Coherency-Based Detection Algorithm for Synchrophasor Cyberattacks

The wide area monitoring system (WAMS) is critical for power system situational awareness, but represents a growing cybersecurity vulnerability. Malicious adversaries may seek to compromise one or more PMUs in order to effect control decisions that unnecessarily disrupt typical grid operations. One...

Full description

Saved in:
Bibliographic Details
Published in:2019 North American Power Symposium (NAPS) pp. 1 - 6
Main Authors: Hart, Philip, Acharya, Sowmya, Wang, Honggang
Format: Conference Proceeding
Language:English
Published: IEEE 01.10.2019
Subjects:
Circuit faults
coherency
Computer crime
Cyberattack
detection algorithm
Detection algorithms
event classification
fault
Mathematical model
Partitioning algorithms
Phasor measurement units
Power systems
replay attack
synchrophasors
WAMS
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The wide area monitoring system (WAMS) is critical for power system situational awareness, but represents a growing cybersecurity vulnerability. Malicious adversaries may seek to compromise one or more PMUs in order to effect control decisions that unnecessarily disrupt typical grid operations. One example of a particularly pernicious attack vector is the spoofing or replaying of a fault event using one or more compromised PMUs. This work documents the development and validation of a coherency-based cyberattack detection algorithm that integrates a sliding-window singular value decomposition (SVD) with physics-based partitioning analysis to achieve accurate classification of events. Special consideration is given to discerning a sophisticated fault-replay or fault spoofing attack from actual faults. A software-based cybersecurity testbed has been developed for rigorous testing of the algorithm. The algorithm is further validated using simulated synchrophasor datasets obtained from a MinniWECC 63-bus test system. Results show that the algorithm can successfully detect fault-replay attacks even when over half of the PMUs are compromised.
DOI:10.1109/NAPS46351.2019.9000271