From Static to Dynamic Anomaly Detection with Application to Power System Cyber Security
Kaikai Pan, Peter Palensky, Peyman Mohajerin Esfahani

TL;DR
This paper introduces a dynamic residual generator approach using robust optimization to detect stealthy multivariate cyber attacks in power systems, improving detection beyond static methods by capturing attack signatures in system dynamics.
Contribution
It develops a novel dynamic diagnosis filter based on robust optimization that detects multivariate attacks undetectable by static schemes, with scalable design methods and theoretical guarantees.
Findings
Successfully detects multivariate attacks on power system measurements.
Provides a convex reformulation with Nash equilibrium properties.
Demonstrates effectiveness on IEEE 39-bus system data.
Abstract
Developing advanced diagnosis tools to detect cyber attacks is the key to security of power systems. It has been shown that multivariate data injection attacks can bypass bad data detection schemes typically built on static behavior of the systems, which misleads operators to disruptive decisions. In this article, we depart from the existing static viewpoint to develop a diagnosis filter that captures the dynamics signatures of such a multivariate intrusion. To this end, we introduce a dynamic residual generator approach formulated as robust optimization programs in order to detect a class of disruptive multivariate attacks that potentially remain stealthy in view of a static bad data detector. We investigate two possible desired features: (i) a non-zero transient and (ii) a non-zero steady-state behavior of the residual generator in the presence of an attack. In case (i), the problem…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
From Static to Dynamic Anomaly Detection
with Application to Power System Cyber Security
Kaikai Pan, Peter Palensky, and Peyman Mohajerin Esfahani
Abstract.
Developing advanced diagnosis tools to detect cyber attacks is the key to security of power systems. It has been shown that multivariate data injection attacks can bypass bad data detection schemes typically built on static behavior of the systems, which misleads operators to disruptive decisions. In this article, we depart from the existing static viewpoint to develop a diagnosis filter that captures the dynamics signatures of such a multivariate intrusion. To this end, we introduce a dynamic residual generator approach formulated as robust optimization programs in order to detect a class of disruptive multivariate attacks that potentially remain stealthy in view of a static bad data detector. We investigate two possible desired features: (i) a non-zero transient and (ii) a non-zero steady-state behavior of the residual generator in the presence of an attack. In case (i), the problem is reformulated as a finite, but possibly non-convex, optimization program. We further develop a linear programming relaxation that improves the scalability, and as such practicality, of the diagnosis filter design. In case (ii), it turns out that the resulting robust program admits an exact convex reformulation, yielding a Nash equilibrium between the attacker and the residual generator. This assertion has an interesting implication: the proposed approach is not conservative in the sense that the additional knowledge of the worst-case attack does not improve the diagnosis performance. To illustrate our theoretical results, we implement the proposed diagnosis filter to detect multivariate attacks on the system measurements deployed to generate the so-called Automatic Generation Control signals in a three-area IEEE 39-bus system.
The authors are with the Delft University of Technology, The Netherlands (email: {K.Pan, P.Palensky, P.MohajerinEsfahani}@tudelft.nl).
1. Introduction
The digital transformation of our power system does not only lead to better observability, flexibility and efficiency, but also introduces a phenomenon that is new to power system controls: cyber security threats. NIST [7] defines five functions for protecting Information and Communication Technology (ICT): (i) Identify, (ii) Protect, (iii) Detect, (iv) Respond, (v) Recover. It would be naive to think an ICT system can be perfectly protected in order to address the issues raised by (iii)-(v). This paper focuses on (iii) Detection for supervisory control and data acquisition (SCADA) systems, which are in charge of transmitting measurement and control signals between power system substations and control centers. Such SCADA systems are notorious for being based on legacy ICT, and are a popular target for adversaries [13, 6] nowadays. The consequences of a successful attack on SCADA systems can be catastrophic to an economy and society in general [24, 17]. In this light, it is of utmost importance to detect these attacks and respond accordingly. Notably, if the malicious attacks can be detected sufficiently fast, the corrupted signals can be disconnected or corrected by resilient controls, preventing further severe damage [34].
