391 research outputs found
Topology Attacks on Power System Operation and Consequences Analysis
abstract: The large distributed electric power system is a hierarchical network involving the
transportation of power from the sources of power generation via an intermediate
densely connected transmission network to a large distribution network of end-users
at the lowest level of the hierarchy. At each level of the hierarchy (generation/ trans-
mission/ distribution), the system is managed and monitored with a combination of
(a) supervisory control and data acquisition (SCADA); and (b) energy management
systems (EMSs) that process the collected data and make control and actuation de-
cisions using the collected data. However, at all levels of the hierarchy, both SCADA
and EMSs are vulnerable to cyber attacks. Furthermore, given the criticality of the
electric power infrastructure, cyber attacks can have severe economic and social con-
sequences.
This thesis focuses on cyber attacks on SCADA and EMS at the transmission
level of the electric power system. The goal is to study the consequences of three
classes of cyber attacks that can change topology data. These classes include: (i)
unobservable state-preserving cyber attacks that only change the topology data; (ii)
unobservable state-and-topology cyber-physical attacks that change both states and
topology data to enable a coordinated physical and cyber attack; and (iii) topology-
targeted man-in-the-middle (MitM) communication attacks that alter topology data
shared during inter-EMS communication. Specically, attack class (i) and (ii) focus on
the unobservable attacks on single regional EMS while class (iii) focuses on the MitM
attacks on communication links between regional EMSs. For each class of attacks,
the theoretical attack model and the implementation of attacks are provided, and the
worst-case attack and its consequences are exhaustively studied. In particularly, for
class (ii), a two-stage optimization problem is introduced to study worst-case attacks
that can cause a physical line over
ow that is unobservable in the cyber layer. The long-term implication and the system anomalies are demonstrated via simulation.
For attack classes (i) and (ii), both mathematical and experimental analyses sug-
gest that these unobservable attacks can be limited or even detected with resiliency
mechanisms including load monitoring, anomalous re-dispatches checking, and his-
torical data comparison. For attack class (iii), countermeasures including anomalous
tie-line interchange verication, anomalous re-dispatch alarms, and external contin-
gency lists sharing are needed to thwart such attacks.Dissertation/ThesisMasters Thesis Electrical Engineering 201
False Data Injection Attacks on Phasor Measurements That Bypass Low-rank Decomposition
This paper studies the vulnerability of phasor measurement units (PMUs) to
false data injection (FDI) attacks. Prior work demonstrated that unobservable
FDI attacks that can bypass traditional bad data detectors based on measurement
residuals can be identified by detector based on low-rank decomposition (LD).
In this work, a class of more sophisticated FDI attacks that captures the
temporal correlation of PMU data is introduced. Such attacks are designed with
a convex optimization problem and can always bypass the LD detector. The
vulnerability of this attack model is illustrated on both the IEEE 24-bus RTS
and the IEEE 118-bus systems.Comment: 6 pages, 4 figures, submitted to 2017 IEEE International Conference
on Smart Grid Communications (SmartGridComm
Vulnerability Assessment of Large-scale Power Systems to False Data Injection Attacks
This paper studies the vulnerability of large-scale power systems to false
data injection (FDI) attacks through their physical consequences. Prior work
has shown that an attacker-defender bi-level linear program (ADBLP) can be used
to determine the worst-case consequences of FDI attacks aiming to maximize the
physical power flow on a target line. This ADBLP can be transformed into a
single-level mixed-integer linear program, but it is hard to solve on large
power systems due to numerical difficulties. In this paper, four
computationally efficient algorithms are presented to solve the attack
optimization problem on large power systems. These algorithms are applied on
the IEEE 118-bus system and the Polish system with 2383 buses to conduct
vulnerability assessments, and they provide feasible attacks that cause line
overflows, as well as upper bounds on the maximal power flow resulting from any
attack.Comment: 6 pages, 5 figure
Local Cyber-physical Attack with Leveraging Detection in Smart Grid
A well-designed attack in the power system can cause an initial failure and
then results in large-scale cascade failure. Several works have discussed power
system attack through false data injection, line-maintaining attack, and
line-removing attack. However, the existing methods need to continuously attack
the system for a long time, and, unfortunately, the performance cannot be
guaranteed if the system states vary. To overcome this issue, we consider a new
type of attack strategy called combinational attack which masks a line-outage
at one position but misleads the control center on line outage at another
position. Therefore, the topology information in the control center is
interfered by our attack. We also offer a procedure of selecting the vulnerable
lines of its kind. The proposed method can effectively and continuously deceive
the control center in identifying the actual position of line-outage. The
system under attack will be exposed to increasing risks as the attack
continuously. Simulation results validate the efficiency of the proposed attack
strategy.Comment: Accepted by IEEE SmartGridComm 201
Vulnerability Analysis of False Data Injection Attacks on Supervisory Control and Data Acquisition and Phasor Measurement Units
abstract: The electric power system is monitored via an extensive network of sensors in tandem with data processing algorithms, i.e., an intelligent cyber layer, that enables continual observation and control of the physical system to ensure reliable operations. This data collection and processing system is vulnerable to cyber-attacks that impact the system operation status and lead to serious physical consequences, including systematic problems and failures.
This dissertation studies the physical consequences of unobservable false data injection (FDI) attacks wherein the attacker maliciously changes supervisory control and data acquisition (SCADA) or phasor measurement unit (PMU) measurements, on the electric power system. In this context, the dissertation is divided into three parts, in which the first two parts focus on FDI attacks on SCADA and the last part focuses on FDI attacks on PMUs.
The first part studies the physical consequences of FDI attacks on SCADA measurements designed with limited system information. The attacker is assumed to have perfect knowledge inside a sub-network of the entire system. Two classes of attacks with different assumptions on the attacker's knowledge outside of the sub-network are introduced. In particular, for the second class of attacks, the attacker is assumed to have no information outside of the attack sub-network, but can perform multiple linear regression to learn the relationship between the external network and the attack sub-network with historical data. To determine the worst possible consequences of both classes of attacks, a bi-level optimization problem wherein the first level models the attacker's goal and the second level models the system response is introduced.
The second part of the dissertation concentrates on analyzing the vulnerability of systems to FDI attacks from the perspective of the system. To this end, an off-line vulnerability analysis framework is proposed to identify the subsets of the test system that are more prone to FDI attacks.
The third part studies the vulnerability of PMUs to FDI attacks. Two classes of more sophisticated FDI attacks that capture the temporal correlation of PMU data are introduced. Such attacks are designed with a convex optimization problem and can always bypass both the bad data detector and the low-rank decomposition (LD) detector.Dissertation/ThesisDoctoral Dissertation Electrical Engineering 201
- …