Detection of False Data Injection Attacks in Smart Grid under Colored Gaussian Noise

In this paper, we consider the problems of state estimation and false data injection detection in smart grid when the measurements are corrupted by colored Gaussian noise. By modeling the noise with the autoregressive process, we estimate the state of the power transmission networks and develop a generalized likelihood ratio test (GLRT) detector for the detection of false data injection attacks. We show that the conventional approach with the assumption of Gaussian noise is a special case of the proposed method, and thus the new approach has more applicability. {The proposed detector is also tested on an independent component analysis (ICA) based unobservable false data attack scheme that utilizes similar assumptions of sample observation.} We evaluate the performance of the proposed state estimator and attack detector on the IEEE 30-bus power system with comparison to conventional Gaussian noise based detector. The superior performance of {both observable and unobservable false data attacks} demonstrates the effectiveness of the proposed approach and indicates a wide application on the power signal processing.Comment: 8 pages, 4 figures in IEEE Conference on Communications and Network Security (CNS) 201

Comparing Kalman Filters and Observers for Power System Dynamic State Estimation with Model Uncertainty and Malicious Cyber Attacks

Kalman filters and observers are two main classes of dynamic state estimation (DSE) routines. Power system DSE has been implemented by various Kalman filters, such as the extended Kalman filter (EKF) and the unscented Kalman filter (UKF). In this paper, we discuss two challenges for an effective power system DSE: (a) model uncertainty and (b) potential cyber attacks. To address this, the cubature Kalman filter (CKF) and a nonlinear observer are introduced and implemented. Various Kalman filters and the observer are then tested on the 16-machine, 68-bus system given realistic scenarios under model uncertainty and different types of cyber attacks against synchrophasor measurements. It is shown that CKF and the observer are more robust to model uncertainty and cyber attacks than their counterparts. Based on the tests, a thorough qualitative comparison is also performed for Kalman filter routines and observers.Comment: arXiv admin note: text overlap with arXiv:1508.0725

Efficient Computations of a Security Index for False Data Attacks in Power Networks

The resilience of Supervisory Control and Data Acquisition (SCADA) systems for electric power networks for certain cyber-attacks is considered. We analyze the vulnerability of the measurement system to false data attack on communicated measurements. The vulnerability analysis problem is shown to be NP-hard, meaning that unless $P = NP$ there is no polynomial time algorithm to analyze the vulnerability of the system. Nevertheless, we identify situations, such as the full measurement case, where it can be solved efficiently. In such cases, we show indeed that the problem can be cast as a generalization of the minimum cut problem involving costly nodes. We further show that it can be reformulated as a standard minimum cut problem (without costly nodes) on a modified graph of proportional size. An important consequence of this result is that our approach provides the first exact efficient algorithm for the vulnerability analysis problem under the full measurement assumption. Furthermore, our approach also provides an efficient heuristic algorithm for the general NP-hard problem. Our results are illustrated by numerical studies on benchmark systems including the IEEE 118-bus system

Undetectable Timing-Attack on Linear State-Estimation by Using Rank-1 Approximation

Smart-grid applications based on synchrophasor measurements have recently been shown to be vulnerable to timing attacks. A fundamental question is whether timing attacks could remain undetected by bad-data detection algorithms used in conjunction with state-of-the-art situational-awareness state estimators. In this paper, we analyze the detectability of timing attacks on linear state-estimation. We show that it is possible to forge delay attacks that are undetectable. We give a closed form for an undetectable attack; it imposes two phase offsets to two or more synchrophasor-based measurement units that can be translated to synchrophasors’ time delays. We also propose different methods for combining two-delays attacks to produce a larger impact. We simulate the attacks on a benchmark power- transmission grid, we show that they are successful and can lead to physical grid damage. To prove undetectability, we use classic bad-data detection techniques such as the largest normalized residual and the χ2-test

Recent Advances on State Estimation for Power Grids with Unconventional Measurements

