scholarly journals The usage of power system multi-model forecasting aided state estimation for cyber attack detection

Author(s):  
I. A. Lukicheva ◽  
A. L. Kulikov

THE PURPOSE. Smart electrical grids involve extensive use of information infrastructure. Such an aggregate cyber-physical system can be subject to cyber attacks. One of the ways to counter cyberattacks is state estimation. State Estimation is used to identify the present power system operating state and eliminating metering errors and corrupted data. In particular, when a real measurement is replaced by a false one by a malefactor or a failure in the functioning of communication channels occurs, it is possible to detect false data and restore them. However, there is a class of cyberattacks, so-called False Data Injection Attack, aimed at distorting the results of the state estimation. The aim of the research was to develop a state estimation algorithm, which is able to work in the presence of cyber-attack with high accuracy.METHODS. The authors propose a Multi-Model Forecasting-Aided State Estimation method based on multi-model discrete tracking parameter estimation by the Kalman filter. The multimodal state estimator consisted of three single state estimators, which produced single estimates using different forecasting models. In this paper only linear forecasting models were considered, such as autoregression model, vector autoregression model and Holt’s exponen tial smoothing. When we obtained the multi-model estimate as the weighted sum of the single-model estimates. Cyberattack detection was implemented through innovative and residual analysis. The analysis of the proposed algorithm performance was carried out by simulation modeling using the example of a IEEE 30-bus system in Matlab.RESULTS. The paper describes an false data injection cyber attack and its specific impact on power system state estimation. A Multi - Model Forecasting-Aided State Estimation algorithm has been developed, which allows detecting cyber attacks and recovering corrupted data. Simulation of the algorithm has been carried out and its efficiency has been proved.CONCLUSION. The results showed the cyber attack detection rate of 100%. The Multi-Model Forecasting-Aided State Estimation is an protective measure against the impact of cyber attacks on power system.

2020 ◽  
Author(s):  
Mohammad Irshaad Oozeer ◽  
Simon Haykin

The work presented in this chapter is an extension of our previous research of bringing together the Cognitive Dynamic System (CDS) and the Smart Grid (SG) by focusing on AC state estimation and Cyber-Attack detection. Under the AC power flow model, state estimation is complex and computationally expensive as it relies on iterative procedures. On the other hand, the False Data Injection (FDI) attacks are a new category of cyber-attacks targeting the SG that can bypass the current bad data detection techniques in the SG. Due to the complexity of the nonlinear system involved, the amount of published works on AC based FDI attacks have been fewer compared to their DC counterpart. Here, we will demonstrate how the entropic state, which is the objective function of the CDS, can be used as a metric to monitor the grid’s health and detect FDI attacks. The CDS, acting as the supervisor of the system, improves the entropic state on a cycle to cycle basis by dynamically optimizing the state estimation process through the reconfiguration of the weights of the sensors in the network. In order to showcase performance of this new structure, computer simulations are carried out on the IEEE 14-bus system for optimal state estimation and FDI attack detection.


Electronics ◽  
2021 ◽  
Vol 10 (16) ◽  
pp. 1914
Author(s):  
Moslem Dehghani ◽  
Taher Niknam ◽  
Mohammad Ghiasi ◽  
Navid Bayati ◽  
Mehdi Savaghebi

Nowadays, the role of cyber-physical systems (CPSs) is of paramount importance in power system security since they are more vulnerable to different cyber-attacks. Detection of cyber-attacks on a direct current microgrid (DC-MG) has become a pivotal issue due to the increasing use of them in various electrical engineering applications, from renewable power generations to the distribution of electricity and power system of public transportation and subway electric network. In this study, a novel strategy was provided to diagnose possible false data injection attacks (FDIA) in DC-MGs to enhance the cyber-security of electrical systems. Accordingly, to diagnose cyber-attacks in DC-MG and to identify the FDIA to distributed energy resource (DER) unit, a new procedure of wavelet transform (WT) and singular value decomposition (SVD) based on deep machine learning was proposed. Additionally, this paper presents a developed selective ensemble deep learning (DL) approach using the gray wolf optimization (GWO) algorithm to identify the FDIA in DC-MG. In the first stage, in the paper, to gather sufficient data within the ordinary performance required for the training of the DL network, a DC-MG was operated and controlled with no FDIAs. In the information generation procedure, load changing was considered to have diagnosing datasets for cyber-attack and load variation schemes. The obtained simulation results were compared with the new Shallow model and Hilbert Huang Transform methods, and the results confirmed that the presented approach could more precisely and robustly identify multiple forms of FDIAs with more than 95% precision.


