Two-tier data-driven intrusion detection for automatic generation control in smart grid

Legacy energy infrastructures are being replaced by modern smart grids. Smart grids provide bi-directional communications for the purpose of efficient energy and load management. In addition, energy generation is adjusted based on the load feedback. However, due to the dependency on the cyber infrastructure for load monitoring and reporting, generation control is inherently vulnerable to attacks. Recent studies have shown that the possibility of data integrity attacks on the generation control can significantly disrupt the energy system. In this work, we present simple yet effective data-driven two-tier intrusion detection system for automatic generation control (AGC). The first tier is a short-term adaptive predictor for system variables, such as load and area control error (ACE). The first tier provides a real-time measurement predictor that adapts to the underlying changing behavior of these system variables, and flags out the abnormal behavior in these variables independently. The second tier provides deep state inspection to investigate the presence of anomalies by incorporating the overall system variable correlation using Markov models. Moreover, we expand our second tier inspection to include multi-AGC environment where a behavior of one AGC is validated against the behavior of the interconnected AGC. The combination of tier-1 light-weight prediction and tier-2 offline deep state inspection offers a great advantage to balance accuracy and real-time requirements of intrusion detection for AGC environment. Our results show high detection accuracy (95%) under different multi-attack scenarios. Second tier successfully verified all the injected intrusions.

[1]  John Lygeros,et al.  Cyber attack in a two-area power system: Impact identification using reachability , 2010, Proceedings of the 2010 American Control Conference.

[2]  Ehab Al-Shaer,et al.  Configuration-based IDS for advanced metering infrastructure , 2013, CCS.

[3]  John Lygeros,et al.  A robust policy for Automatic Generation Control cyber attack in two area power network , 2010, 49th IEEE Conference on Decision and Control (CDC).

[4]  Christel Baier,et al.  PROBMELA: a modeling language for communicating probabilistic processes , 2004, Proceedings. Second ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2004. MEMOCODE '04..

[5]  Dan J. Trudnowski,et al.  Real-time very short-term load prediction for power-system automatic generation control , 2001, IEEE Trans. Control. Syst. Technol..

[6]  Marimuthu Palaniswami,et al.  Security Games and Risk Minimization for Automatic Generation Control in Smart Grid , 2012, GameSec.

[7]  S. Sastry,et al.  SCADA-specific Intrusion Detection / Prevention Systems : A Survey and Taxonomy , 2010 .

[8]  Robert C. Green,et al.  Intrusion Detection System in A Multi-Layer Network Architecture of Smart Grids by Yichi , 2015 .

[9]  Meysam Doostizadeh,et al.  Day-ahead scheduling of an active distribution network considering energy and reserve markets , 2013 .

[10]  Neri Merhav,et al.  On the estimation of the order of a Markov chain and universal data compression , 1989, IEEE Trans. Inf. Theory.

[11]  Harry L. Van Trees,et al.  Detection, Estimation, and Modulation Theory, Part I , 1968 .

[12]  Christel Baier,et al.  Principles of model checking , 2008 .

[13]  Chen-Ching Liu,et al.  Anomaly Detection for Cybersecurity of the Substations , 2011, IEEE Transactions on Smart Grid.

[14]  Ning Lu,et al.  Safeguarding SCADA Systems with Anomaly Detection , 2003, MMM-ACNS.

[15]  M. Melamed Detection , 2021, SETI: Astronomy as a Contact Sport.

[16]  Babu Narayanan,et al.  POWER SYSTEM STABILITY AND CONTROL , 2015 .

[17]  Ehab Al-Shaer,et al.  Automated Anomaly Detector Adaptation using Adaptive Threshold Tuning , 2013, TSEC.

[18]  S. Fan,et al.  Short-term load forecasting based on an adaptive hybrid method , 2006, IEEE Transactions on Power Systems.

[19]  G. Manimaran,et al.  Data integrity attacks and their impacts on SCADA control system , 2010, IEEE PES General Meeting.