Huaiyu Liu,Yuze Fu,Kaikai Pan,Wenyuan Xu,Chenggang Li,Chen Liu

DOI: https://doi.org/10.1109/isgtasia54891.2023.10372698

2023-01-01

Abstract:With the growing focus on reducing carbon emissions, there has been a significant increase in the deployment of distributed photovoltaic generation systems. However, their distributed nature makes them vulnerable to adversarial threats. Moreover, these systems can serve as potential entry points or attack surfaces for targeting the power grid. Existing methods are either designed for specific attacks or intrusive to power terminals (e.g., intelligent terminal, communication device). To tackle this issue, this paper introduces a method for detecting and classifying attacks on distributed PV systems leveraging cyber and power side channel data. The proposed method is capable of detecting various attacks rather than specific ones and is non-intrusive for collecting information from power terminals.

Vivek Kumar Singh,Manimaran Govindarasu

DOI: https://doi.org/10.1007/978-3-030-54275-7_22

2020-09-22

Abstract:Today’s electric power grid is a complex, automated, and interconnected cyber-physical system (CPS) that relies on supervisory control and data acquisition (SCADA)-based communication infrastructure for operating wide-area monitoring, protection, and control (WAMPAC) applications. With a push towards making the grid smarter, the critical SCADA infrastructure like power system is getting exposed to countless cyberattacks that necessitate the development of state-of-the-art intrusion detection systems (IDS) to provide comprehensive security solutions at different layers in the smart grid network. While considering the continuously evolving attack surfaces at physical, communication, and application layers, existing conventional IDS solutions are insufficient and incapable to resolve multi-dimensional cybersecurity threats because of their specific nature of the operation, either a data-centric or protocol-centric, to detect specific types of attacks. This chapter presents a hybrid intrusion detection system framework by integrating a network-based IDS, model-based IDS, and state-of-the-art machine learning-based IDS to detect unknown and stealthy cyberattacks targeting the SCADA networks. We have applied the cyber-kill model to develop and demonstrate attack vectors and their associated mechanisms. The hybrid IDS utilizes attack signatures in grid measurements and network packets as well as leverages secure phasor measurements to detect different stages of cyber-attacks while following the kill-chain process. As a proof of concept, we present the experimental case study in the context of centralized wide-area protection (CWAP) cybersecurity by utilizing resources of the PowerCyber testbed at Iowa State University (ISU). We also describe different classes of implemented cyber-attacks and generated heterogeneous datasets using the IEEE 39 bus system. Finally, the performance of the hybrid IDS is evaluated based in terms of detection rate in real-time cyber-physical environment.

Da-Wen Huang,Fengji Luo,Jichao Bi,Mingyang Sun

DOI: https://doi.org/10.1109/tifs.2022.3191491

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Deploying Intrusion Detection Systems (IDSs) is an essential way to enhance the security of Multi-hop Clustered Wireless Sensor Networks (MCWSNs). The conventional IDS deployment architectural designs show limitations in ensuring the security of MCWSNs due to the limited monitoring range of the nodes. This paper proposes an efficient IDS deployment architecture for MCWSNs. The architecture is a hybrid design, in which the cluster heads and the sink collaboratively act as IDS agents to monitor the entire network and perform intrusion detection. Based on the new architecture, this paper proposes a resource allocation model to optimally allocate resources among the IDS agents so that the network’s security metric can be maximized. A comprehensive analytical framework is proposed to analyze the optimality of the model’s solution, and an efficient computational approach is developed to obtain the optimal resource allocation strategy. Extensive numerical simulation and comparison studies are conducted to validate the proposed method.

Zain ul Abdeen,Padmaksha Roy,Ahmad Al-Tawaha,Rouxi Jia,Laura Freeman,Peter Beling,Chen-Ching Liu,Alberto Sangiovanni-Vincentelli,Ming Jin

2024-05-06

Abstract:There is an upward trend of deploying distributed energy resource management systems (DERMS) to control modern power grids. However, DERMS controller communication lines are vulnerable to cyberattacks that could potentially impact operational reliability. While a data-driven intrusion detection system (IDS) can potentially thwart attacks during deployment, also known as the evasion attack, the training of the detection algorithm may be corrupted by adversarial data injected into the database, also known as the poisoning attack. In this paper, we propose the first framework of IDS that is robust against joint poisoning and evasion attacks. We formulate the defense mechanism as a bilevel optimization, where the inner and outer levels deal with attacks that occur during training time and testing time, respectively. We verify the robustness of our method on the IEEE-13 bus feeder model against a diverse set of poisoning and evasion attack scenarios. The results indicate that our proposed method outperforms the baseline technique in terms of accuracy, precision, and recall for intrusion detection.

