Biblio

Power systems become a primary target of cyber attacks because of the vulnerability of the integrated communication networks. An attacker is able to manipulate the integrity of real-time data by maliciously modifying the readings of meters transmitted to the control center. Moreover, it is demonstrated that such attack can escape the bad data detection in state estimation if the topology and network information of the entire power grid is known to the attacker. In this paper, we propose an isolation forest (IF) based detection algorithm as a countermeasure against false data attack (FDA). This method requires no tedious pre-training procedure to obtain the labels of outliers. In addition, comparing with other algorithms, the IF based detection method can find the outliers quickly. The performance of the proposed detection method is verified using the simulation results on the IEEE 118-bus system.

Modern cyber-physical systems are increasingly complex and vulnerable to attacks like false data injection aimed at destabilizing and confusing the systems. We develop and evaluate an attack-detection framework aimed at learning a dynamic invariant network, data-driven temporal causal relationships between components of cyber-physical systems. We evaluate the relative performance in attack detection of the proposed model relative to traditional anomaly detection approaches. In this paper, we introduce Granger Causality based Kalman Filter with Adaptive Robust Thresholding (G-KART) as a framework for anomaly detection based on data-driven functional relationships between components in cyber-physical systems. In particular, we select power systems as a critical infrastructure with complex cyber-physical systems whose protection is an essential facet of national security. The system presented is capable of learning with or without network topology the task of detection of false data injection attacks in power systems. Kalman filters are used to learn and update the dynamic state of each component in the power system and in-turn monitor the component for malicious activity. The ego network for each node in the invariant graph is treated as an ensemble model of Kalman filters, each of which captures a subset of the node's interactions with other parts of the network. We finally also introduce an alerting mechanism to surface alerts about compromised nodes.

State estimation allows continuous monitoring of a power system by estimating the power system state variables from measurement data. Unfortunately, the measurement data provided by the devices can serve as attack vectors for false data injection attacks. As more components are connected to the internet, power system is exposed to various known and unknown cyber threats. Previous investigations have shown that false data can be injected on data from traditional meters that bypasses bad data detection systems. This paper extends this investigation by giving an overview of cyber security threats to phasor measurement units, assessing the impact of false data injection on hybrid state estimators and suggesting security recommendations. Simulations are performed on IEEE-30 and 118 bus test systems.