Hybrid detection of intermittent cyber-attacks in networked power systems

Efstathios Kontouras, Anthony Tzes, Leonidas Dritsas

Research output: Contribution to journalArticle

Abstract

This article addresses the concept of a compound attack detection mechanism, that links estimation-based and set-theoretic methods, and is mainly focused on the disclosure of intermittent data corruption cyber-attacks. The detection mechanism is developed as a security enhancing tool for the load-frequency control loop of a networked power system that consists of several interconnected control areas. The dynamics of the power network are derived in observable form in the discrete-time domain, considering that an adversary corrupts the frequency measurements of certain control areas by means of a bias injection cyber-attack. Simulations indicate that an estimation-based detector is unable to discern an intermittent attack, especially when the latter one occurs at the same time as changes in the power load. The detector can be improved by exploiting the safe operation constraints imposed on the state variables of the system. It is shown that the disclosure of intermittent data corruption cyber-attacks in the presence of unknown power load changes is guaranteed only when the estimation-based detector is combined with its set-theoretic counterpart. To this end, a robust invariant set for the networked power system is computed and an alarm is triggered whenever the state vector exits this set. Simulations indicate that the above detectors can operate jointly in terms of a hybrid scheme, which enhances their detection capabilities.

Original languageEnglish (US)
Article number4625
JournalEnergies
Volume12
Issue number24
DOIs
StatePublished - Dec 5 2019

Fingerprint

Power System
Attack
Detectors
Detector
Disclosure
Invariant Set
Injection
Simulation
Discrete-time
Unknown

Keywords

  • Cyber-attacks
  • Load-frequency control
  • Power systems
  • Set-theoretic methods
  • State estimation

ASJC Scopus subject areas

  • Renewable Energy, Sustainability and the Environment
  • Energy Engineering and Power Technology
  • Energy (miscellaneous)
  • Control and Optimization
  • Electrical and Electronic Engineering

Cite this

Hybrid detection of intermittent cyber-attacks in networked power systems. / Kontouras, Efstathios; Tzes, Anthony; Dritsas, Leonidas.

In: Energies, Vol. 12, No. 24, 4625, 05.12.2019.

Research output: Contribution to journalArticle

Kontouras, Efstathios ; Tzes, Anthony ; Dritsas, Leonidas. / Hybrid detection of intermittent cyber-attacks in networked power systems. In: Energies. 2019 ; Vol. 12, No. 24.
@article{938c5ce603a143beb257cb5e3deed72e,
title = "Hybrid detection of intermittent cyber-attacks in networked power systems",
abstract = "This article addresses the concept of a compound attack detection mechanism, that links estimation-based and set-theoretic methods, and is mainly focused on the disclosure of intermittent data corruption cyber-attacks. The detection mechanism is developed as a security enhancing tool for the load-frequency control loop of a networked power system that consists of several interconnected control areas. The dynamics of the power network are derived in observable form in the discrete-time domain, considering that an adversary corrupts the frequency measurements of certain control areas by means of a bias injection cyber-attack. Simulations indicate that an estimation-based detector is unable to discern an intermittent attack, especially when the latter one occurs at the same time as changes in the power load. The detector can be improved by exploiting the safe operation constraints imposed on the state variables of the system. It is shown that the disclosure of intermittent data corruption cyber-attacks in the presence of unknown power load changes is guaranteed only when the estimation-based detector is combined with its set-theoretic counterpart. To this end, a robust invariant set for the networked power system is computed and an alarm is triggered whenever the state vector exits this set. Simulations indicate that the above detectors can operate jointly in terms of a hybrid scheme, which enhances their detection capabilities.",
keywords = "Cyber-attacks, Load-frequency control, Power systems, Set-theoretic methods, State estimation",
author = "Efstathios Kontouras and Anthony Tzes and Leonidas Dritsas",
year = "2019",
month = "12",
day = "5",
doi = "10.3390/en12244625",
language = "English (US)",
volume = "12",
journal = "Energies",
issn = "1996-1073",
publisher = "Multidisciplinary Digital Publishing Institute (MDPI)",
number = "24",

}

TY - JOUR

T1 - Hybrid detection of intermittent cyber-attacks in networked power systems

AU - Kontouras, Efstathios

AU - Tzes, Anthony

AU - Dritsas, Leonidas

PY - 2019/12/5

Y1 - 2019/12/5

N2 - This article addresses the concept of a compound attack detection mechanism, that links estimation-based and set-theoretic methods, and is mainly focused on the disclosure of intermittent data corruption cyber-attacks. The detection mechanism is developed as a security enhancing tool for the load-frequency control loop of a networked power system that consists of several interconnected control areas. The dynamics of the power network are derived in observable form in the discrete-time domain, considering that an adversary corrupts the frequency measurements of certain control areas by means of a bias injection cyber-attack. Simulations indicate that an estimation-based detector is unable to discern an intermittent attack, especially when the latter one occurs at the same time as changes in the power load. The detector can be improved by exploiting the safe operation constraints imposed on the state variables of the system. It is shown that the disclosure of intermittent data corruption cyber-attacks in the presence of unknown power load changes is guaranteed only when the estimation-based detector is combined with its set-theoretic counterpart. To this end, a robust invariant set for the networked power system is computed and an alarm is triggered whenever the state vector exits this set. Simulations indicate that the above detectors can operate jointly in terms of a hybrid scheme, which enhances their detection capabilities.

AB - This article addresses the concept of a compound attack detection mechanism, that links estimation-based and set-theoretic methods, and is mainly focused on the disclosure of intermittent data corruption cyber-attacks. The detection mechanism is developed as a security enhancing tool for the load-frequency control loop of a networked power system that consists of several interconnected control areas. The dynamics of the power network are derived in observable form in the discrete-time domain, considering that an adversary corrupts the frequency measurements of certain control areas by means of a bias injection cyber-attack. Simulations indicate that an estimation-based detector is unable to discern an intermittent attack, especially when the latter one occurs at the same time as changes in the power load. The detector can be improved by exploiting the safe operation constraints imposed on the state variables of the system. It is shown that the disclosure of intermittent data corruption cyber-attacks in the presence of unknown power load changes is guaranteed only when the estimation-based detector is combined with its set-theoretic counterpart. To this end, a robust invariant set for the networked power system is computed and an alarm is triggered whenever the state vector exits this set. Simulations indicate that the above detectors can operate jointly in terms of a hybrid scheme, which enhances their detection capabilities.

KW - Cyber-attacks

KW - Load-frequency control

KW - Power systems

KW - Set-theoretic methods

KW - State estimation

UR - http://www.scopus.com/inward/record.url?scp=85076947691&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85076947691&partnerID=8YFLogxK

U2 - 10.3390/en12244625

DO - 10.3390/en12244625

M3 - Article

AN - SCOPUS:85076947691

VL - 12

JO - Energies

JF - Energies

SN - 1996-1073

IS - 24

M1 - 4625

ER -