State estimation problem for power systems has long been a fundamental issue that demands a variety of methodologies depending on the system settings. With the recent introduction of advanced devices of phasor measurement units (PMUs) and dedicated communication networks, the infrastructure of power grids has been greatly improved. Coupled with the infrastructure improvements are three emerging issues for the state estimation problems, namely, the coexistence of both traditional and PMU measurements, the incomplete information resulting from delayed, asynchronous and missing measurements due to communication constraints, and the cyber-attacks on the communication channels. In this study, the authors aim to survey some recent advances on the state estimation methods which tackle the above three issues in power grids. Traditional state estimation methods applied in power grids are first introduced. Latest results on state estimation with mixed measurements and incomplete measurements are then discussed in great detail. In addition, the techniques developed to ensure the cyber-security of the state estimation schemes for power grids are highlighted. Finally, some concluding remarks are given and some possible future research directions are pointed out

Enabling sustainable power distribution networks by using smart grid communications

Smart grid modernization enables integration of computing, information and communications capabilities into the legacy electric power grid system, especially the low voltage distribution networks where various consumers are located. The evolutionary paradigm has initiated worldwide deployment of an enormous number of smart meters as well as renewable energy sources at end-user levels. The future distribution networks as part of advanced metering infrastructure (AMI) will involve decentralized power control operations under associated smart grid communications networks. This dissertation addresses three potential problems anticipated in the future distribution networks of smart grid: 1) local power congestion due to power surpluses produced by PV solar units in a neighborhood that demands disconnection/reconnection mechanisms to alleviate power overflow, 2) power balance associated with renewable energy utilization as well as data traffic across a multi-layered distribution network that requires decentralized designs to facilitate power control as well as communications, and 3) a breach of data integrity attributed to a typical false data injection attack in a smart metering network that calls for a hybrid intrusion detection system to detect anomalous/malicious activities. In the first problem, a model for the disconnection process via smart metering communications between smart meters and the utility control center is proposed. By modeling the power surplus congestion issue as a knapsack problem, greedy solutions for solving such problem are proposed. Simulation results and analysis show that computation time and data traffic under a disconnection stage in the network can be reduced. In the second problem, autonomous distribution networks are designed that take scalability into account by dividing the legacy distribution network into a set of subnetworks. A power-control method is proposed to tackle the power flow and power balance issues. Meanwhile, an overlay multi-tier communications infrastructure for the underlying power network is proposed to analyze the traffic of data information and control messages required for the associated power flow operations. Simulation results and analysis show that utilization of renewable energy production can be improved, and at the same time data traffic reduction under decentralized operations can be achieved as compared to legacy centralized management. In the third problem, an attack model is proposed that aims to minimize the number of compromised meters subject to the equality of an aggregated power load in order to bypass detection under the conventionally radial tree-like distribution network. A hybrid anomaly detection framework is developed, which incorporates the proposed grid sensor placement algorithm with the observability attribute. Simulation results and analysis show that the network observability as well as detection accuracy can be improved by utilizing grid-placed sensors. Conclusively, a number of future works have also been identified to furthering the associated problems and proposed solutions

State of the art of cyber-physical systems security: An automatic control perspective

Cyber-physical systems are integrations of computation, networking, and physical processes. Due to the tight cyber-physical coupling and to the potentially disrupting consequences of failures, security here is one of the primary concerns. Our systematic mapping study sheds light on how security is actually addressed when dealing with cyber-physical systems from an automatic control perspective. The provided map of 138 selected studies is defined empirically and is based on, for instance, application fields, various system components, related algorithms and models, attacks characteristics and defense strategies. It presents a powerful comparison framework for existing and future research on this hot topic, important for both industry and academia

Deep Learning-Based, Passive Fault Tolerant Control Facilitated by a Taxonomy of Cyber-Attack Effects

In the interest of improving the resilience of cyber-physical control systems to better operate in the presence of various cyber-attacks and/or faults, this dissertation presents a novel controller design based on deep-learning networks. This research lays out a controller design that does not rely on fault or cyber-attack detection. Being passive, the controller’s routine operating process is to take in data from the various components of the physical system, holistically assess the state of the physical system using deep-learning networks and decide the subsequent round of commands from the controller. This use of deep-learning methods in passive fault tolerant control (FTC) is unique in the research literature. The proposed controller is applied to both linear and nonlinear systems. Additionally, the application and testing are accomplished with both actuators and sensors being affected by attacks and /or faults