Vulnerability Assessment and Privacy-preserving Computations in Smart Grid

Modern advances in sensor, computing, and communication technologies enable various smart grid applications which highlight the vulnerability that requires novel approaches to the field of cybersecurity. While substantial numbers of technologies have been adopted to protect cyber attacks in smart grid, there lacks a comprehensive review of the implementations, impacts, and solutions of cyber attacks specific to the smart grid.In this dissertation, we are motivated to evaluate the security requirements for the smart grid which include three main properties: confidentiality, integrity, and availability. First, we review the cyber-physical security of the synchrophasor network, which highlights all three aspects of security issues. Taking the synchrophasor network as an example, we give an overview of how to attack a smart grid network. We test three types of attacks and show the impact of each attack consisting of denial-of-service attack, sniffing attack, and false data injection attack.Next, we discuss how to protect against each attack. For protecting availability, we examine possible defense strategies for the associated vulnerabilities.For protecting data integrity, a small-scale prototype of secure synchrophasor network is presented with different cryptosystems. Besides, a deep learning based time-series anomaly detector is proposed to detect injected measurement. Our approach observes both data measurements and network traffic features to jointly learn system states and can detect attacks when state vector estimator fails.For protecting data confidentiality, we propose privacy-preserving algorithms for two important smart grid applications. 1) A distributed privacy-preserving quadratic optimization algorithm to solve Security Constrained Optimal Power Flow (SCOPF) problem. The SCOPF problem is decomposed into small subproblems using the Alternating Direction Method of Multipliers (ADMM) and gradient projection algorithms. 2) We use Paillier cryptosystem to secure the computation of the power system dynamic simulation. The IEEE 3-Machine 9-Bus System is used to implement and demonstrate the proposed scheme. The security and performance analysis of our implementations demonstrate that our algorithms can prevent chosen-ciphertext attacks at a reasonable cost

Combined network intrusion and phasor data anomaly detection for secure dynamic control centers

The dynamic operation of power transmission systems requires the acquisition of reliable and accurate measurement and state information. The use of TCP/IP-based communication protocols such as IEEE C37.118 or IEC 61850 introduces different gateways to launch cyber-attacks and to compromise major system operation functionalities. Within this study, a combined network intrusion and phasor data anomaly detection system is proposed to enable a secure system operation in the presence of cyber-attacks for dynamic control centers. This includes the utilization of expert-rules, one-class classifiers, as well as recurrent neural networks to monitor different network packet and measurement information. The effectiveness of the proposed network intrusion and phasor data anomaly detection system is shown within a real-time simulation testbed considering multiple operation and cyber-attack conditions

Machine Learning Based Detection of False Data Injection Attacks in Wide Area Monitoring Systems

The Smart Grid (SG) is an upgraded, intelligent, and a more reliable version of the traditional Power Grid due to the integration of information and communication technologies. The operation of the SG requires a dense communication network to link all its components. But such a network renders it prone to cyber attacks jeopardizing the integrity and security of the communicated data between the physical electric grid and the control centers. One of the most prominent components of the SG are Wide Area Monitoring Systems (WAMS). WAMS are a modern platform for grid-wide information, communication, and coordination that play a major role in maintaining the stability of the grid against major disturbances. In this thesis, an anomaly detection framework is proposed to identify False Data Injection (FDI) attacks in WAMS using different Machine Learning (ML) and Deep Learning (DL) techniques, i.e., Deep Autoencoders (DAE), Long-Short Term Memory (LSTM), and One-Class Support Vector Machine (OC-SVM). These algorithms leverage diverse, complex, and high-volume power measurements coming from communications between different components of the grid to detect intelligent FDI attacks. The injected false data is assumed to target several major WAMS monitoring applications, such as Voltage Stability Monitoring (VSM), and Phase Angle Monitoring (PAM). The attack vector is considered to be smartly crafted based on the power system data, so that it can pass the conventional bad data detection schemes and remain stealthy. Due to the lack of realistic attack data, machine learning-based anomaly detection techniques are used to detect FDI attacks. To demonstrate the impact of attacks on the realistic WAMS traffic and to show the effectiveness of the proposed detection framework, a Hardware-In-the-Loop (HIL) co-simulation testbed is developed. The performance of the implemented techniques is compared on the testbed data using different metrics: Accuracy, F1 score, and False Positive Rate (FPR) and False Negative Rate (FNR). The IEEE 9-bus and IEEE 39-bus systems are used as benchmarks to investigate the framework scalability. The experimental results prove the effectiveness of the proposed models in detecting FDI attacks in WAMS

