Search for: All records

A machine learning-based detection framework is proposed to detect a class of cyber-attacks that redistribute loads by modifying measurements. The detection framework consists of a multi-output support vector regression (SVR) load predictor and a subsequent support vector machine (SVM) attack detector to determine the existence of load redistribution (LR) attacks utilizing loads predicted by the SVR predictor. Historical load data for training the SVR are obtained from the publicly available PJM zonal loads and are mapped to the IEEE 30-bus system. The features to predict loads are carefully extracted from the historical load data capturing both temporal and spatial correlations. The SVM attack detector is trained using normal data and randomly created LR attacks, so that it can maximally explore the attack space. An algorithm to create random LR attacks is introduced. The results show that the SVM detector trained merely using random attacks can effectively detect not only random attacks, but also intelligently designed attacks. Moreover, using the SVR predicted loads to re-dispatch generation when attacks are detected can significantly mitigate the attack consequences. 

Intelligently designed false data injection (FDI) attacks have been shown to be able to bypass the chi-squared-test based bad data detector (BDD), resulting in physical consequences (such as line overloads) in the power system. In this paper, using synthetic PMU measurements and intelligently designed FDI attacks, it is shown that if an attack is suddenly injected into the system, a predictive filter with sufficient accuracy is able to detect it. However, an attacker can gradually increase the magnitude of the attack to avoid detection, and still cause damage to the system. 

A generative model for the creation of realistic historical bus-level load data for transmission grid models is presented. A data-driven approach based on principal component analysis is used to learn the spatio-temporal correlation between the loads in a system and build a generative model. Given a system topology and a set of base case loads, individual, realistic time-series data for each load can be generated. This technique is demonstrated by learning from a large proprietary dataset and generating historical data for the 2383-bus Polish test case.