Literature on anomaly detection
Traditionally, SCADA systems deploy bad data detection (BDD) to filter out possible erroneous measurements due to sensor failures or anomalies [33]. The BDD process captures only a snapshot of the steady states of system trajectories, and thus only exploits possible static impact of intrusions. Although this method can perform successfully in detecting basic attacks, it may fail in the presence of the so-called stealthy multivariate attacks that carefully launch synthesized false data injections given full knowledge of the system model [15].
It was first explored in [20] that such an attack can perturb the state estimation function without triggering alarms in BDD. Since then vulnerability and impact analysis of stealthy attacks on power systems have been a prominent subject in the literature. A typical notion to quantify the vulnerability to stealthy attacks is directly concerned with the level of efforts required to alter specific measurements [12, 27]. Without advanced diagnosis tools, tampering measurements remains undetected, causing state deviations, equipment damages or even cascading failures [18]. Techniques proposed to deal with stealthy attacks include statistical methods such as sequential detection using Cumulative Sum (CUSUM)-type algorithms [16], and measurements consistency assessment under certain observability assumptions [35]. A detection method that leverages online information is described in [3], which is applicable by ensuring the availability and accuracy of load forecasts and generation schedules. In [19], a mechanism is introduced to formulate the detection scheme as a matrix separation problem, but it only recovers intrusions among corrupted measurements over a particular period of time.
These techniques are essentially static detection methods that may be confined by certain prior assumptions on the distribution of measurement errors. Despite an extensive and ongoing literature focusing on the static part of BDD mechanism, the following question remains largely unexplored:
Would it be possible to detect stealthy multivariate attacks in a real-time operation by exploiting the attack impact on the dynamics of system trajectories during the transient?
The importance of an appropriate answer to this question has been reinforced thanks to recent advances in sensing technology in the modern power systems. Our main objective in this article is to address this question.
Related work
Detection methods concerning system dynamics have primarily emerged under the topic of fault detection and isolation filters. A subclass of these schemes is the observer-based approach applied initially to linear models [21]; see also [9] for a comprehensive summary of the large body of literature. The authors in [25] further extend the modeling framework to general linear differential-algebraic equations (DAEs), enhancing the applicability of such methods particularly for power system applications due to the common governing physical laws in this setting. Recently, a variant of observer-based methods is also investigated in [1] so as to deal with unknown natural exogenous inputs.
An inherent shortcoming of many observer-based approaches is that the degree of the resulting diagnosis filter is effectively the same as the system dynamics, which may yield an unnecessarily complex filter in large-scale power systems. To our best of knowledge, there are relatively much fewer studies in the literature on the design of the reduced-order observers where the conditions for a minimum order existence need to be satisfied [9, 10]. The closest approach in the literature is [23] where a scalable optimization-based filter design is developed for high-dimensional nonlinear control systems. However, the proposed method opts for mainly dealing with a single fault scenario, and may not be as effective in case of smart multivariate adversarial inputs.
An effective approach toward security and modeling the interaction between attackers and detectors builds on the rich framework of game theory. Recently, the authors in [32] propose a two player mixed strategy game to address a dynamic resource-planning problem between an attacker targeting the communication equipment and a defender protecting the control network. Similar frameworks have also been deployed to model the dynamics of information flow between an advanced persistent threat and a detector [30, 29].
Our contributions
The main objective of this article is to develop a diagnosis filter to detect multivariate data injection attacks in a real-time operation. For this purpose, considering a class of disruptive multivariate attack scenarios (Definition 2.5), we first characterize the attack impact on power system dynamics through a set of differential equations. Having transferred the dynamics into the discrete-time domain, we further restrict the diagnosis filter to a family of dynamic residual generators that entirely decouples the contributions of the attacks from the system states and natural disturbances. In order to identify an admissible multivariate attack scenario, we propose an optimization-based framework to robustify the diagnosis filter with respect to such attacks, i.e., aiming to design a filter whose residual (output) is sensitive to any plausible disruptive multivariate attacks. The main contributions of this article are as follows:
- (i)
Unlike the existing literature, we go beyond a static viewpoint of anomaly detection to capture the attack impact on the dynamics of system trajectories. To this end, we characterize the diagnosis filter design approach as a robust optimization program. It is guaranteed that while the filter residual is decoupled from system states and disturbances, it still remains sensitive to all admissible disruptive multivariate attacks even if the attacker has full knowledge about the diagnosis filter architecture (Definition 4.1 and the program (22)).
