Anomaly detection in electric network database of smart grid: Graph matching approach (original) (raw)
Related papers
IEEE Transactions on Industrial Informatics, 2017
Recent studies show that smart grid is vulnerable to cyber anomalies. In this paper, an anomaly detection method is proposed to identify the abnormal patterns in the network power flows, which results from the accidental or deliberate changes of the database. The proposed method utilizes a multivariate time series statistical forecasting technique based on vector autoregressive model. To understand the power flow behavior of the system, a multiphase optimal power flow analysis is conducted. The proposed method is validated using IEEE Power Distribution System Analysis Subcommittee recommended 34-node and 123-node test systems. Three different experiments are performed to test the effectiveness of the proposed approach. Vulnerability and computational complexity issues of this paper are also addressed elaborately. Results obtained from this analysis show that the proposed method successfully captures the network anomalies at a high detection rate allowing only a few number of false alarms.
Machine Learning to Ensure Data Integrity in Power System Topological Network Database
Electronics, 2020
Operational and planning modules of energy systems heavily depend on the information of the underlying topological and electric parameters, which are often kept in database within the operation centre. Therefore, these operational and planning modules are vulnerable to cyber anomalies due to accidental or deliberate changes in the power system database model. To validate, we have demonstrated the impact of cyber-anomalies on the database model used for operation of energy systems. To counter these cyber-anomalies, we have proposed a defence mechanism based on widely accepted classification techniques to identify the abnormal class of anomalies. In this study, we find that our proposed method based on multilayer perceptron (MLP), which is a special class of feedforward artificial neural network (ANN), outperforms other exiting techniques. The proposed method is validated using IEEE 33-bus and 24-bus reliability test system and analysed using ten different datasets to show the effecti...
Graph Neural Networks Based Detection of Stealth False Data Injection Attacks in Smart Grids
IEEE Systems Journal, 2021
False data injection attacks (FDIAs) represent a major class of attacks that aim to break the integrity of measurements by injecting false data into the smart metering devices in power grids. To the best of authors' knowledge, no study has attempted to design a detector that automatically models the underlying graph topology and spatially correlated measurement data of the smart grids to better detect cyber attacks. The contributions of this paper to detect and mitigate FDIAs are twofold. First, we present a generic, localized, and stealth (unobservable) attack generation methodology and publicly accessible datasets for researchers to develop and test their algorithms. Second, we propose a Graph Neural Network (GNN) based, scalable and real-time detector of FDIAs that efficiently combines model-driven and data-driven approaches by incorporating the inherent physical connections of modern AC power grids and exploiting the spatial correlations of the measurement. It is experimentally verified by comparing the proposed GNN based detector with the currently available FDIA detectors in the literature that our algorithm outperforms the best available solutions by 3.14%, 4.25%, and 4.41% in F1 score for standard IEEE testbeds with 14, 118, and 300 buses, respectively. Index Terms-False data injection attacks, graph neural networks, machine learning, smart grid, power system security NOMENCLATURE P i + jQ i Complex power injection at bus i. P ij + jQ ij Complex power flow between bus i and j. V i , θ i Voltage magnitude and phase angle of bus i. θ ij θ i − θ j. G ij + jB ij ijth elements of bus admittance matrix. g ij + jb ij Series branch admittance between bus ij. g si + jb si Shunt branch admittance at bus i. Ω i Set of buses connected to bus i. z o , z a ∈ R m Original, attacked measurement vector. x,x ∈ R n Original, attacked state vector. h(x) Nonlinear measurement function at x. H ∈ R m×n Jacobian matrix. G ∈ R n×n Gain matrix. R, S ∈ R m×m Error covariance, residual sensitivity matrix. T Attacker's target area to perform FDIA.
ArXiv, 2018
In this paper, a novel graph-theoretic framework is proposed to generalize the analysis of a broad set of security attacks, including observability and data injection attacks, that target the smart grid. First, the notion of observability attacks is defined based on a proposed graph-theoretic construct. In this respect, an algorithm is proposed to characterize the critical set of measurements which must be removed along with a certain measurement to make the system unobservable. It is then shown that for the system to be observable these critical sets must be part of a maximum matching over a proposed bipartite graph. In addition, it is shown that stealthy data injection attacks are a special case of these observability attacks. Then, various attack strategies and defense policies for observability and data injection attacks are shown to be amenable to analysis using variations of the formulated maximum-matching problem. The proposed framework is then shown to provide a unified basi...
