Low Latency Intrusion Detection in Smart Grids

The transformation of traditional power grids into smart grids has seen more new technologies such as communication networks and smart meters (sensors) being integrated into the physical infrastructure of the power grids. However, these technologies pose new vulnerabilities to the cybersecurity of power grids as malicious attacks can be launched by adversaries to attack the smart meters and modify the measurement data collected by these meters. If not timely detected and removed, these attacks may lead to inaccurate system state estimation, which is critical to the system operators for control decisions such as economic dispatch and other related functions. This dissertation studies the challenges associated with cyberattacks in power grids and develops solutions to effectively and timely detect these attacks to ensure an accurate state estimation. One of the common approaches to improving the state estimation accuracy is to incorporate phasor measurement unit (PMU) devices into the system to provide extra and more secure measurements. In this research, we design algorithms that place PMUs at strategic locations to enhance the system\u27s state estimation accuracy and its capability to detect cyberattacks. This approach of installing PMU devices in power grids, nonetheless, does not guarantee a timely attack detection that is critical for a timely deployment of countermeasures to prevent catastrophic impacts from the attacks. Thus, the low latency intrusion detection problem is studied to reduce attack detection delays. The state estimation and intrusion detection problem is further extended to a dynamic power system, where there are sudden changes in system loads

Low Latency Anomaly Detection with Imperfect Models

The problem of anomaly detection deals with detecting abrupt changes/anomalies in the distribution of sequentially observed data in a stochastic system. This problem applies to many applications, such as signal processing, intrusion detection, quality control, medical diagnosis, etc. A low latency anomaly detection algorithm, which is based on the framework of quickest change detection (QCD), aims at minimizing the detection delay of anomalies in the sequentially observed data while ensuring satisfactory detection accuracy. Moreover, in many practical applications, complete knowledge of the post-change distribution model might not be available due to the unexpected nature of the change. Hence, the objective of this dissertation is to study low latency anomaly detection or QCD algorithms for systems with imperfect models such that any type of abnormality in the system can be detected as quickly as possible for reliable and secured system operations. This dissertation includes the theoretical foundations behind these low latency anomaly detection algorithms along with real-world applications. First, QCD algorithms are designed for detecting changes in systems with multiple post-change models under both Bayesian and non-Bayesian settings. Next, a QCD algorithm is studied for real-time detection of false data injection attacks in smart grids with dynamic models. Finally, a QCD algorithm for detecting wind turbine bearing faults is developed by analyzing the statistical behaviors of stator currents generated by the turbines. For all the proposed algorithms, analytical bounds of the system performance metrics are derived using asymptotic analysis and the simulation results show that the proposed algorithms outperform existing algorithms

A fast state-estimation-based data integrity threat detection approach for combined AC-DC bulk power systems

The challenges encountered in modern power system operations have increased as electricity grids have become more geographically widespread and complex. Some modern bulk grids now combine AC and DC subsystems to effectively serve their loads. Communications and controls for such combined grids, in particular, have increasingly become more challenging. System disturbances in such combined grids have the potential to cascade and affect much larger portions of the grid. These challenges have only been exacerbated by the deepening penetrations of renewable energy resources, such as wind and solar. A key operational concern of such combined grids is the ability of the system operators to continually maintain situational awareness in their operations. The response times within which corrective control actions must be dispatched under contingencies have shortened considerably. In an attempt to ensure the intact transmission of an ever larger amount of information for combined AC-DC grids so as to maintain situational awareness and promptly dispatch control actions, the electric power industry has increased the deployment of cyberphysical, microprocessor-based devices in system monitoring and control. These devices provide system operational information to the system operator over digital channels with latencies much lower than those using conventional copper wire analog signals. But, with this more intense reliance in power system monitoring and control on communication channels, cybersecurity has become an additional concern. The possibility that entities/individuals with malicious intent can gain access to these communication channels and are able to alter operational commands is a fact of life. The types of cyber attacks that threat agents can perform are varied and include false data injection and data integrity attacks, spoofing and denial of service. While it is advisable to include information technology-based intrusion detection/prevention techniques to parse and verify the syntax of protocol messages, effective use of the physical characteristics of the power grid provides alternative, physics-based detection methods. So far, physics-based detection methods have mostly focused on AC system applications. Some investigations have been conducted on combined AC-DC systems, which have focused primarily on microgrids so as to restrict the applications to low- and medium-voltage systems. In this report, we propose and investigate a physics-based approach to threat detection in bulk combined AC-DC grids via the use of a rapid, approximate state estimation scheme. We specifically investigate data integrity attacks, which aim to corrupt the active power dispatch commands on the HVDC lines in these combined bulk AC-DC grids. The state-estimation based scheme we propose requires the determination of the system state estimates at sufficiently frequent time intervals to allow the performance of consistency checks between the approximate injections computed from the estimate of the state with respect to that of the power flow that corresponds to the true power order transmitted for implementation. We obtain gains in computational speed in the proposed approximate state-estimation-based approach to make it capable to track the changes in state with adequate accuracy for detection purposes. For this purpose, we use the power transfer distribution factors (PTDFs) as the criterion for measurement prioritization to produce a reduced subset of prioritized measurement. In addition, we impose a judiciously specified limit on the number of iterations in the state estimation to meet the time response requirements. These two modifications, combined with effectively implemented sparsity-techniques, result in a robust approach for the detection of the class of cyber threats considered in this report. The contribution of this report lies in the use of the widely used power system state estimation tool to develop a simple, practical physics-based approach to data integrity attack detection specifically for use in combined bulk AC-DC grids. We advantageously use the incorporation of this PTDF-based measurement prioritization feature into the conventional AC state estimation extensively deployed in modern EMSs to create a detection scheme for the cyber threats considered in this report. We demonstrate the effective deployment of this state-estimation-based approach with results from case studies on a representative 2470-bus synthetic combined AC-DC test system that is based on the U.S. part of the WECC interconnection with the California-Oregon Pacific DC intertie. In our simulation studies, we are able to detect the corruption of a 920 MW power order command to within 5 % of its true value. The implementation of this corrupted power order is detected within a 30-second time period with the prioritized measurement subset to contain the measurements associated with less than 2 % of the total number of lines in the system. The results discussed have provided insights into the performance of the heuristic procedures and a basis for the appropriate choices of the tunable parameters of the state estimation scheme. We discuss the computational and accuracy aspects and provide bounds on the extent to which an attacker can corrupt power orders that the scheme successfully detects. We observe, for instance, that the accuracy of the approach is more sensitive to our choice of the prioritized measurements than the limit on the number of iterations. We also share our insights on the deployment aspects of this approach by a system operator of a physical combined AC-DC bulk power grid