- (ii)
To detect attacks during the transient behavior, we reformulate the resulting robust program as a finite, possibly non-convex, optimization program (Theorem 4.3). To improve the scalability of the proposed solution, we further propose a linear programming relaxation which is highly tractable for large scale systems (Corollary 4.4). It is guaranteed that if the optimal value of the relaxed program is positive, the resulting diagnosis filter is able to detect any admissible disruptive attack scenarios, which may remain stealthy through the lens of a static detector.
- (iii)
We further explore the steady-state behavior of the diagnosis filter in the presence of a plausible attack scenario (Lemma 4.6). In this case, we develop an exact convex reformulation of the resulting robust program. As a byproduct, we show that the proposed solution is indeed a Nash equilibrium (saddle point) between the attacker and the residual generator (Theorem 4.7). An interesting implication of such a Nash equilibrium is that the information of the attack signal may not necessarily improve the performance of the diagnosis filter. In other words, if the proposed convex optimization fails to have a desirable feasible solution, it then implies that there exists a disruptive stealthy attack where the exact knowledge of the attack signal still does not help design a successful residual generator.
In addition to the above theoretical results, we validate the performance and effectiveness of the proposed diagnosis filter on a multi-area IEEE 39-bus system. Numerical results illustrate that the diagnosis filter successfully generates a residual “alert” in the presence of multivariate attacks that are stealthy in a static viewpoint, even in a noisy environment with imprecise measurements.
Section 2 introduces the problem of power system cyber security, and the challenges posed by multivariate attacks are highlighted. Section 3 discusses a model instance of power system dynamics under attacks on measurements. Our diagnosis filter design is proposed in Section 4 where an optimization framework is introduced, and numerical simulations are reported in Section 5.
Notation
The symbols , represent the set of real numbers and integers, respectively. Given a matrix , denotes its transpose, and the space represents its range space. Throughout the paper, the matrix is the identity matrix with an appropriate dimension. Given a column vector , denotes an diagonal matrix with the elements of vector sitting on the main diagonal and the rest of the elements being zero. We also denote by a block matrix whose main diagonal elements are the matrices . Given a vector , the associated norm is denoted by .
2. Problem Statement
2.1. Static detection and system modeling
For a power grid, measurements are collected by remote sensors and transmitted through a SCADA network. The typical BDD is conducted to detect the erroneous measurements at each time instance. We can see this as a static process: it only concerns the system states and measurements at time step , which can be described by
[TABLE]
where is the measurement matrix, and represents the data injection attacks on measurements. Note that the matrix characterizes which measurement is vulnerable to attacks. It is customary to define a residual signal for a static detector, , where denotes the estimated measurements. In the traditional weighted least squares estimation, the estimate of state is , assuming that has full column rank with high measurement redundancy. Then the measurements estimate is , and the residual signal can be further expressed as
[TABLE]
Such an anomaly detector has shown a good effectiveness in detecting erroneous data and basic attacks [8]. However, in the face of coordinated attacks on multiple measurements, this static detector can fail. In this article, motivated by this shortcoming, we take a dynamic design perspective where we shift the emphasis on an attack as a static process to its effects on power system dynamics. In particular, we opt for differentiating the attack impact on the systems trajectories from natural disturbances such as load deviations.
