Coherency-Based Detection Algorithm for Synchrophasor Cyberattacks

The wide area monitoring system (WAMS) is critical for power system situational awareness, but represents a growing cybersecurity vulnerability. Malicious adversaries may seek to compromise one or more PMUs in order to effect control decisions that unnecessarily disrupt typical grid operations. One...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:2019 North American Power Symposium (NAPS) S. 1 - 6
Hauptverfasser: Hart, Philip, Acharya, Sowmya, Wang, Honggang
Format: Tagungsbericht
Sprache:Englisch
Veröffentlicht: IEEE 01.10.2019
Schlagworte:
Circuit faults
coherency
Computer crime
Cyberattack
detection algorithm
Detection algorithms
event classification
fault
Mathematical model
Partitioning algorithms
Phasor measurement units
Power systems
replay attack
synchrophasors
WAMS
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The wide area monitoring system (WAMS) is critical for power system situational awareness, but represents a growing cybersecurity vulnerability. Malicious adversaries may seek to compromise one or more PMUs in order to effect control decisions that unnecessarily disrupt typical grid operations. One example of a particularly pernicious attack vector is the spoofing or replaying of a fault event using one or more compromised PMUs. This work documents the development and validation of a coherency-based cyberattack detection algorithm that integrates a sliding-window singular value decomposition (SVD) with physics-based partitioning analysis to achieve accurate classification of events. Special consideration is given to discerning a sophisticated fault-replay or fault spoofing attack from actual faults. A software-based cybersecurity testbed has been developed for rigorous testing of the algorithm. The algorithm is further validated using simulated synchrophasor datasets obtained from a MinniWECC 63-bus test system. Results show that the algorithm can successfully detect fault-replay attacks even when over half of the PMUs are compromised.
DOI:10.1109/NAPS46351.2019.9000271