Cryptography and Security,Systems and Control

Kecheng Li,Genyuan Yang,Shanling Dong,Meiqin Liu

DOI: https://doi.org/10.23919/ccc63176.2024.10661728

2024-01-01

Abstract:The increasing integration of smart grid technologies in multiregional power systems improves efficiency but also exposes them to cyber security threats, especially false data injection attacks. In this paper, we address this challenge by proposing a distributed detection framework tailored for multi-regional power systems. Traditional centralized approaches are insufficient to cope with the dynamic and decentralized nature of these systems. The framework aims to simultaneously monitor and analyze multiple regions in real-time, enhancing the system’s ability to withstand false data injection attacks. This study outlines the proposed framework and provides simulation results for validation, emphasizing the need for proactive defense mechanisms in safeguarding the data integrity of power systems.

Yichi Zhang,Lingfeng Wang,Weiqing Sun,Robert C. Green,Mansoor Alam

DOI: https://doi.org/10.1109/tsg.2011.2159818

IF: 10.275

2011-01-01

IEEE Transactions on Smart Grid

Abstract:The advent of the smart grid promises to usher in an era that will bring intelligence, efficiency, and optimality to the power grid. Most of these changes will occur as an Internet-like communications network is superimposed on top of the current power grid using wireless mesh network technologies with the 802.15.4, 802.11, and WiMAX standards. Each of these will expose the power grid to cybersecurity threats. In order to address this issue, this work proposes a distributed intrusion detection system for smart grids (SGDIDS) by developing and deploying an intelligent module, the analyzing module (AM), in multiple layers of the smart grid. Multiple AMs will be embedded at each level of the smart grid-the home area networks (HANs), neighborhood area networks (NANs), and wide area networks (WANs)-where they will use the support vector machine (SVM) and artificial immune system (AIS) to detect and classify malicious data and possible cyberattacks. AMs at each level are trained using data that is relevant to their level and will also be able to communicate in order to improve detection. Simulation results demonstrate that this is a promising methodology for supporting the optimal communication routing and improving system security through the identification of malicious network traffic.

Kang-Di Lu,Zheng-Guang Wu

DOI: https://doi.org/10.1109/tii.2021.3129487

IF: 12.3

2022-01-01

IEEE Transactions on Industrial Informatics

Abstract:As the next-generation power grids, smart grids are integrated with advanced information and communication technology (ICT) to make the grid more efficient and stable than conventional power systems. Given the mounting cyber-attack threats, these critical ICT systems create great security issues for smart grids. Additionally, the clever attackers have the ability to not only access and monitor the smart grid, but also hack it by launching well-established cyber-attacks. Thus, this article is devoted to understanding the potential stealthy cyber-attack and its countermeasure. First, this article proposes a stealthy sparse cyber-attack model in an ac smart grid by considering both the residual test-based detector and the interval-state-estimation-based detector, which is not considered in previous studies. The design model is formulated as a constrained optimization problem by minimizing the number of contaminated meters, where the characteristics of two types of detector are considered simultaneously as the constraints for the first time. A constrained differential evolution (CDE) is proposed as the solver because the optimization problem is NP-hard. Then, a generalized-cumulative-sum-based detector is developed to detect the proposed cyber-attacks, where a fractional-order state transition matrix is originally introduced into the estimator to describe the dynamics of the power system. Numerical studies illustrate the feasibility of CDE-based stealthy sparse cyber-attacks and the effectiveness of the proposed countermeasure.

Xiao Chun Yin,Zeng Guang Liu,Lewis Nkenyereye,Bruce Ndibanje

DOI: https://doi.org/10.3390/s19224952

2019-11-14

Abstract:We present an innovative approach for a Cybersecurity Solution based on the Intrusion Detection System to detect malicious activity targeting the Distributed Network Protocol (DNP3) layers in the Supervisory Control and Data Acquisition (SCADA) systems. As Information and Communication Technology is connected to the grid, it is subjected to both physical and cyber-attacks because of the interaction between industrial control systems and the outside Internet environment using IoT technology. Often, cyber-attacks lead to multiple risks that affect infrastructure and business continuity; furthermore, in some cases, human beings are also affected. Because of the traditional peculiarities of process systems, such as insecure real-time protocols, end-to-end general-purpose ICT security mechanisms are not able to fully secure communication in SCADA systems. In this paper, we present a novel method based on the DNP3 vulnerability assessment and attack model in different layers, with feature selection using Machine Learning from parsed DNP3 protocol with additional data including malware samples. Moreover, we developed a cyber-attack algorithm that included a classification and visualization process. Finally, the results of the experimental implementation show that our proposed Cybersecurity Solution based on IDS was able to detect attacks in real time in an IoT-based Smart Grid communication environment.