To model its impact on the dynamics, let us consider a more general modeling framework in Figure 1. The electrical grid is operated by a digital controller that receives measurements as inputs and sends control signals to the actuators through communication networks. These transmitted data are applied in discrete-time samples. On the power grid side, the input represents natural disturbances. On the controller side, a control signal is computed given the measurements . Note that with the closed-loop control, the corruptions on the measurements would affect the system dynamics. The dynamics of the closed-loop system is
[TABLE]
where , and are constant matrices. Let us highlight the difference between the dynamical system (3) and the respective static counterpart (1). In fact, the time independence of the first equation in (3) describes the dynamics of the system, while the algebraic equation (1) represents the relation on each time instance and describes a static relation between the states and outputs. The aim of this study is to exploit such dynamics information in (3) in order to design a diagnosis filter to detect stealthy multivariate attacks. To illustrate the attack impact on the system dynamics, we can simply consider the feedback controller as a linear operator such that where is a matrix gain. By defining the closed-loop system matrices and , we can reformulate (3) into
[TABLE]
Remark 2.1** (Dynamic feedback controller).**
The restriction to only a static feedback controller to transfer from (3) to (4) is without loss of generality. Namely, the proposed framework is rich enough to subsume a dynamic controller architecture as well. Indeed, when the controller has certain dynamics, it suffices to augment the system dynamics (3) with the controller states and outputs. We refer to Appendix 2.1, for such a detailed analysis.
Remark 2.2** (Attacks impact on the dynamics of system trajectories).**
In light of (4), matrices , capture the attack impact on the power system dynamics, mapping attacks to the system states and measurements respectively.
In the following, we show that the state-space description (4) is a particular case of DAE model. By introducing a time-shift operator : , one can fit (4) into
[TABLE]
where represents the unknown signals of system states and disturbances; contains all the available data for the operator. Let and be the dimensions of , . We denote as the number of rows in (5). Then are polynomial matrices in terms of the time-shift operator with rows and columns separately, by defining,
[TABLE]
2.2. Challenge: multivariate attacks
We start this subsection with an existing result characterizing the set of stealthy multivariate attacks that can bypass the static detector.
Lemma 2.3** (Stealthy attack values [20, Theorem 1]).**
Consider the measurement equation (1) and the static detector with the respective residual function (2). Then, an attack remains stealthy, i.e., it does not cause any additional residue to (2), if it takes values from the set
[TABLE]
One can observe that a stealthy attack described in (6) has the knowledge of the system model (1) through the range space of . That is, it represents a tampered value where can be any injected bias influencing certain sensor measurements. Such multivariate attacks would also challenge the detector design as they may neutralize the diagnosis filter outputs.
Assumption 2.4** (Stationary attacks).**
Throughout this article, we consider attacks that are time-invariant, i.e., for all ; for all . Namely, the attack occurs as a constant bias injection on measurements during the system operations at a specific unknown time instance , and it remains unchanged since then.
Advanced attacks also pursue a maximized impact on the system dynamics. Thus, an adversary would try to inject “smart” false data, possibly with large magnitudes, in such a way that it causes the maximum damage. The next definition opts to formalize this class of attacks.
Definition 2.5** (Disruptive stealthy attack).**
Consider a set of vectors representing a finite basis for the set of stealthy attacks (6), i.e., the set defined in (6) can equivalently be represented by
[TABLE]
We call a signal disruptive stealthy attack if its corresponding coefficients is a polytopic set, i.e., it belongs to
[TABLE]
where and are given matrices. We emphasize that the subsequent analysis and the proposed diagnosis filter design only rely on the convexity of the set . Namely, the choice (7) may be adjusted according to the application at hand, as long as the convexity of the set is respected.
3. Cyber Security of Power Systems: AGC modeling
In this section, we first go through a modeling instance of power system dynamics in the form of (4): Automatic Generation Control (AGC) closed-loop system under attacks. This model will be used to validate our diagnosis filter. Figure 2 depicts the diagram of a three-area IEEE 39-bus system. AGC is a feedback controller that tunes the setpoints of participated generators (e.g., G11 of Area 1) to maintain the frequency as its nominal value and the tie-line (e.g., L1-2 between Area 1 and 2) power as the scheduled one.
In the work of AGC, a linearized model is commonly used for the load-generation dynamics [28]. For a three-area system, the frequency dynamics in Area can be written as
[TABLE]
where is the frequency bias and represents the integral gain. Based on the equations (8), the linearized model of Area can be presented as the state equation
[TABLE]
where is the state vector; denotes load deviations. Recall Remark 2.1 that (9) is an augmented model for the closed-loop AGC system that consists of not only the electrical grid states (e.g., frequency, generator output and tie-line power) but also the controller state , i.e.,
[TABLE]
Besides in (9), is the system matrix of Area ; is a matrix whose only non-zero element is in row 1 or 2 and column 3; is the matrix for load deviations.