Online Detection of False Data Injection Attacks to Synchrophasor Measurements: A Data-Driven Approach

This paper presents an online data-driven algorithm to detect false data injection attacks towards synchronphasor measurements. The proposed algorithm applies density-based local outlier factor (LOF) analysis to detect the anomalies among the data, which can be described as spatio-temporal outliers among all the synchrophasor measurements from the grid. By leveraging the spatio-temporal correlations among multiple time instants of synchrophasor measurements, this approach could detect false data injection attacks which are otherwise not detectable using measurements obtained from single snapshot. This algorithm requires no prior knowledge on system parameters or topology. The computational speed shows satisfactory potential for online monitoring applications. Case studies on both synthetic and real-world synchrophasor data verify the effectiveness of the proposed algorithm

False data injection attack detection in smart grid

Smart grid is a distributed and autonomous energy delivery infrastructure that constantly monitors the operational state of its overall network using smart techniques and state estimation. State estimation is a powerful technique that is used to determine the overall operational state of the system based on a limited set of measurements collected through metering systems. Cyber-attacks pose serious risks to a smart grid state estimation that can cause disruptions and power outages resulting in huge economical losses and are therefore a big concern to a reliable national grid operation. False data injection attacks (FDIAs), engineered on the basis of the knowledge of the network configuration, are difficult to detect using the traditional data detection mechanisms. These detection schemes have been found vulnerable and failed to detect these FDIAs. FDIAs specifically target the state data and can manipulate the state measurements in such a way that these false measurements appear real to the main control systems. This research work explores the possibility of FDIA detection using state estimation in a distributed and partitioned smart grid. In order to detect FDIAs we use measurements for residual-based testing which creates an objective function; and the probability of erroneous data is determined from this residual test. In this test, a preset threshold is determined based on the prior history of the state data. FDIA cases are simulated within a smart grid considering that the Chi-square detection state estimator fails in identifying such attacks. We compute the objective function using the standard weighted least problem and then test the objective function against the value in the Chi-square table. The gain matrix and the Jacobian matrix are computed. The state variables are computed in the form of a voltage magnitude. The state variables are computed after the inception of an attack to assess these state magnitude results. Different sizes of partitioning are used to improve the overall sensitivity of the Chi-square results. Our additional estimator is based on a Kalman estimation that consists of the state prediction and state correction steps. In the first step, it obtains the state and matrix covariance prediction, and in the second step, it calculates the Kalman gain and the state and matrix covariance update steps. The set of points is created for the state vector x at a time instant t. The initial vector and covariance matrix are based on a priori knowledge of the historical estimates. A set of sigma points is estimated by the state update function. Sigma points refer to the minimal set of sampling points that are selected and transformed using nonlinear function, and the new mean and the covariance are formed out of these transformed points. The idea behind this is that it is easier to compute a Gaussian distribution than an arbitrary nonlinear function. The filter gain, the mean and the covariance are used to estimate the next state. Our simulation results show that the combination of Kalman estimation and distributed state estimation improves the overall stability index and vulnerability assessment score of the smart grid. We built a stability index table for a smart grid based on the state estimates value after the inception of an FDIA. The vulnerability assessment score of the smart grid is based on common vulnerability scoring system (CVSS) and state estimates under the influence of an FDIA. The simulations are conducted in the MATPOWER program and different electrical bus systems such as IEEE 14, 30, 39, 118 and 300 are tested. All the contributions have been published in reputable journals and conferences.Doctor of Philosoph