Energies ◽  
2019 ◽  
Vol 12 (24) ◽  
pp. 4625 ◽  
Author(s):  
Efstathios Kontouras ◽  
Anthony Tzes ◽  
Leonidas Dritsas

This article addresses the concept of a compound attack detection mechanism, that links estimation-based and set-theoretic methods, and is mainly focused on the disclosure of intermittent data corruption cyber-attacks. The detection mechanism is developed as a security enhancing tool for the load-frequency control loop of a networked power system that consists of several interconnected control areas. The dynamics of the power network are derived in observable form in the discrete-time domain, considering that an adversary corrupts the frequency measurements of certain control areas by means of a bias injection cyber-attack. Simulations indicate that an estimation-based detector is unable to discern an intermittent attack, especially when the latter one occurs at the same time as changes in the power load. The detector can be improved by exploiting the safe operation constraints imposed on the state variables of the system. It is shown that the disclosure of intermittent data corruption cyber-attacks in the presence of unknown power load changes is guaranteed only when the estimation-based detector is combined with its set-theoretic counterpart. To this end, a robust invariant set for the networked power system is computed and an alarm is triggered whenever the state vector exits this set. Simulations indicate that the above detectors can operate jointly in terms of a hybrid scheme, which enhances their detection capabilities.


IEEE Access ◽  
2021 ◽  
pp. 1-1
Author(s):  
Moslem Dehghani ◽  
Mohammad Ghiasi ◽  
Taher Niknam ◽  
Abdollah Kavousi-Fard ◽  
Elham Tajik ◽  
...  

Author(s):  
Seyed Hossein Rouhani ◽  
Hamed Mojallali ◽  
Alfred Baghramian

Simultaneous investigation of demand response programs and false data injection cyber-attack are critical issues for the smart power system frequency regulation. To this purpose, in this paper, the output of the studied system is simultaneously divided into two subsystems: one part including false data injection cyder-attack and another part without cyder-attack. Then, false data injection cyber-attack and load disturbance are estimated by a non-linear sliding mode observer, simultaneously and separately. After that, demand response is incorporated in the uncertain power system to compensate the whole or a part of the load disturbance based on the available electrical power in the aggregators considering communication time delay. Finally, active disturbance rejection control is modified and introduced to remove the false data injection cyber-attack and control the uncompensated load disturbance. The salp swarm algorithm is used to design the parameters. The results of several simulation scenarios indicate the efficient performance of the proposed method.


Author(s):  
Fengchen Wang ◽  
Yan Chen

Abstract To improve the cybersecurity of flocking control for connected and automated vehicles (CAVs), this paper proposes a novel resilient flocking control by specifically considering cyber-attack threats on vehicle tracking errors. Using the vehicle tracking error dynamics model, a dual extended Kalman filter (DEKF) is applied to detect cyber-attacks as an unknown constant on vehicle tracking information with noise rejections. To handle the coupling effects between tracking errors and cyber-attacks, the proposed DEKF consists of a tracking error filter and a cyber-attack filter, which are utilized to conduct the prediction and correction of tracking errors alternatively. Whenever an abnormal tracking error is detected, an observer-based resilient flocking control is enabled. Demonstrated by simulation results, the proposed cyber-attack detection method and resilient flocking control design can successfully achieve and maintain the flocking control of multi-CAV systems by rejecting certain cyber-attack threats.


Author(s):  
Darshan Mansukhbhai Tank ◽  
Akshai Aggarwal ◽  
Nirbhay Kumar Chaubey

Cybercrime continues to emerge, with new threats surfacing every year. Every business, regardless of its size, is a potential target of cyber-attack. Cybersecurity in today's connected world is a key component of any establishment. Amidst known security threats in a virtualization environment, side-channel attacks (SCA) target most impressionable data and computations. SCA is flattering major security interests that need to be inspected from a new point of view. As a part of cybersecurity aspects, secured implementation of virtualization infrastructure is very much essential to ensure the overall security of the cloud computing environment. We require the most effective tools for threat detection, response, and reporting to safeguard business and customers from cyber-attacks. The objective of this chapter is to explore virtualization aspects of cybersecurity threats and solutions in the cloud computing environment. The authors also discuss the design of their novel ‘Flush+Flush' cache attack detection approach in a virtualized environment.


Sign in / Sign up

Export Citation Format

Share Document