In addition to , we assume a measurement model with high redundancy that the measurements of each tie-line power () and the total tie-lines’ power (), the frequency (), each generator output () and the total generated power (), and the AGC controller output () are all available. Besides, vulnerabilities within SCADA networks may allow cyber intrusions. Thus the output equation is
[TABLE]
where is the system output and is the output tall-matrix with full column rank. Here denotes multivariate attacks and the matrix quantifies which output is attacked. In the aforementioned section, due to the feedback loop, attacks on the measurements would also affect the frequency dynamics. Hence the state equation (9) during attacks becomes
[TABLE]
where is the matrix that relates attacks to system states.
Using the state equations of each area, the continuous-time model of the three-area system can be obtained,
[TABLE]
where is the vector consisting of groups of dynamic states in each area; is the vector for all areas’ load deviations; denotes all the attack signals in the three-area, namely,
[TABLE]
In (11), is the closed-loop system matrix; , are constant matrices that relate load deviations and attacks to system states. For the three-area system, these matrices are
[TABLE]
We can also obtain the output equation of the system,
[TABLE]
where is the system output vector containing all the three areas’ outputs; is the output matrix; quantifies all the vulnerable signals. Similarly, these matrices are
[TABLE]
To obtain the sampled discrete-time model as (4), (11) and (12) must be discretized. We deploy a zero-order hold (ZOH)111The inputs signals and in (11) are assumed to be piecewise constant within the sampling periods. discretization for a given sampling period [26],
[TABLE]
Note that the attack matrix has the same matrix transformation as , resulting . The above approximation is exact for a ZOH and (13) corresponds to the analytical solution of the discretization. Therefore, the above model can be described in the form of (4) which again can be fitted into the DAE (5). In Appendix 2.2, we provide the detailed description of the involved parameters of the three-area 39-bus system as well as the attack scenarios on the AGC measurements.
4. Robust Dynamic Detection
4.1. Preliminaries for diagnosis filter construction
An ideal detection aims to implement a non-zero mapping from the attack to the diagnostic signal while decoupled from system states and disturbances, given the available data in the control center. In the power system dynamics described via a set of DAE, we restrict the diagnosis filter to a type of dynamic residual generator in the form of linear transfer functions, i.e., where is the residual signal of the diagnosis filter and is a transfer operator. Note that is associated with the polynomial matrix in (5). We propose a formulation of transform operator as
[TABLE]
where is a polynomial vector with the dimension of and a predefined order . To make physically realizable, stable dynamics with sufficient order need to be added as the denominator where all the roots are strictly contained in the unit circle. Note that, unlike the observer-based methods, here can be much less than the dimension of system dynamics. Then and are the two variables for a diagnosis filter design. By multiplying in the left of (5), we have
[TABLE]
where term in (14) is due to of system states and natural disturbances. Term is the desired contribution from the attacks . In view of this diagnosis filter description, we introduce a class of residual generator which is sensitive to disruptive stealthy attacks as defined in Definition 2.5.
Definition 4.1** (Robust residual generator).**
Consider a linear residual generator represented via a polynomial vector . This residual generator is robust with respect to disruptive stealthy attacks introduced in Definition 2.5 if
[TABLE]
where the basis matrix and the set are the same as the ones in Definition 2.5.
In the next step, we show that the polynomial equations (17) in Definition 4.1 can be characterized as a feasibility problem of a finite robust program.
Lemma 4.2** (Linear program characterization).**
Consider the polynomial matrices , and , where , , and are constant matrices. Then, the family of robust residual generators in (17) is characterized by
[TABLE]
where denotes the infinite vector norm, and
[TABLE]
Proof.
