Modeling and performance evaluation of stealthy false data injection attacks on smart grid in the presence of corrupted measurements

The false data injection (FDI) attack cannot be detected by the traditional anomaly detection techniques used in the energy system state estimators. In this paper, we demonstrate how FDI attacks can be constructed blindly, i.e., without system knowledge, including topological connectivity and line reactance information. Our analysis reveals that existing FDI attacks become detectable (consequently unsuccessful) by the state estimator if the data contains grossly corrupted measurements such as device malfunction and communication errors. The proposed sparse optimization based stealthy attacks construction strategy overcomes this limitation by separating the gross errors from the measurement matrix. Extensive theoretical modeling and experimental evaluation show that the proposed technique performs more stealthily (has less relative error) and efficiently (fast enough to maintain time requirement) compared to other methods on IEEE benchmark test systems.Comment: Keywords: Smart grid, False data injection, Blind attack, Principal component analysis (PCA), Journal of Computer and System Sciences, Elsevier, 201

Smart Grid Security: Threats, Challenges, and Solutions

The cyber-physical nature of the smart grid has rendered it vulnerable to a multitude of attacks that can occur at its communication, networking, and physical entry points. Such cyber-physical attacks can have detrimental effects on the operation of the grid as exemplified by the recent attack which caused a blackout of the Ukranian power grid. Thus, to properly secure the smart grid, it is of utmost importance to: a) understand its underlying vulnerabilities and associated threats, b) quantify their effects, and c) devise appropriate security solutions. In this paper, the key threats targeting the smart grid are first exposed while assessing their effects on the operation and stability of the grid. Then, the challenges involved in understanding these attacks and devising defense strategies against them are identified. Potential solution approaches that can help mitigate these threats are then discussed. Last, a number of mathematical tools that can help in analyzing and implementing security solutions are introduced. As such, this paper will provide the first comprehensive overview on smart grid security

Comprehensive Survey and Taxonomies of False Injection Attacks in Smart Grid: Attack Models, Targets, and Impacts

Smart Grid has rapidly transformed the centrally controlled power system into a massively interconnected cyber-physical system that benefits from the revolutions happening in the communications (e.g. 5G) and the growing proliferation of the Internet of Things devices (such as smart metres and intelligent electronic devices). While the convergence of a significant number of cyber-physical elements has enabled the Smart Grid to be far more efficient and competitive in addressing the growing global energy challenges, it has also introduced a large number of vulnerabilities culminating in violations of data availability, integrity, and confidentiality. Recently, false data injection (FDI) has become one of the most critical cyberattacks, and appears to be a focal point of interest for both research and industry. To this end, this paper presents a comprehensive review in the recent advances of the FDI attacks, with particular emphasis on 1) adversarial models, 2) attack targets, and 3) impacts in the Smart Grid infrastructure. This review paper aims to provide a thorough understanding of the incumbent threats affecting the entire spectrum of the Smart Grid. Related literature are analysed and compared in terms of their theoretical and practical implications to the Smart Grid cybersecurity. In conclusion, a range of technical limitations of existing false data attack research is identified, and a number of future research directions is recommended.Comment: Double-column of 24 pages, prepared based on IEEE Transaction articl

Machine Learning Based Detection of False Data Injection Attacks in Wide Area Monitoring Systems

The Smart Grid (SG) is an upgraded, intelligent, and a more reliable version of the traditional Power Grid due to the integration of information and communication technologies. The operation of the SG requires a dense communication network to link all its components. But such a network renders it prone to cyber attacks jeopardizing the integrity and security of the communicated data between the physical electric grid and the control centers. One of the most prominent components of the SG are Wide Area Monitoring Systems (WAMS). WAMS are a modern platform for grid-wide information, communication, and coordination that play a major role in maintaining the stability of the grid against major disturbances. In this thesis, an anomaly detection framework is proposed to identify False Data Injection (FDI) attacks in WAMS using different Machine Learning (ML) and Deep Learning (DL) techniques, i.e., Deep Autoencoders (DAE), Long-Short Term Memory (LSTM), and One-Class Support Vector Machine (OC-SVM). These algorithms leverage diverse, complex, and high-volume power measurements coming from communications between different components of the grid to detect intelligent FDI attacks. The injected false data is assumed to target several major WAMS monitoring applications, such as Voltage Stability Monitoring (VSM), and Phase Angle Monitoring (PAM). The attack vector is considered to be smartly crafted based on the power system data, so that it can pass the conventional bad data detection schemes and remain stealthy. Due to the lack of realistic attack data, machine learning-based anomaly detection techniques are used to detect FDI attacks. To demonstrate the impact of attacks on the realistic WAMS traffic and to show the effectiveness of the proposed detection framework, a Hardware-In-the-Loop (HIL) co-simulation testbed is developed. The performance of the implemented techniques is compared on the testbed data using different metrics: Accuracy, F1 score, and False Positive Rate (FPR) and False Negative Rate (FNR). The IEEE 9-bus and IEEE 39-bus systems are used as benchmarks to investigate the framework scalability. The experimental results prove the effectiveness of the proposed models in detecting FDI attacks in WAMS