Comprehensive Survey and Taxonomies of False Injection Attacks in Smart Grid: Attack Models, Targets, and Impacts

Smart Grid has rapidly transformed the centrally controlled power system into a massively interconnected cyber-physical system that benefits from the revolutions happening in the communications (e.g. 5G) and the growing proliferation of the Internet of Things devices (such as smart metres and intelligent electronic devices). While the convergence of a significant number of cyber-physical elements has enabled the Smart Grid to be far more efficient and competitive in addressing the growing global energy challenges, it has also introduced a large number of vulnerabilities culminating in violations of data availability, integrity, and confidentiality. Recently, false data injection (FDI) has become one of the most critical cyberattacks, and appears to be a focal point of interest for both research and industry. To this end, this paper presents a comprehensive review in the recent advances of the FDI attacks, with particular emphasis on 1) adversarial models, 2) attack targets, and 3) impacts in the Smart Grid infrastructure. This review paper aims to provide a thorough understanding of the incumbent threats affecting the entire spectrum of the Smart Grid. Related literature are analysed and compared in terms of their theoretical and practical implications to the Smart Grid cybersecurity. In conclusion, a range of technical limitations of existing false data attack research is identified, and a number of future research directions is recommended.Comment: Double-column of 24 pages, prepared based on IEEE Transaction articl

Data Consistency for Data-Driven Smart Energy Assessment

In the smart grid era, the number of data available for different applications has increased considerably. However, data could not perfectly represent the phenomenon or process under analysis, so their usability requires a preliminary validation carried out by experts of the specific domain. The process of data gathering and transmission over the communication channels has to be verified to ensure that data are provided in a useful format, and that no external effect has impacted on the correct data to be received. Consistency of the data coming from different sources (in terms of timings and data resolution) has to be ensured and managed appropriately. Suitable procedures are needed for transforming data into knowledge in an effective way. This contribution addresses the previous aspects by highlighting a number of potential issues and the solutions in place in different power and energy system, including the generation, grid and user sides. Recent references, as well as selected historical references, are listed to support the illustration of the conceptual aspects

Achieving High Renewable Energy Integration in Smart Grids with Machine Learning

The integration of high levels of renewable energy into smart grids is crucial for achieving a sustainable and efficient energy infrastructure. However, this integration presents significant technical and operational challenges due to the intermittent nature and inherent uncertainty of renewable energy sources (RES). Therefore, the energy storage system (ESS) has always been bound to renewable energy, and its charge and discharge control has become an important part of the integration. The addition of RES and ESS comes with their complex control, communication, and monitor capabilities, which also makes the grid more vulnerable to attacks, brings new challenges to the cybersecurity. A large number of works have been devoted to the optimization integration of the RES and ESS system to the traditional grid, along with combining the ESS scheduling control with the traditional Optimal Power Flow (OPF) control. Cybersecurity problem focusing on the RES integrated grid has also gradually aroused researchers’ interest. In recent years, machine learning techniques have emerged in different research field including optimizing renewable energy integration in smart grids. Reinforcement learning (RL), which trains agent to interact with the environment by making sequential decisions to maximize the expected future reward, is used as an optimization tool. This dissertation explores the application of RL algorithms and models to achieve high renewable energy integration in smart grids. The research questions focus on the effectiveness, benefits of renewable energy integration to individual consumers and electricity utilities, applying machine learning techniques in optimizing the behaviors of the ESS and the generators and other components in the grid. The objectives of this research are to investigate the current algorithms of renewable energy integration in smart grids, explore RL algorithms, develop novel RL-based models and algorithms for optimization control and cybersecurity, evaluate their performance through simulations on real-world data set, and provide practical recommendations for implementation. The research approach includes a comprehensive literature review to understand the challenges and opportunities associated with renewable energy integration. Various optimization algorithms, such as linear programming (LP), dynamic programming (DP) and various RL algorithms, such as Deep Q-Learning (DQN) and Deep Deterministic Policy Gradient (DDPG), are applied to solve problems during renewable energy integration in smart grids. Simulation studies on real-world data, including different types of loads, solar and wind energy profiles, are used to evaluate the performance and effectiveness of the proposed machine learning techniques. The results provide insights into the capabilities and limitations of machine learning in solving the optimization problems in the power system. Compared with traditional optimization tools, the RL approach has the advantage of real-time implementation, with the cost being the training time and unguaranteed model performance. Recommendations and guidelines for practical implementation of RL algorithms on power systems are provided in the appendix