sheng Wen,Yang Xiang

DOI: https://doi.org/10.1109/jas.2021.1004261

2022-03-01

IEEE/CAA Journal of Automatica Sinica

Abstract:With the booming of cyber attacks and cyber criminals against cyber-physical systems (CPSs), detecting these attacks remains challenging. It might be the worst of times, but it might be the best of times because of opportunities brought by machine learning (ML), in particular deep learning (DL). In general, DL delivers superior performance to ML because of its layered setting and its effective algorithm for extract useful information from training data. DL models are adopted quickly to cyber attacks against CPS systems. In this survey, a holistic view of recently proposed DL solutions is provided to cyber attack detection in the CPS context. A six-step DL driven methodology is provided to summarize and analyze the surveyed literature for applying DL methods to detect cyber attacks against CPS systems. The methodology includes CPS scenario analysis, cyber attack identification, ML problem formulation, DL model customization, data acquisition for training, and performance evaluation. The reviewed works indicate great potential to detect cyber attacks against CPS through DL modules. Moreover, excellent performance is achieved partly because of several high-quality datasets that are readily available for public use. Furthermore, challenges, opportunities, and research trends are pointed out for future research.

Jiayu Shi,Shichao Liu,Bo Chen,Li Yu

DOI: https://doi.org/10.1109/tcsii.2020.3020139

2021-01-01

Abstract:The stealthy false data injection (FDI) attacks in smart grids can bypass the bad data detection, and thus make an incorrect state estimate in the control center. In this brief, a distributed data-driven intrusion detection approach is proposed to reveal the existence of the sparse stealthy FDI attack in a multi-area interconnected power system. The proposed distributed intrusion detection approach avoids the over-fitting issue that is extensively seen when implementing machine learning algorithms for large-scale systems. Firstly, each area estimates the entire system state based on a distributed state estimation algorithm. Then, the state of each local area is used as trained neural network input to detect the stealthy FDI attacks. Simulation results on the IEEE 118-bus system verify that the proposed method not only reduces the risk of over-fitting, but also can locate the areas which have been attacked.

Wei Fu,Yunqi Yan,Ying Chen,Zhisheng Wang,Danlong Zhu,Longxing Jin

DOI: https://doi.org/10.1049/stg2.12141

2023-11-16

IET Smart Grid

Abstract:This study introduces the temporal FDI (TFDI) attack and its detection countermeasure. The attack utilises a deep Q network (DQN) algorithm driven by temporal observations and employs long short‐term memory (LSTM) cells to capture time‐series measurements. A countermeasure based on binary classifiers is also introduced, which detects suspicious local measurements to effectively identify TFDI attacks. False data injection (FDI) attacks are serious threats to a cyber‐physical power system (CPPS), which may be launched by a malicious software or virus accessing only the measurements from one substation. This study proposes a novel attack method named the temporal FDI (TFDI) attack. Namely, the virus makes decisions based on temporal observations of the CPPS, and the attack is driven by a deep Q network (DQN) algorithm. As DQN takes vectors of continuous variables as input states, the proposed method is free of the state space explosion problem, which helps the virus to learn the optimal attack strategy efficiently. Moreover, for adopting time‐series measurements as quasi‐dynamic observations, long short‐term memory cells are employed as a layer of the Q network. The TFDI attack enables the virus to discern trends of load variations and enhance the attack's effectiveness. Meanwhile, a countermeasure is also presented to detect the proposed FDI attack. Binary classifiers are trained for each bus to detect suspicious local measurements according to their deviations from system‐state manifolds. When suspicious measurements are spotted frequently, the corresponding bus is believed to be under FDI attacks. Test cases validate the efficacy of the proposed FDI attack method as well as its countermeasure.

Xuefei Yin,Yanming Zhu,Yi Xie,Jiankun Hu

DOI: https://doi.org/10.1109/OJCS.2022.3199755

2022-12-07

Abstract:Recent studies have demonstrated that smart grids are vulnerable to stealthy false data injection attacks (SFDIAs), as SFDIAs can bypass residual-based bad data detection mechanisms. The SFDIA detection has become one of the focuses of smart grid research. Methods based on deep learning technology have shown promising accuracy in the detection of SFDIAs. However, most existing methods rely on the temporal structure of a sequence of measurements but do not take account of the spatial structure between buses and transmission lines. To address this issue, we propose a spatiotemporal deep network, PowerFDNet, for the SFDIA detection in AC-model power grids. The PowerFDNet consists of two sub-architectures: spatial architecture (SA) and temporal architecture (TA). The SA is aimed at extracting representations of bus/line measurements and modeling the spatial structure based on their representations. The TA is aimed at modeling the temporal structure of a sequence of measurements. Therefore, the proposed PowerFDNet can effectively model the spatiotemporal structure of measurements. Case studies on the detection of SFDIAs on the benchmark smart grids show that the PowerFDNet achieved significant improvement compared with the state-of-the-art SFDIA detection methods. In addition, an IoT-oriented lightweight prototype of size 52 MB is implemented and tested for mobile devices, which demonstrates the potential applications on mobile devices. The trained model will be available at \textit{<a class="link-external link-https" href="https://github.com/HubYZ/PowerFDNet" rel="external noopener nofollow">this https URL</a>}.

Cryptography and Security,Artificial Intelligence,Machine Learning,Systems and Control