Enhancing Power System Cyber-Security with Systematic Two-Stage Detection Strategy
This work addresses cyber-security threats for power grid operators, but it appears incremental as it builds on existing detection challenges with a new systematic approach.
The paper tackles the problem of detecting false data injection cyber-attacks in power systems, which can bypass traditional methods and cause overloads, and proposes a two-stage detection strategy that efficiently identifies attacks and target branches, as verified by numerical simulations.
State estimation estimates the system condition in real-time and provides a base case for other energy management system (EMS) applications including real-time contingency analysis and security-constrained economic dispatch. Recent work in the literature shows malicious cyber-attack can inject false measurements that bypass traditional bad data detection in state estimation and cause actual overloads. Thus, it is very important to detect such cyber-attack. In this paper, multiple metrics are proposed to monitor abnormal load deviations and suspicious branch flow changes. A systematic two-stage approach is proposed to detect false data injection (FDI) cyber-attack. The first stage determines whether the system is under attack while the second stage identifies the target branch. Numerical simulations verify that FDI can cause severe system violations and demonstrate the effectiveness of the proposed two-stage FDI detection (FDID) method. It is concluded that the proposed FDID approach can efficiently detect FDI cyber-attack and identify the target branch, which will substantially improve operators situation awareness in real-time.