출력제어 최소화를 위한 가상 발전소 사업자의 허위정보주입공격

학위논문(석사) -- 서울대학교대학원 : 공과대학 전기·정보공학부, 2023. 2. 윤용태.Studies on false data injection attacks (FDIA) against state estimation were mainly conducted on the transmission system. However, recently, as entities such as distributed energy resources (DERs), virtual power plants (VPPs), energy storage systems (ESSs), and EV charging stations, that are vulnerable to cyber-attacks, began to appear in the distribution system, research on FDIA in the distribution system is being actively conducted. Among them, this paper deals with the FDIA that VPPs attempt in the distribution system. As the number of DERs in the distribution system increases, the curtailment for DERs owned by VPP increases. This paper proposes FDIA model by VPPs to avoid curtailment under the realistic conditions. In the model, VPPs can implement an FDIA that deceives the distribution system operator (DSO)s state estimation with only information obtained from the DERs they own. To verify this, IEEE 33 test feeder was used and the result shows that the attack was successful without being caught in the DSO's bad data detection (BDD). This paper provides the basic concept of VPPs FDIA and shows that future DSOs need algorithms to defend against VPPs FDIA.상태추정에 대한 허위정보주입공격 연구는 주로 송전계통을 대상으로 연구되어 왔다. 하지만 소규모 분산 자원, 가상 발전소, 에너지 저장장치, 전기차 충전소 등 가상공격에 취약한 자원들이 배전계통에 등장하면서 배전계통에 대한 허위정보주입공격 관련 연구가 최근 활발히 연구되고 있다. 그 중, 이 연구는 가상 발전소 사업자가 배전계통 내에서 시도할 수 있는 허위정보주입공격을 다룬다. 배전계통 내 태양광 발전소와 같은 소규모 분산자원들이 증가하면서 가상 발전소 사업자가 소유한 태양광 발전소에 내려지는 출력제어 조치가 함께 증가하고 있다. 이 연구는 현실적인 조건하에 가상 발전소 사업자가 출력제어 조치를 피하기 위해 시도할 수 있는 허위정보주입공격 모델을 제시한다. 이 공격모델은 가상 발전소 사업자가 자신들이 소유한 태양광 발전소에서 얻는 정보만으로 배전계통 운영자의 상태추정을 속이는 공격이 가능함을 보인다. 이를 증명하기 위해, IEEE 33 테스트 계통을 사용해 본 모델이 배전계통 운영자의 거짓정보감지를 우회할 수 있음을 보였다. 본 연구는 미래에 발생할 수 있는 가상 발전소 사업자의 허위정보주입공격에 대한 기본 개념을 제시하고 미래 배전계통 운영자가 본 연구에 제시한 허위정보주입공격을 방어할 수 있는 알고리즘이 필요함을 보인다.1 Introduction 1 1.1 Research background and motivation 1 1.2 Research objective and contents 4 1.3 Research procedure 5 2 Literature review and contribution 6 2.1 Attempting false data injection attack in various condition 6 2.2 Impact of false data injection attack 7 2.3 Cyber-attack related to distributed energy resources 8 2.4 Contribution of this study 9 3 Theoretical background 10 3.1 State estimation 10 3.2 Distribution System State Estimation (DSSE) 12 3.3 Bad data detection (BDD) 15 3.4 False data injection attack (FDIA) 16 4 VPP's local false data injection attack 18 4.1 DSO assumptions 18 4.2 VPP assumptions 20 5 Simulation Setting and Results 24 5.1 Simulation Environment 24 5.2 Non-intelligent attack 28 5.3 Intelligent attack 30 6 Conclusion 33 Bibliography 35 초록 38석

Modeling and performance evaluation of stealthy false data injection attacks on smart grid in the presence of corrupted measurements

