A Learning-Based Framework for Detecting Cyber-Attacks Against Line Current Differential Relays

Technical developments in communication technology and measurement synchronization have facilitated the design of advanced protection schemes, such as Line Current Differential Relays (LCDRs). However, the superior performance of LCDRs is achieved at the expense of exposing them to cyber-threats, since cyber-induced intrusions against protective relays—which take advantage of the direct control of relays over circuit-breakers—can cause protection system mis-operations. To address this problem, this paper presents a Learning-based Framework (LBF) for detecting False Data Injection Attacks (FDIAs) and Time Synchronization Attacks (TSAs) against LCDRs, and for differentiating them from faults. In the proposed LBF, a Multi-Layer Perceptron (MLP) model is trained based on differential and super-imposed features, which are selected using the Recursive Feature Elimination method. After implementing the proposed LBF in LCDRs, when an LCDR picks up, it initially extracts the features and sends them to the trained MLP model. The LCDR trips the line if the proposed LBF confirms a fault. The performance of the proposed LBF is corroborated using the IEEE 39-bus test system. Evaluation results show that the proposed LBF (i) works independently of a system's operating point and configuration, (ii) is not considerably affected by instrumentation errors, and (iii) can accurately detect FDIAs and TSAs.