Yawen Xue,Jie Pan,Yangyang Geng,Zeyu Yang,Mengxiang Liu,Ruilong Deng

DOI: https://doi.org/10.1109/ticps.2024.3406505

2024-01-01

Abstract:Industrial control systems (ICSs) are becoming increasingly interconnected as the rapid convergence of information technology (IT) and operation technology (OT) networks, and meanwhile massive attack surfaces have been exposed. However, traditional intrusion detection systems (IDSs) are difficult to be directly deployed in ICSs due to the hard real-time requirement and rare patching chance. Besides, the design of effective and practical IDSs is hampered by the lack of benchmarking ICS cybersecurity datasets. To bridge the gaps, this paper makes the first attempt by open-sourcing the developed ICS cybersecurity datasets and proposing a decision fusion based real-time IDS. Firstly, we design a customized cybersecurity dataset in a full-hardware and high-fidelity platform, including 7 types of cyber threats tailored for ICSs. The collected dataset includes network traffic, sensor readings, actuator status, and system parameters, providing the state-of-the-art benchmark dataset for ICSs consisting of cross-layer characteristics. Furthermore, we design an online decision fusion-based IDS by strategically integrating 4 widely-used machine learning models. The proposed IDS is deployed on a real-time running ethanol distillation, surpassing the performance of single detection models in terms of precision and F1-score, which substantially enhances intrusion detection accuracy and cybersecurity of ICS.

Yichi Zhang,Lingfeng Wang,Weiqing Sun,Robert C. Green,Mansoor Alam

DOI: https://doi.org/10.1109/PES.2011.6039697

2011-01-01

Abstract:The advent of the smart grid promises to usher in an era that will bring intelligence, efficiency, and optimality to the power grid. Most of these changes will occur as an Internet-like communications network is superimposed on top of the current power grid using wireless technologies including 802.15.4, 802.11, and the Zigbee protocol. Each of these will expose the power grid to cyber security threats. In order to address this issue, this work proposes a Distributed Intrusion Detection System for Smart Grids (SGDIDS) by developing and deploying an intelligent module, the Analyzing Module (AM) in the multiple layers of smart grids. Multiple AMs will be embedded at each level of the smart grid - the home area network (HAN), neighborhood area network (NAN), and the Wide Area Network (WAN) - where they will use Artificial Immune System (AIS) to detect and classify malicious data and possible cyber attacks. AMs at each level will be trained using data that is relevant to their level and will also be able to communicate in order to improve detection. Simulation results demonstrate that this is a promising methodology for identifying malicious network traffic and improving system security.

Harshavardhan Palahalli,Marziyeh Hemmati,Giambattista Gruosso

DOI: https://doi.org/10.3390/electronics11121861

IF: 2.9

2022-06-13

Electronics

Abstract:This article presents an optimal distributed energy resource management system for a smart grid connected to photovoltaics, battery energy storage, and an electric vehicle aggregator. These management systems are one of the key factors for the optimal control of power converters connected to the grid. The proposed management system includes the communication architecture necessary for realizing the information flow between the individual control of the distributed generators and the master supervisory control algorithm. The work carried out on two levels is first to design a control strategy for energy management and validate it with the grid in real-time hardware-in-the-loop simulation integrating the IEC61850 communication layer and physical intelligent electronic devices. The second is to analyze the vulnerabilities of the designed methodology for cybersecurity threats explicitly with the extension of IEC61850 to electric vehicle aggregators for communication with the master energy management. A man-in-the-middle attack conducted in the supervisory communication layer enabled us to investigate the effects of such an attack on the performance and operation of the smart electric grid.

engineering, electrical & electronic,computer science, information systems,physics, applied