False Data Injection Detection for Phasor Measurement Units

Cyber-threats are becoming a big concern due to the potential severe consequences of such threats is false data injection (FDI) attacks where the measures data is manipulated such that the detection is unfeasible using traditional approaches. This work focuses on detecting FDIs for phasor measurement units where compromising one unit is sufficient for launching such attacks. In the proposed approach, moving averages and correlation are used along with machine learning algorithms to detect such attacks. The proposed approach is tested and validated using the IEEE 14-bus and the IEEE 30-bus test systems. The proposed performance was sufficient for detecting the location and attack instances under different scenarios and circumstances

Undetectable GPS-Spoofing Attack on Time Series Phasor Measurement Unit Data

The Phasor Measurement Unit (PMU) is an important metering device for smart grid. Like any other Intelligent Electronic Device (IED), PMUs are prone to various types of cyberattacks. However, one form of attack is unique to the PMU, the GPS-spoofing attack, where the time and /or the one second pulse (1 PPS) that enables time synchronization are modified and the measurements are computed using the modified time reference. This article exploits the vulnerability of PMUs in their GPS time synchronization signal. At first, the paper proposes an undetectable gradual GPS-spoofing attack with small incremental angle deviation over time. The angle deviation changes power flow calculation through the branches of the grids, without alerting the System Operator (SO) during off-peak hour. The attacker keeps instigating slow incremental variation in power flow calculation caused by GPS-spoofing relentlessly over a long period of time, with a goal of causing the power flow calculation breach the MVA limit of the branch at peak-hour. The attack is applied by solving a convex optimization criterion at regular time interval, so that after a specific time period the attack vector incurs a significant change in the angle measurements transmitted by the PMU. Secondly, while the attack modifies the angle measurements with GPS-spoofing attack, it ensures the undetectibility of phase angle variation by keeping the attack vector less than attack detection threshold. The proposed attack model is tested with Weighted Least Squared Error (WLSE), Kalman Filtering, and Hankel-matrix based GPS-spoofing attack detection models. Finally, we have proposed a gradient of low-rank approximation of Hankel-matrix based detection method to detect such relentless small incremental GPS-spoofing attack

Graphical Convolution Network Based Semi-Supervised Methods for Detecting PMU Data Manipulation Attacks

With the integration of information and communications technologies (ICTs) into the power grid, electricity infrastructures are gradually transformed towards smart grid and power systems become more open to and accessible from outside networks. With ubiquitous sensors, computers and communication networks, modern power systems have become complicated cyber-physical systems. The cyber security issues and the impact of potential attacks on the smart grid have become an important issue. Among these attacks, false data injection attack (FDIA) becomes a growing concern because of its varied types and impacts. Several detection algorithms have been developed in the last few years, which were model-based, trajectory prediction-based or learning-based methods. Phasor measurement units (PMUs) and supervisory control and data acquisition (SCADA) system work together to monitor the power system operation. The unsecured devices could offer opportunities to adversaries to compromise the system. In the literature review part of this thesis, the main methods are compared considering computing accuracy and complexity. Most work about PMUs ignored the reality that the number of PMUs installed in a power system is limited to realize observability because of high installing cost. Therefore, based on observable truth of PMU and the topology structure of power system, the graph convolution network (GCN) is proposed in this thesis. The main idea is using selected features to define violated PMU, and GCN is used to classify susceptible violated nodes and normal nodes. The basic detection method is introduced at first. And then the calculation process of neural network and Fourier transform are described with more details about graph convolution network. Later, the proposed detection mechanism and algorithm are introduced. Finally, the simulation results are given and analyzed