Inference of Tampered Smart Meters with Validations from Feeder-Level Power Injections
2019 IEEE Innovative Smart Grid Technologies - Asia (ISGT Asia), 2019
Tampering of metering infrastructure of an electrical distribution system can significantly cause customers' billing discrepancy. The large-scale deployment of smart meters may potentially be tampered by malware by propagating their agents to other IP-based meters. Such a possibility is to pivot through the physical perimeters of a smart meter. While this framework may help utilities to accurately energy consumption information on the regular basis, it is challenging to identify malicious meters when there is a large number of users that are exploited to vulnerability and kWh information being altered. This paper presents a reconfiguration switching scheme based on graph theory incorporating the concept of distributed generators to accelerate the anomaly localization process within an electrical distribution network. First, a data form transformation from a visualized grid topology to a graph with vertices and edges is presented. A conversion from the graph representation to machine recognized matrix representation is then performed. The connection of the grid topology is illustrated as an adjacency or incidence matrix for the following analysis. A switching procedure to change elements in the topological matrix is used to detect and localize the tampered node or cluster. The procedure has to meet the electrical and the temporary closed-loop operational constraints. The customerlevel anomaly detection is then performed in accordance with probability derived from smart meter anomalies.
Anomaly detection in electricity cyber infrastructures
Proceedings of the …, 2006
This paper presents a novel anomaly detection methodology for the protection of electricity critical infrastructures that learns the normal behaviour of the system, builds up a profile and detects anomalous operations which deviate from the profile. This can be used to identify attacks, failures and accidents and it can also be used to improve state estimation, correct topology errors and inform the operators about potential discrepancies between their view of the network and its actual state. This paper will cover two of the anomaly-detecting techniques that we have been developing for electricity networks -invariant induction and simulated ants -and a Bayesian methodology for integrating the output of these detectors. The results presented in this paper demonstrate that this technique could make a significant contribution to the security of electricity critical infrastructures.
Smart grid data integrity attacks: characterizations and countermeasuresπ
2011 IEEE International Conference on Smart Grid Communications (SmartGridComm), 2011
Coordinated cyberattacks of power meter readings can be arranged to be undetectable by any bad data detection algorithm in the power system state estimation process. These unobservable attacks present a potentially serious threat to grid operations. Of particular interest are sparse attacks that involve the compromise of a modest number of meter readings. An efficient algorithm to find all unobservable attacks [under standard DC load flow approximations] involving the compromise of exactly two power injection meters and an arbitrary number of line power meters is presented. This requires O(n 2 m) flops for a power system with n buses and m line meters. If all lines are metered, there exist canonical forms that characterize all 3, 4, and 5-sparse unobservable attacks. These can be quickly detected in power systems using standard graph algorithms. Known-secure phasor measurement units [PMUs] can be used as countermeasures against an arbitrary collection of cyberattacks. Finding the minimum number of necessary PMUs is NP-hard. It is shown that p + 1 PMUs at carefully chosen buses are sufficient to neutralize a collection of p cyberattacks.
Smart Grid Data Integrity Attacks
IEEE Transactions on Smart Grid, 2013
Real power injections at loads and generators, and real power flows on selected lines in a transmission network are monitored and transmitted over a SCADA network to the system operator. These are used in state estimation algorithms to make dispatch, re-balance and other energy management system [EMS] decisions. Coordinated cyberattacks of power meter readings can be arranged to be undetectable by any bad data detection algorithm. These unobservable attacks present a serious threat to grid operations. Of particular interest are sparse attacks that involve the compromise of a modest number of meter readings. An efficient algorithm to find all unobservable attacks [under standard DC load flow approximations] involving the compromise of exactly two power injection meters and an arbitrary number of power meters on lines is presented. This requires O(n 2 m) flops for a power system with n buses and m line meters. If all lines are metered, there exist canonical forms that characterize all 3, 4, and 5-sparse unobservable attacks. These can be quickly detected with O(n 2) flops using standard graph algorithms. Known-secure phase measurement units [PMUs] can be used as countermeasures against an arbitrary collection of cyberattacks. Finding the minimum number of necessary PMUs is NP-hard. It is shown that p + 1 PMUs at carefully chosen buses are sufficient to neutralize a collection of p cyberattacks.
Taxonomy of Threats and Vulnerabilities in Smart Grid Networks
2021
Electric power is a fundamental necessity in the 21<sup>st</sup> century. Consequently, any break in electric power is probably going to affect the general activity. To make the power supply smooth and efficient, a smart grid network is introduced which uses communication technology. In any communication network, security is essential. It has been observed from several recent incidents that adversary causes an interruption to the operation of networks. In order to resolve the issues, it is vital to understand the threats and vulnerabilities associated with the smart grid networks. In this paper, we have investigated the threats and vulnerabilities in Smart Grid Networks (SGN) and the few solutions in the literature. Proposed solutions showed developments in electricity theft countermeasures, Denial of services attacks (DoS) and malicious injection attacks detection model, as well as malicious nodes detection using watchdog like techniques and other solutions.