The false data injection (FDI) attack cannot be detected by the traditional anomaly detection techniques used in the energy system state estimators. In this paper, we demonstrate how FDI attacks can be constructed blindly, i.e., without system knowledge, including topological connectivity and line reactance information. Our analysis reveals that existing FDI attacks become detectable (consequently unsuccessful) by the state estimator if the data contains grossly corrupted measurements such as device malfunction and communication errors. The proposed sparse optimization based stealthy attacks construction strategy overcomes this limitation by separating the gross errors from the measurement matrix. Extensive theoretical modeling and experimental evaluation show that the proposed technique performs more stealthily (has less relative error) and efficiently (fast enough to maintain time requirement) compared to other methods on IEEE benchmark test systems.Comment: Keywords: Smart grid, False data injection, Blind attack, Principal component analysis (PCA), Journal of Computer and System Sciences, Elsevier, 201

Identification of vulnerable node clusters against false data injection attack in an AMI based Smart Grid

In today's Smart Grid, the power Distribution System Operator (DSO) uses real-time measurement data from the Advanced Metering Infrastructure (AMI) for efficient, accurate and advanced monitoring and control. Smart Grids are vulnerable to sophisticated data integrity attacks like the False Data Injection (FDI) attack on the AMI sensors that produce misleading operational decision of the power system (Liu et al., 2011 [1]). Presently, there is a lack of research in the area of power system analysis that relates the FDI attacks with system stability that is important for both analysis of the effect of cyber-attack and for taking preventive measures of protection. In this paper, we study the physical characteristics of the power system, and draw a relationship between the system stability indices and the FDI attacks. We identify the level of vulnerabilities of each AMI node in terms of different degrees of FDI attacks. In order to obtain the interdependent relationship of different nodes, we implement an improved Constriction Factor Particle Swarm Optimization (CF-PSO) based hybrid clustering technique to group the nodes into the most, the moderate and the least vulnerable clusters. With extensive experiments and analysis using two benchmark test systems, we show that the nodes in the most vulnerable cluster exhibit higher likelihood of de-stabilizing system operation compared to other nodes. Complementing research is the construction of FDI attacks and their countermeasures, this paper focuses on the understanding of characteristics and practical effect of FDI attacks on the operation of the Smart Grid by analysing the interdependent nature of its physical properties

Efficient state estimation via inference on a probabilistic graphical model

This thesis presents a unique and efficient solver to the state estimation (SE) problem for the power grid, based on probabilistic graphical models (PGMs). SE is a method of estimating the varying state values of voltage magnitude and phase at every bus within a power grid based on meter measurements. However, existing SE solvers are notorious for their computational inefficiency to calculate the matrix inverse, and hence slow convergence to produce the final state estimates. The proposed PGM-based solver estimates the state values from a different perspective. Instead of calculating the matrix inverse directly, it models the power grid as a PGM, and then assigns potentials to nodes and edges of the PGM, based on the physical constraints of the power grid. This way, the original SE problem is transformed into an equivalent probabilistic inference problem on the PGM, for which two efficient algorithms are proposed based on Gaussian belief propagation (GBP). The equivalence between the proposed PGM-based solver and existing SE solvers is shown in terms of state estimates, and it is experimentally demonstrated that this new method converges much faster than existing solvers

Bibliographical review on cyber attacks from a control oriented perspective

This paper presents a bibliographical review of definitions, classifications and applications concerning cyber attacks in networked control systems (NCSs) and cyber-physical systems (CPSs). This review tackles the topic from a control-oriented perspective, which is complementary to information or communication ones. After motivating the importance of developing new methods for attack detection and secure control, this review presents security objectives, attack modeling, and a characterization of considered attacks and threats presenting the detection mechanisms and remedial actions. In order to show the properties of each attack, as well as to provide some deeper insight into possible defense mechanisms, examples available in the literature are discussed. Finally, open research issues and paths are presented.Peer ReviewedPostprint (author's final draft

Real-Time Machine Learning Models To Detect Cyber And Physical Anomalies In Power Systems