Mohammed Masum Siraj Khan,Jairo A. Giraldo,Masood Parvania

DOI: https://doi.org/10.1109/tsg.2021.3128034

IF: 10.275

2022-03-01

IEEE Transactions on Smart Grid

Abstract:This paper develops a novel intrusion detection system for power distribution systems that utilizes a cyber-physical real-time reference model to accurately replicate the complex behavior of power distribution components for attack detection. The proposed intrusion detection system analyzes the consistency of the physical data from sensor readings and control commands in contrast with their digital counterpart obtained from the real-time reference model. Therefore, a residual-based online attack detection mechanism that utilizes the chi-square test is able to determine the presence of malicious data. The proposed mechanism is implemented on a hardware-in-the-loop simulation testbed on a test power distribution system with distributed energy resources and energy storage systems. The results show that the proposed solution is able to quickly detect multiple types of cyber attacks for different levels of accuracy of the real-time reference model. The simulations illustrate that the proposed approach outperforms conventional attack detection mechanisms such as one-class classifiers and residual-based approaches that utilize Kalman filters or neural networks.

engineering, electrical & electronic

Nakkeeran Murugesan,Anantha Narayanan Velu,Bagavathi Sivakumar Palaniappan,Balamurugan Sukumar,Md. Jahangir Hossain

DOI: https://doi.org/10.3390/en17081965

IF: 3.2

2024-04-21

Energies

Abstract:In the Industry 4.0 era of smart grids, the real-world problem of blackouts and cascading failures due to cyberattacks is a significant concern and highly challenging because the existing Intrusion Detection System (IDS) falls behind in handling missing rates, response times, and detection accuracy. Addressing this problem with an early attack detection mechanism with a reduced missing rate and decreased response time is critical. The development of an Intelligent IDS is vital to the mission-critical infrastructure of a smart grid to prevent physical sabotage and processing downtime. This paper aims to develop a robust Anomaly-based IDS using a statistical approach with a machine learning classifier to discriminate cyberattacks from natural faults and man-made events to avoid blackouts and cascading failures. The novel mechanism of a statistical approach with a machine learning (SAML) classifier based on Neighborhood Component Analysis, ExtraTrees, and AdaBoost for feature extraction, bagging, and boosting, respectively, is proposed with optimal hyperparameter tuning for the early discrimination of cyberattacks from natural faults and man-made events. The proposed model is tested using the publicly available Industrial Control Systems Cyber Attack Power System (Triple Class) dataset with a three-bus/two-line transmission system from Mississippi State University and Oak Ridge National Laboratory. Furthermore, the proposed model is evaluated for scalability and generalization using the publicly accessible IEEE 14-bus and 57-bus system datasets of False Data Injection (FDI) attacks. The test results achieved higher detection accuracy, lower missing rates, decreased false alarm rates, and reduced response time compared to the existing approaches.

energy & fuels

Mansi Girdhar,Junho Hong,Wencong Su,Akila Herath,Chen-Ching Liu

2024-03-08

Abstract:In recent years, critical infrastructure and power grids have experienced a series of cyber-attacks, leading to temporary, widespread blackouts of considerable magnitude. Since most substations are unmanned and have limited physical security protection, cyber breaches into power grid substations present a risk. Nowadays, software-defined network (SDN), a popular virtual network technology based on the OpenFlow protocol is being widely used in the substation automation system. However, the susceptibility of SDN architecture to cyber-attacks has exhibited a notable increase in recent years, as indicated by research findings. This suggests a growing concern regarding the potential for cybersecurity breaches within the SDN framework. In this paper, we propose a hybrid intrusion detection system (IDS)-integrated SDN architecture for detecting and preventing the injection of malicious IEC 61850-based generic object-oriented substation event (GOOSE) messages in a digital substation. Additionally, this program locates the fault's location and, as a form of mitigation, disables a certain port. Furthermore, implementation examples are demonstrated and verified using a hardware-in-the-loop (HIL) testbed that mimics the functioning of a digital substation.

