Enhancing Power System Cyber-Security with Systematic Two-Stage Detection Strategy

TL;DR

This paper introduces a systematic two-stage detection strategy to identify false data injection cyber-attacks in power system state estimation, enhancing real-time security and situational awareness.

Contribution

It proposes a novel two-stage method for detecting and localizing FDI cyber-attacks, improving upon traditional detection techniques.

Findings

FDI attacks can cause severe system violations

The proposed method effectively detects FDI attacks

The approach accurately identifies the targeted branch

Abstract

State estimation estimates the system condition in real-time and provides a base case for other energy management system (EMS) applications including real-time contingency analysis and security-constrained economic dispatch. Recent work in the literature shows malicious cyber-attack can inject false measurements that bypass traditional bad data detection in state estimation and cause actual overloads. Thus, it is very important to detect such cyber-attack. In this paper, multiple metrics are proposed to monitor abnormal load deviations and suspicious branch flow changes. A systematic two-stage approach is proposed to detect false data injection (FDI) cyber-attack. The first stage determines whether the system is under attack while the second stage identifies the target branch. Numerical simulations verify that FDI can cause severe system violations and demonstrate the effectiveness of the proposed two-stage FDI detection (FDID) method. It is concluded that the proposed FDID approach can efficiently detect FDI cyber-attack and identify the target branch, which will substantially improve operators situation awareness in real-time.