Intrusion Detection Systems in SDN-based Self-Healing PMU Networks

Nowadays, Power grids are critical infrastructures on which everything else relies, and their correct behavior is of the highest priority. New smart devices are being deployed to be able to manage and control power grids more efficiently and avoid instability. However, the deployment of such smart devices like Phasor Measurement Units (PMU) and Phasor Data Concentrators (PDC), open new opportunities for cyber attackers to exploit network vulnerabilities. If a PDC is compromised, all data coming from PMUs to that PDC is lost, reducing network observability. Our approach to solve this problem is to develop an Intrusion detection System (IDS) in a Software-defined network (SDN). allowing the IDS system to detect compromised devices and use that information as an input for a self-healing SDN controller, which redirects the data of the PMUs to a new, uncompromised PDC, maintaining the maximum possible network observability at every moment. During this research, we have successfully implemented Self-healing in an example network with an SDN controller based on Ryu controller. We have also assessed intrinsic vulnerabilities of Wide Area Management Systems (WAMS) and SCADA networks, and developed some rules for the Intrusion Detection system which specifically protect vulnerabilities of these networks. The integration of the IDS and the SDN controller was also successful. \\To achieve this goal, the first steps will be to implement an existing Self-healing SDN controller and assess intrinsic vulnerabilities of Wide Area Measurement Systems (WAMS) and SCADA networks. After that, we will integrate the Ryu controller with Snort, and create the Snort rules that are specific for SCADA or WAMS systems and protocols

Event and Intrusion Detection Systems for Cyber-Physical Power Systems

High speed data from Wide Area Measurement Systems (WAMS) with Phasor Measurement Units (PMU) enables real and non-real time monitoring and control of power systems. The information and communication infrastructure used in WAMS efficiently transports information but introduces cyber security vulnerabilities. Adversaries may exploit such vulnerabilities to create cyber-attacks against the electric power grid. Control centers need to be updated to be resilient not only to well-known power system contingencies but also to cyber-attacks. Therefore, a combined event and intrusion detection systems (EIDS) is required that can provide precise classification for optimal response. This dissertation describes a WAMS cyber-physical power system test bed that was developed to generate datasets and perform cyber-physical power system research related to cyber-physical system vulnerabilities, cyber-attack impact studies, and machine learning algorithms for EIDS. The test bed integrates WAMS components with a Real Time Digital Simulator (RTDS) with hardware in the loop (HIL) and includes various sized power systems with a wide variety of implemented power system and cyber-attack scenarios. This work developed a novel data processing and compression method to address the WAMS big data problem. The State Tracking and Extraction Method (STEM) tracks system states from measurements and creates a compressed sequence of states for each observed scenario. Experiments showed STEM reduces data size significantly without losing key event information in the dataset that is useful to train EIDS and classify events. Two EIDS are proposed and evaluated in this dissertation. Non-Nested Generalized Exemplars (NNGE) is a rule based classifier that creates rules in the form of hyperrectangles to classify events. NNGE uses rule generalization to create a model that has high accuracy and fast classification time. Hoeffding adaptive trees (HAT) is a decision tree classifier and uses incremental learning which is suitable for data stream mining. HAT creates decision trees on the fly from limited number of instances, uses low memory, has fast evaluation time, and adapts to concept changes. The experiments showed NNGE and HAT with STEM make effective EIDS that have high classification accuracy, low false positives, low memory usage, and fast classification times