Cryptography and Security,Computers and Society

Chongxing Ji,Yi Niu

DOI: https://doi.org/10.1016/j.seta.2024.103650

IF: 7.632

2024-02-21

Sustainable Energy Technologies and Assessments

Abstract:The amalgamation of Internet of Things (IoT) and communication systems within Smart Grid Control Systems (SGCS) has amplified their susceptibility to cyber-attacks, posing a significant threat. Traditional intrusion detection systems (IDSs), originally designed for securing IT systems, exhibit limitations in SGCS due to reliance on predefined structures and training on specific cyber-attack patterns. This study addresses the challenge by proposing a deep learning (DL) framework to establish balanced representations for the inherently asymmetric SGCS datasets. These representations are seamlessly integrated into a dedicated DL-based model for attack detection within the SGCS environment. Utilizing Support Vector Machines (SVM) and K-Nearest Neighbors (K-NN), the model identifies novel cyber-attack representations. Performance evaluation through 10-fold cross-validation on two real SGCS datasets reveals the proposed approach's superiority over traditional methods like Random Forest (RF) and Deep Neural Networks (DNN). Additionally, the generalized method can be effortlessly implemented in existing SGCS infrastructures with minimal complexity. This study introduces a novel cybersecurity enhancement method for Smart Grid Control Systems by integrating a Cyber-Physical Digital Twin with a deep learning-based IDS. This approach intricately models both physical and cyber components, facilitating real-time training and fine-tuning of the intrusion detection model using synthetic cyber threats. The digital twin undergoes rigorous testing to assess the model's effectiveness, employing scenario analyses to identify vulnerabilities and formulate response strategies. The adaptive digital twin fosters a proactive cybersecurity stance by implementing security measures such as access controls and cyber range simulation. Real-time monitoring, analytics, and stakeholder collaboration enhance incident response readiness. The lifecycle simulation, spanning from model development to deployment, ensures alignment with regulations. This integrated approach not only detects but proactively responds to cyber threats, fortifying Smart Grid Control Systems against evolving risks.

energy & fuels,green & sustainable science & technology

Sathya Narayana Mohan,Gelli Ravikumar,Manimaran Govindarasu

DOI: https://doi.org/10.1109/TD39804.2020.9299960

2024-12-11

Abstract:Cyber-physical system (CPS) security for the smart grid enables secure communication for the SCADA and wide-area measurement system data. Power utilities world-wide use various SCADA protocols, namely DNP3, Modbus, and IEC 61850, for the data exchanges across substation field devices, remote terminal units (RTUs), and control center applications. Adversaries may exploit compromised SCADA protocols for the reconnaissance, data exfiltration, vulnerability assessment, and injection of stealthy cyberattacks to affect power system operation. In this paper, we propose an efficient algorithm to generate robust rule sets. We integrate the rule sets into an intrusion detection system (IDS), which continuously monitors the DNP3 data traffic at a substation network and detects intrusions and anomalies in real-time. To enable CPS-aware wide-area situational awareness, we integrated the methodology into an open-source distributed-IDS (D-IDS) framework. The D-IDS facilitates central monitoring of the detected anomalies from the geographically distributed substations and to the control center. The proposed algorithm provides an optimal solution to detect network intrusions and abnormal behavior. Different types of IDS rules based on packet payload, packet flow, and time threshold are generated. Further, IDS testing and evaluation is performed with a set of rules in different sequences. The detection time is measured for different IDS rules, and the results are plotted. All the experiments are conducted at Power Cyber Lab, Iowa State University, for multiple power grid models. After successful testing and evaluation, knowledge and implementation are transferred to field deployment.

Systems and Control,Cryptography and Security

Xue Gao,Mazhar Ali,Wei Sun

DOI: https://doi.org/10.3390/en17071587

IF: 3.2

2024-03-27

Energies

Abstract:Integration of inverter-based distributed energy resources (DERs) is reshaping the landscape of distribution grids to fulfill the socioeconomic, environmental, and sustainability goals. Addressing the technological challenges of DER grid integration requires an adaptive communication layer for efficient DER management and control. This transition has given rise to a cyberphysical system (CPS) architecture within the distribution system, causing new vulnerabilities for cyberphysical attacks. To better address potential threats, this paper presents a comprehensive risk assessment framework for cyberphysical security in distribution grids with grid-edge DERs. The framework incorporates a detailed CPS model accounting for dynamic DER characteristics within the distribution grid. It identifies vulnerabilities in DER communication systems, models attack scenarios, and addresses communication latency crucial for inverter control timescales. Subsequently, the quantification of attack impacts employs an attack probability model including both the vulnerability and criticality of cyber components. The proposed risk assessment framework was validated through testing on the modified IEEE 13-node and 123-node test feeders.

energy & fuels

Jinping Liu,Wuxia Zhang,Tianyu Ma,Zhaohui Tang,Yongfang Xie,Weihua Gui,Jean Paul Niyoyita

