Image Embedding of PMU Data for Deep Learning towards Transient Disturbance Classification

This paper presents a study on power grid disturbance classification by Deep Learning (DL). A real synchrophasor set composing of three different types of disturbance events from the Frequency Monitoring Network (FNET) is used. An image embedding technique called Gramian Angular Field is applied to transform each time series of event data to a two-dimensional image for learning. Two main DL algorithms, i.e. CNN (Convolutional Neural Network) and RNN (Recurrent Neural Network) are tested and compared with two widely used data mining tools, the Support Vector Machine and Decision Tree. The test results demonstrate the superiority of the both DL algorithms over other methods in the application of power system transient disturbance classification.Comment: An updated version of this manuscript has been accepted by the 2018 IEEE International Conference on Energy Internet (ICEI), Beijing, Chin

Enhancing Grid Reliability With Phasor Measurement Units

Over the last decades, great efforts and investments have been made to increase the integration level of renewable energy resources in power grids. The New York State has set the goal to achieve 70% renewable generations by 2030, and realize carbon neutrality by 2040 eventually. However, the increased level of uncertainty brought about by renewables makes it more challenging to maintain stable and robust power grid operation. In addition to renewable energy resources, the ever-increasing number of electric vehicles and active loads have further increased the uncertainties in power systems. All these factors challenge the way the power grids are operated, and thus ask for new solutions to maintain stable and reliable grids. To meet the emerging requirements, advanced metering infrastructures are being integrated into power grids that transform traditional grids into \u27\u27 smart grids . One example is the widely deployed phasor measurement units (PMUs), which enable generating time-synchronized measurements with high sampling frequency, and pave a new path to realize real-time monitoring and control in power grids. However,the massive data generated by PMUs raises the questions of how to efficiently utilize the obtained measurements to understand and control the present system. Additionally, to meet the communication requirements between the advanced meters, the connectivity of the cyber layer has become more sophisticated, and thus is exposed to more cyber-attacks than before. Therefore, to enhance the grid reliability with PMUs, robust and efficient grid monitoring and control methods are required. This dissertation focuses on three important aspects of improving grid reliability with PMUs: (1) power system event detection; (2) impact assessment regarding both steady-state and transient stability; and (3) impact mitigation. In this dissertation, a comprehensive introduction of PMUs in the wide-area monitoring system, and comparisons with the existing supervisory control and data acquisition (SCADA) systems are presented first. Next, a data-driven event detection method is developed for efficient event detection with PMU measurements. A text mining approach is utilized to extract event oscillation patterns and determine event types. To ensure the integrity of the received data, the developed detection method is further designed to identify the fake events, and thus is robust against cyber-threat. Once a real event is detected, it is critical to promptly understand the consequences of the event in both steady and dynamic states. Sometimes, a single system event, e.g., a transmission line fault, may cause subsequent failures that lead to a cascading failure in the grid. In the worst case, these failures can result in large-scale blackouts. To assess the risk of an event in steady state, a probabilistic cascading failure model is developed. With the real-time phasor measurements, the failure probability of each system component at a specific operating condition can be predicted. In terms of the dynamic state, a failure of a system component may cause generators to lose synchronism, which will damage the power plant and lead to a blackout. To predict the transient stability after an event, a predictive online transient stability assessment (TSA) tool is developed in this dissertation. With only one sample of the PMU voltage measurements, the status of the transient stability can be predicted within cycles. In addition to the impact detection and assessment, it is also critical to identify proper mitigations to alleviate the failures. In this dissertation, a data-driven model predictive control strategy is developed. As a parameter-based system model is vulnerable to topology errors, a data-driven model is developed to mimic the grid behavior. Rather than utilizing the system parameters to construct the grid model, the data-driven model only leverages the received phasor measurements to determine proper corrective actions. Furthermore, to be robust against cyber-attacks, a check-point protocol, where past stored trustworthy data can be used to amend the attacked data, is utilized. The overall objective of this dissertation is to efficiently utilize advanced PMUs to detect, assess, and mitigate system failure, and help improve grid reliability

Assessing malware detection using hardware performance counters

Despite the use of modern anti-virus (AV) software, malware is a prevailing threat to today's computing systems. AV software cannot cope with the increasing number of evasive malware, calling for more robust malware detection techniques. Out of the many proposed methods for malware detection, researchers have suggested microarchitecture-based mechanisms for detection of malicious software in a system. For example, Intel embeds a shadow stack in their modern architectures that maintains the integrity between function calls and their returns by tracking the function's return address. Any malicious program that exploits an application to overflow the return addresses can be restrained using the shadow stack. Researchers also propose the use of Hardware Performance Counters (HPCs). HPCs are counters embedded in modern computing architectures that count the occurrence of architectural events, such as cache hits, clock cycles, and integer instructions. Malware detectors that leverage HPCs create a profile of an application by reading the counter values periodically. Subsequently, researchers use supervised machine learning-based (ML) classification techniques to differentiate malicious profiles amongst benign ones. It is important to note that HPCs count the occurrence of microarchitectural events during execution of the program. However, whether a program is malicious or benign is the high-level behavior of a program. Since HPCs do not surveil the high-level behavior of an application, we hypothesize that the counters may fail to capture the difference in the behavioral semantics of a malicious and benign software. To investigate whether HPCs capture the behavioral semantics of the program, we recreate the experimental setup from the previously proposed systems. To this end, we leverage HPCs to profile applications such as MS-Office and Chrome as benign applications and known malware binaries as malicious applications. Standard ML classifiers demand a normally distributed dataset, where the variance is independent of the mean of the data points. To transform the profile into more normal-like distribution and to avoid over-fitting the machine learning models, we employ power transform on the profiles of the applications. Moreover, HPCs can monitor a broad range of hardware-based events. We use Principal Component Analysis (PCA) for selecting the top performance events that show maximum variation in the least number of features amongst all the applications profiled. Finally, we train twelve supervised machine learning classifiers such as Support Vector Machine (SVM) and MultiLayer Perceptron (MLPs) on the profiles from the applications. We model each classifier as a binary classifier, where the two classes are 'Benignware' and 'Malware.' Our results show that for the 'Malware' class, the average recall and F2-score across the twelve classifiers is 0.22 and 0.70 respectively. The low recall score shows that the ML classifiers tag malware as benignware. Even though we exercise a statistical approach for selecting our features, the classifiers are not able to distinguish between malware and benignware based on the hardware-based events monitored by the HPCs. The incapability of the profiles from HPCs in capturing the behavioral characteristic of an application force us to question the use of HPCs as malware detectors