The proof follows a similar line of arguments as [23, Lemma 4.2]. The key step is to observe that , and . The rest of the proof follows rather straightforwardly, and we omit the details for brevity. ∎
4.2. Robust diagnosis filter: transient behavior
In light of (20), we can define a symmetric set for the design variable of the dynamic residual generator,
[TABLE]
The second constraint in the set is added to avoid possible unbounded solutions. To design a robust residual generator, we aim to find an that for all , (20) can be satisfied. To this end, a natural reformulation of the residual synthesis is to consider an objective function as the second quantity in (20) influenced by the parameters and the attacker action , i.e., . A successful scenario from an attacker viewpoint is to minimize this objective function given a residual generator. Therefore, we take a rather conservative viewpoint where the attacker may have complete knowledge of the system model and even the residual generator parameters, and exploits it so as to synthesize a stealthy attack. We then reformulate the diagnosis filter design as the robust optimization program,
[TABLE]
The optimal value of the robust reformulation (22) is indeed an indication whether the attack still remains stealthy in the dynamic setting, i.e., if then the optimal solution yields a diagnosis filter in the form of (4.1) which detects all the admissible attacks introduced in Definition 2.5. However, if , then it implies that for any possible detectors (static or dynamic) there exists a stationary disruptive attack that remains stealthy. In the next step, we show that the robust program (22) can be equivalently reformulated as a finite (non-convex) optimization problem.
Theorem 4.3** (Finite reformulation of (22)).**
The robust optimization (22) can be equivalently described via the finite optimization program
[TABLE]
where is an -valued auxiliary variable.
Proof.
See Appendix 1.1. ∎
The exact reformulation program (27) for (22) is unfortunately non-convex due to the bilinearity between the variables and in the first constraint. In the following corollary, we suggest a convex relaxation of the program by restricting the feasible set of the variable to a finite possibilities where in which the only non-zero element of the vector is the - element.
Corollary 4.4** (Linear program relaxation).**
Given , consider the linear program
[TABLE]
where is the ceiling function that maps the argument to the least integer. Then, the solution to the program (30) is a feasible solution to the exact robust design reformulation (27), and . In particular, if for any we have , then the solution to 30 offers a robust residual generator detecting all admissible disruptive attacks introduced by Definition 2.5.
Corollary 4.4 suggests that the maximum optimal value of and its corresponding provide a suboptimal solution to the original robust design (22).
We note that the focus of this article is on stationary (time-invariant) attacks. It is also important to highlight that the robust design perspective (22) allows the attacker to know the system model and filter parameters. In such a setting, the detection procedure could be much more difficult if the attacker would be able to dynamically adapt the attacks over the time, i.e., the attack signal is time-varying. In fact, in a multivariate attack scenario, one can construct a disruptive time-varying attack bypassing any linear residual generators. The next remark alludes more to this situation.
Remark 4.5** (Time-varying stealthy attacks).**
Consider a multivariate attack where each element is a time-varying signal . Then, the residual (14) can be rewritten as
[TABLE]
where represents the attack dynamics matrix. One can inspect that when the time-varying relation \sum_{i=1}^{n_{f}}\big{(}N(q)F_{i}f_{i}[\cdot]\big{)}[k]=0 holds for every , for instance when
[TABLE]
then the residual outcome (31) stays zero for all , and as such, the attack remains undetected.
The proposed robust design in (22) does not necessarily enforce a non-zero steady-state residual of the diagnosis filter under multivariate attacks. Namely, the design perspective of (22) focuses on detection of attacks during the transient behavior without any requirements on long-term behavior of the residual. Indeed, the residual signal may return to zero value after a successful reaction to the attack occurrence. A more stringent perspective is to require a non-zero steady-state behavior under any admissible attack scenario in . This extension is addressed in the next subsection.
4.3. Robust diagnosis filter: steady-state behavior
In order to design a diagnosis filter with non-zero steady-state residual “alert” when a multivariate attack occurs, the robust optimization (22) can be modified by a more conservative (smaller) objective function where
[TABLE]
A similar treatment as the preceding subsection can establish a framework for computational purposes. The next lemma follows similar objective as in Lemma 4.2 with a more demanding requirement of the non-zero long-term residual behavior.
Lemma 4.6** (Non-zero steady-state residual characterization).**
For the polynomial matrices , and as defined in Lemma 4.2, the family of dynamic residual generators with non-zero steady-state residual under multivariate attacks can be characterized by the algebraic relations
[TABLE]
where is defined in (32), and the matrices are as defined in Lemma 4.2.
Proof.