A Smart Grid is a cyber-physical system (CPS) that tightly integrates computation and networking with physical processes to provide reliable two-way communication between electricity companies and customers. However, the grid availability and integrity are constantly threatened by both physical faults and cyber-attacks which may have a detrimental socio-economic impact. The frequency of the faults and attacks is increasing every year due to the extreme weather events and strong reliance on the open internet architecture that is vulnerable to cyber-attacks. In May 2021, for instance, Colonial Pipeline, one of the largest pipeline operators in the U.S., transports refined gasoline and jet fuel from Texas up the East Coast to New York was forced to shut down after being attacked by ransomware, causing prices to rise at gasoline pumps across the country. Enhancing situational awareness within the grid can alleviate these risks and avoid their adverse consequences. As part of this process, the phasor measurement units (PMU) are among the suitable assets since they collect time-synchronized measurements of grid status (30-120 samples/s), enabling the operators to react rapidly to potential anomalies. However, it is still challenging to process and analyze the open-ended source of PMU data as there are more than 2500 PMU distributed across the U.S. and Canada, where each of which generates more than 1.5 TB/month of streamed data. Further, the offline machine learning algorithms cannot be used in this scenario, as they require loading and scanning the entire dataset before processing. The ultimate objective of this dissertation is to develop early detection of cyber and physical anomalies in a real-time streaming environment setting by mining multi-variate large-scale synchrophasor data. To accomplish this objective, we start by investigating the cyber and physical anomalies, analyzing their impact, and critically reviewing the current detection approaches. Then, multiple machine learning models were designed to identify physical and cyber anomalies; the first one is an artificial neural network-based approach for detecting the False Data Injection (FDI) attack. This attack was specifically selected as it poses a serious risk to the integrity and availability of the grid; Secondly, we extend this approach by developing a Random Forest Regressor-based model which not only detects anomalies, but also identifies their location and duration; Lastly, we develop a real-time hoeffding tree-based model for detecting anomalies in steaming networks, and explicitly handling concept drifts. These models have been tested and the experimental results confirmed their superiority over the state-of-the-art models in terms of detection accuracy, false-positive rate, and processing time, making them potential candidates for strengthening the grid\u27s security

Vulnerability Assessment and Privacy-preserving Computations in Smart Grid

Modern advances in sensor, computing, and communication technologies enable various smart grid applications which highlight the vulnerability that requires novel approaches to the field of cybersecurity. While substantial numbers of technologies have been adopted to protect cyber attacks in smart grid, there lacks a comprehensive review of the implementations, impacts, and solutions of cyber attacks specific to the smart grid.In this dissertation, we are motivated to evaluate the security requirements for the smart grid which include three main properties: confidentiality, integrity, and availability. First, we review the cyber-physical security of the synchrophasor network, which highlights all three aspects of security issues. Taking the synchrophasor network as an example, we give an overview of how to attack a smart grid network. We test three types of attacks and show the impact of each attack consisting of denial-of-service attack, sniffing attack, and false data injection attack.Next, we discuss how to protect against each attack. For protecting availability, we examine possible defense strategies for the associated vulnerabilities.For protecting data integrity, a small-scale prototype of secure synchrophasor network is presented with different cryptosystems. Besides, a deep learning based time-series anomaly detector is proposed to detect injected measurement. Our approach observes both data measurements and network traffic features to jointly learn system states and can detect attacks when state vector estimator fails.For protecting data confidentiality, we propose privacy-preserving algorithms for two important smart grid applications. 1) A distributed privacy-preserving quadratic optimization algorithm to solve Security Constrained Optimal Power Flow (SCOPF) problem. The SCOPF problem is decomposed into small subproblems using the Alternating Direction Method of Multipliers (ADMM) and gradient projection algorithms. 2) We use Paillier cryptosystem to secure the computation of the power system dynamic simulation. The IEEE 3-Machine 9-Bus System is used to implement and demonstrate the proposed scheme. The security and performance analysis of our implementations demonstrate that our algorithms can prevent chosen-ciphertext attacks at a reasonable cost