Real-Time Machine Learning Models To Detect Cyber And Physical Anomalies In Power Systems

A Smart Grid is a cyber-physical system (CPS) that tightly integrates computation and networking with physical processes to provide reliable two-way communication between electricity companies and customers. However, the grid availability and integrity are constantly threatened by both physical faults and cyber-attacks which may have a detrimental socio-economic impact. The frequency of the faults and attacks is increasing every year due to the extreme weather events and strong reliance on the open internet architecture that is vulnerable to cyber-attacks. In May 2021, for instance, Colonial Pipeline, one of the largest pipeline operators in the U.S., transports refined gasoline and jet fuel from Texas up the East Coast to New York was forced to shut down after being attacked by ransomware, causing prices to rise at gasoline pumps across the country. Enhancing situational awareness within the grid can alleviate these risks and avoid their adverse consequences. As part of this process, the phasor measurement units (PMU) are among the suitable assets since they collect time-synchronized measurements of grid status (30-120 samples/s), enabling the operators to react rapidly to potential anomalies. However, it is still challenging to process and analyze the open-ended source of PMU data as there are more than 2500 PMU distributed across the U.S. and Canada, where each of which generates more than 1.5 TB/month of streamed data. Further, the offline machine learning algorithms cannot be used in this scenario, as they require loading and scanning the entire dataset before processing. The ultimate objective of this dissertation is to develop early detection of cyber and physical anomalies in a real-time streaming environment setting by mining multi-variate large-scale synchrophasor data. To accomplish this objective, we start by investigating the cyber and physical anomalies, analyzing their impact, and critically reviewing the current detection approaches. Then, multiple machine learning models were designed to identify physical and cyber anomalies; the first one is an artificial neural network-based approach for detecting the False Data Injection (FDI) attack. This attack was specifically selected as it poses a serious risk to the integrity and availability of the grid; Secondly, we extend this approach by developing a Random Forest Regressor-based model which not only detects anomalies, but also identifies their location and duration; Lastly, we develop a real-time hoeffding tree-based model for detecting anomalies in steaming networks, and explicitly handling concept drifts. These models have been tested and the experimental results confirmed their superiority over the state-of-the-art models in terms of detection accuracy, false-positive rate, and processing time, making them potential candidates for strengthening the grid\u27s security

Electric Power Grid Resilience to Cyber Adversaries: State of the Art

© 2020 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. The smart electricity grids have been evolving to a more complex cyber-physical ecosystem of infrastructures with integrated communication networks, new carbon-free sources of powergeneratio n, advanced monitoring and control systems, and a myriad of emerging modern physical hardware technologies. With the unprecedented complexity and heterogeneity in dynamic smart grid networks comes additional vulnerability to emerging threats such as cyber attacks. Rapid development and deployment of advanced network monitoring and communication systems on one hand, and the growing interdependence of the electric power grids to a multitude of lifeline critical infrastructures on the other, calls for holistic defense strategies to safeguard the power grids against cyber adversaries. In order to improve the resilience of the power grid against adversarial attacks and cyber intrusions, advancements should be sought on detection techniques, protection plans, and mitigation practices in all electricity generation, transmission, and distribution sectors. This survey discusses such major directions and recent advancements from a lens of different detection techniques, equipment protection plans, and mitigation strategies to enhance the energy delivery infrastructure resilience and operational endurance against cyber attacks. This undertaking is essential since even modest improvements in resilience of the power grid against cyber threats could lead to sizeable monetary savings and an enriched overall social welfare

Evaluation of Wavelet Transform Based Feature Extraction Techniques for Detection and Classification of Faults on Transmission Lines Using WAMS Data

The smart grid is an intelligent power system network that should be reliable and resilient for sustainable operation. Wide-Area Measurement Sys- tems (WAMS) are deployed in the power grid to provide real-time situational awareness to the power grid oper- ators. An excellent strategy for exploiting the WAMS data effectively is to extract relevant insights from the increasing volume of data collected. Feature extrac- tion techniques are pivotal in developing data-driven models for power systems. This paper proposes an ensemble feature extraction method for developing intelligent data-driven models for transmission line fault detection and classification. A comparative ef- ficacy analysis of the proposed ensemble feature extrac- tion method is carried out with state-of-the-art feature extraction methods. The models developed and eval- uated with the feature data derived with the proposed method give an accuracy of 100 % for fault detection and 99.78 % for fault classification. This method also has the advantage of significantly reducing training and testing time. Features are extracted from the WAMS data collected by simulating an IEEE 39 bus test system in the PowerWorld simulator