DOI: https://doi.org/10.1016/j.eswa.2020.113578

IF: 8.5

2020-11-01

Expert Systems with Applications

Abstract:<p>Industrial Cyber-physical systems (ICPSs), integrating communication, computation and control of industrial processes are referred to as a core technology to approach the <em>Industry 4.0</em>. Ensuring the ICPS security is of paramount importance in smart manufacturing. Considering the characteristics of large-scale, geographically-dispersed and multi-dimensional heterogeneous, federated and life-critical natures of ICPSs, this paper investigates a hierarchically distributed intrusion detection scheme that seeks to achieve the all-round safety protection of ICPSs according to the system structure and attacking types of each ICPS layer. For physical system-relevant perceptual executive layer, potential and covert attacks are detected by the clustered sensory system state residual anomaly monitoring based on a process noise and measurement noise-adaptive Kalman filter (PNMN-AKF). PNMN-AKF can perform a joint recursive estimation of dynamic system states, time-varying process and measurement noise covariance matrices by the variational Bayes approximation framework. In cyberspace, potential cyber-attacks are detected by the anomaly monitoring of the statistical distribution of the network transmission characteristics of data transmission layer by introducing a forgetting factor-induced recursive Gaussian mixture model (FF-RGMM). In the application control layer, a regularized sparse deep belief network model is introduced to characterize the misuse behavior for detecting potential attacks. Extensive validation and comparative experiments have been conducted on a numerical simulation system and a comprehensive ICPS simulation platform by using OPNET and a commonly-used benchmark simplified Tennessee Eastman process (STEP) based on Matlab/Simulink. Experimental results demonstrate that the proposed hierarchically distributed intrusion detection method can efficiently recognize potential and covert cyber-attacks in each ICPSs link with low false alarm rate and missing detection rate, which lays a foundation for the overall security monitoring of ICPSs.</p>

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science

P. Chinnasamy,Rafath Samrin,B. Ben Sujitha,R. Augasthega,Manikandan Rajagopal,A. Nageswaran

DOI: https://doi.org/10.1007/s11277-024-11192-2

IF: 2.017

2024-06-01

Wireless Personal Communications

Abstract:This abstract explores the importance of 6G-enabled Smart Grid-based Cyber-Physical Systems (SGCPS) and how they must incorporate intelligent breach detection systems (IBDS) to keep critical infrastructure safe and efficient in the face of rapid technological change. It explores the transformative potential stemming from the convergence of 6G technology and SGCPS, offering enhanced communication capabilities and massive device connectivity while also highlighting the increased vulnerability to cyber threats. The integration of intelligent breach detection systems is proposed as a preemptive measure to identify and mitigate security breaches, fortifying critical infrastructure against emerging cyber threats. The paper provides key concepts, challenges, opportunities, and implications associated with this integration, followed by a literature review of methodologies proposed for intrusion detection and cybersecurity enhancement within SGCPS. The review discusses AI-enabled intrusion detection systems, False Data Injection (FDI) attack detection methods, anomaly-based intrusion detection systems, and adaptive robust state estimators, culminating in the introduction of a novel intrusion detection model, the AI-IBDS, leveraging the Grey Wolf Algorithm and Artificial Neural Networks (GWA ANN ) for optimized detection of network intrusions in energy systems. Through comprehensive analysis and comparison of performance metrics, the proposed GWA ANN method demonstrates superior efficacy in detecting critical events and enhancing cybersecurity measures compared to traditional classification methods such as SVM and KNN, underscoring the potential of AI-driven intrusion detection technologies to improve network security and resilience in SGCPS environments, ultimately paving the way for safer and more efficient energy distribution networks in the digital age.

telecommunications

Cody Ruben,Surya Dhulipala,Keerthiraj Nagaraj,Sheng Zou,Allen Starke,Arturo Bretas,Alina Zare,Janise McNair

DOI: https://doi.org/10.1049/iet-stg.2019.0272

2019-11-15

Abstract:This paper presents a hybrid data-driven physics model-based framework for real time monitoring in smart grids. As the power grid transitions to the use of smart grid technology, it's real time monitoring becomes more vulnerable to cyber attacks like false data injections (FDI). Although smart grids cyber-physical security has an extensive scope, this paper focuses on FDI attacks, which are modeled as bad data. State of the art strategies for FDI detection in real time monitoring rely on physics model-based weighted least squares state estimation solution and statistical tests. This strategy is inherently vulnerable by the linear approximation and the companion statistical modeling error, which means it can be exploited by a coordinated FDI attack. In order to enhance the robustness of FDI detection, this paper presents a framework which explores the use of data-driven anomaly detection methods in conjunction with physics model-based bad data detection via data fusion. Multiple anomaly detection methods working at both the system level and distributed local detection level are fused. The fusion takes into consideration the confidence of the various anomaly detection methods to provide the best overall detection results. Validation considers tests on the IEEE 118 bus system.

Systems and Control