Event and Intrusion Detection Systems for Cyber-Physical Power Systems

High speed data from Wide Area Measurement Systems (WAMS) with Phasor Measurement Units (PMU) enables real and non-real time monitoring and control of power systems. The information and communication infrastructure used in WAMS efficiently transports information but introduces cyber security vulnerabilities. Adversaries may exploit such vulnerabilities to create cyber-attacks against the electric power grid. Control centers need to be updated to be resilient not only to well-known power system contingencies but also to cyber-attacks. Therefore, a combined event and intrusion detection systems (EIDS) is required that can provide precise classification for optimal response. This dissertation describes a WAMS cyber-physical power system test bed that was developed to generate datasets and perform cyber-physical power system research related to cyber-physical system vulnerabilities, cyber-attack impact studies, and machine learning algorithms for EIDS. The test bed integrates WAMS components with a Real Time Digital Simulator (RTDS) with hardware in the loop (HIL) and includes various sized power systems with a wide variety of implemented power system and cyber-attack scenarios. This work developed a novel data processing and compression method to address the WAMS big data problem. The State Tracking and Extraction Method (STEM) tracks system states from measurements and creates a compressed sequence of states for each observed scenario. Experiments showed STEM reduces data size significantly without losing key event information in the dataset that is useful to train EIDS and classify events. Two EIDS are proposed and evaluated in this dissertation. Non-Nested Generalized Exemplars (NNGE) is a rule based classifier that creates rules in the form of hyperrectangles to classify events. NNGE uses rule generalization to create a model that has high accuracy and fast classification time. Hoeffding adaptive trees (HAT) is a decision tree classifier and uses incremental learning which is suitable for data stream mining. HAT creates decision trees on the fly from limited number of instances, uses low memory, has fast evaluation time, and adapts to concept changes. The experiments showed NNGE and HAT with STEM make effective EIDS that have high classification accuracy, low false positives, low memory usage, and fast classification times

Efficiency and Sustainability of the Distributed Renewable Hybrid Power Systems Based on the Energy Internet, Blockchain Technology and Smart Contracts-Volume II

The climate changes that are becoming visible today are a challenge for the global research community. In this context, renewable energy sources, fuel cell systems, and other energy generating sources must be optimally combined and connected to the grid system using advanced energy transaction methods. As this reprint presents the latest solutions in the implementation of fuel cell and renewable energy in mobile and stationary applications, such as hybrid and microgrid power systems based on the Energy Internet, Blockchain technology, and smart contracts, we hope that they will be of interest to readers working in the related fields mentioned above

Data Mining Framework for Monitoring Attacks In Power Systems

Vast deployment of Wide Area Measurement Systems (WAMS) has facilitated in increased understanding and intelligent management of the current complex power systems. Phasor Measurement Units (PMU\u27s), being the integral part of WAMS transmit high quality system information to the control centers every second. With the North American Synchro Phasor Initiative (NAPSI), the number of PMUs deployed across the system has been growing rapidly. With this increase in the number of PMU units, the amount of data accumulated is also growing in a tremendous manner. This increase in the data necessitates the use of sophisticated data processing, data reduction, data analysis and data mining techniques. WAMS is also closely associated with the information and communication technologies that are capable of implementing intelligent protection and control actions in order to improve the reliability and efficiency of the existing power systems. Along with the myriad of advantages that these measurements systems, informational and communication technologies bring, they also lead to a close synergy between heterogeneous physical and cyber components which unlocked access points for easy cyber intrusions. This easy access has resulted in various cyber attacks on control equipment consequently increasing the vulnerability of the power systems.;This research proposes a data mining based methodology that is capable of identifying attacks in the system using the real time data. The proposed methodology employs an online clustering technique to monitor only limited number of measuring units (PMU\u27s) deployed across the system. Two different classification algorithms are implemented to detect the occurrence of attacks along with its location. This research also proposes a methodology to differentiate physical attacks with malicious data attacks and declare attack severity and criticality. The proposed methodology is implemented on IEEE 24 Bus reliability Test System using data generated for attacks at different locations, under different system topologies and operating conditions. Different cross validation studies are performed to determine all the user defined variables involved in data mining studies. The performance of the proposed methodology is completely analyzed and results are demonstrated. Finally the strengths and limitations of the proposed approach are discussed