Detection of false data injection attacks in smart grid cyber-physical systems
Date of Issue2019-02-12
School of Electrical and Electronic Engineering
Building an efficient, green, and multifunctional smart grid cyber-physical system (CPS) while maintaining high reliability and security is an extremely challenging task, particularly in the ever-evolving cyber threat landscape. This challenge is also compounded by the increasing pervasiveness of information and communications technologies across the power infrastructure, as well as the growing availability of advanced hacking tools in the hacker community. One of the most critical security threats in smart grid CPSs lies in the high-profile false data injection (FDI) attacks, where attackers attempt to inject either fabricated measurement data to mislead power grid state estimation & bad data detection or tampered command data to misguide power management & control. Accordingly, FDI attacks can be subdivided into false measurement data injection (FmDI) attacks and false command data injection (FcDI) attacks, respectively. Detection techniques for FDI attacks have been a significant research focus for smart grid CPSs to withstand these security threats and further protect the power infrastructure. However, conventional state estimation based bad data detection approaches have been proved vulnerable to the evolving FDI attacks. To meet this gap, this thesis introduces four creative research works to analyze and detect FDI attacks in smart grid CPSs. First, a stochastic Petri net based analytical model is developed to evaluate and analyze the system reliability of smart grid CPSs, specifically against topology attacks with system countermeasures (i.e., intrusion detection systems and malfunction recovery techniques). Topology attacks are evolved from FmDI attacks, where attackers initialize FmDI attacks by tempering with both measurement data and grid topology information. This analytical model is featured by bolstering both transient and steady-state analysis of system reliability. Second, a distributed host-based collaborative detection scheme is proposed to detect FmDI attacks in smart grid CPSs. It is considered in this work that phasor measurement units (PMUs), deployed to measure the operating status of power grids, can be compromised by FmDI attackers. Trusted host monitors (HMs) are assigned to each PMU to monitor and assess PMUs’ behaviors. Neighboring HMs make use of the majority voting algorithm based on a set of predefined normal behavior rules to identify the existence of abnormal measurement data collected by PMUs. In addition, an innovative reputation system with an adaptive reputation updating algorithm is designed to evaluate the overall operating status of PMUs, by which FmDI attacks as well as the attackers can be distinctly observed. Third, a Dirichlet-based detection scheme for FcDI attacks in hierarchical smart grid CPSs are proposed. In the future hierarchical paradigm of a smart grid CPS, it is considered that the decentralized local agents (LAs) responsible for local management and control can be compromised by FcDI attackers. By issuing fake or biased commands, the attackers anticipate to manipulate the regional electricity prices with the purpose of illicit financial gains. The proposed scheme builds a Dirichlet-based probabilistic model to assess the reputation levels of LAs. This probabilistic model, used in conjunction with a designed adaptive reputation incentive mechanism, enables quick and efficient detection of FcDI attacks as well as the attackers. Last, we systematically explore the feasibility and limitations of detecting FmDI attacks in smart grid CPSs using distributed flexible AC transmission system (D-FACTS) devices. Recent studies have investigated the possibilities of proactively detecting FmDI attacks on smart grid CPSs by using D-FACTS devices. We term this approach as proactive false data detection (PFDD). In this work, the feasibility of using PFDD to detect FmDI attacks are investigated by considering single-bus, uncoordinated multiple-bus, and coordinated multiple-bus FmDI attacks, respectively. It is proved that PFDD can detect all these three types of FmDI attacks targeted on buses or super-buses with degrees larger than 1, as long as the deployment of D-FACTS devices covers branches at least containing a spanning tree of the grid graph. The minimum efforts required for activating D-FACTS devices to detect each type of FmDI attacks are respectively evaluated. In addition, the limitations of this approach are also discussed, and it is strictly proved that PFDD is not able to detect FmDI attacks targeted on buses or super-buses with degrees equalling 1.
DRNTU::Engineering::Electrical and electronic engineering