Recall that . Thus if , the diagnosis filter becomes . Note the steady-state value of the filter residual under attacks would be . Thus for the multivariate attack with , the steady-state value of the filter residual is . The proof concludes by noting that . ∎
In a similar fashion, the robust design perspective in (22) can be modified accordingly as
[TABLE]
Notice the relation between the new objective function with the absolute value and the one in (22) with the infinity-norm. As it appears in the next result, the new setting is in fact a restricted case of the finite reformulation in Theorem 4.3.
Theorem 4.7** (Residual long-term behavior: exact convex reformulation and Nash equilibrium).**
Consider the minimax counterpart of the program (22) as defined
[TABLE]
Each of the program (36) and (37) can be equivalently reformulated through the linear programs
[TABLE]
Proof.
See Appendix 1.2. ∎
It is worth noting the difference between the robust perspective of (36) versus the minimax program (37). While in the design perspective of (36) the filter is oblivious to the possible attack scenarios, in the perspective of (37) the filter is aware of the attack signal and opts to detect that particular signal in the presence of natural disturbances. Obviously, the former setting is the one closer to the reality and, in general, the knowledge of the attack signal should help the detection significantly. This observation can indeed be translated through the usual weak inequality of . However, Theorem 4.7 indicates that the filter performance, in view of the long-term behavior of the worst-case attack scenario, indeed does not depend on the exact knowledge of the attacker signal and the inequality holds as the equality. We summarize this discussion in the following remark.
Remark 4.8** (Nash equilibrium interpretation).**
If the linear programs (38d) (38i) admit a positive optimal value , then the resulting filter can detect all the admissible multivariate attacks described by Definition 2.5 along with a non-zero steady-state residual level. On the other hand, if the optimal values coincide with , it then implies that there is no linear filter being able to decouple the admissible attack with , the solution to (38i), from the natural disturbances in a long-term horizon.
5. Numerical Results
5.1. Test system and diagnosis filter description
In order to validate the effectiveness of the diagnosis filter with application to power system cyber security, we employed the IEEE 39-bus system which is well-known as a standard system for testing of new power system analysis. As shown in Figure 2, this system consists of 3 areas and 10 generators where 7 of them are equipped with AGC for frequency control. All the participating generators in each area are with equal participation factors. The total load of the three-area system is for the base of and . The generator specifications and AGC parameters of each area are referred to [4], and the linear frequency dynamics model has been developed in the preceding Section 3. Thus we result in a 19-order model in the form of (4).
We apply the diagnosis filter proposed in Section 4 to detect multivariate disruptive attacks on the measurements of AGC system. In the following simulations, we set the degree of the dynamic residual generator which is much less than the order of the dynamics model, the sampling time and the finite time horizon . To design the filter, we set the denominator in the form where is a user-defined variable acting as the pole of the transfer operator , and it is normalized in steady-state value for all feasible poles. The pole is set to be for a stable dynamic behavior at the beginning, and we have deployed the solver CPLEX to solve the corresponding optimization problems.
5.2. Simulation results
To evaluate the performance of the diagnosis filter, the disturbances are modeled as stochastic load patterns. To capture its uncertainty, as shown in Figure 3(a) and Figure 3(b), we mainly model in Area 1 as random zero-mean Gaussian signals. It should be noted that tie-line power flow measurements are much more vulnerable to cyber attacks, comparing with frequency measurements (e.g., the anomalies in frequency can be easily detected by comparing the corrupted reading with the normal one.) [5]. Therefore as indicated in Figure 2 we mainly focus on the scenario that there are 5 vulnerable tie-line power measurements, namely , , , and . Recalling Definition 2.5 for stealthy attack basis, thus there exist 3 basis vectors in the spanning set and we model them as follows: , , (all in ). Here each basis vector lies in the range space of the output matrix that the corrupted measurements still align with an actual physical state, bypassing the static detector . Furthermore, without loss of generality we set and in the set and in the set . The design variable of the robust residual generator is first derived by solving (22) through . The optimal value achieves maximum for that , which implies a robust detection during the transient behavior as Corollary 4.4. For the given , the multivariate attack coordinates are obtained by solving the inner minimization of (22). Next, we look into the steady-state behavior of the filter with the above sets and . For this, following Theorem 4.7 we solve (36) and (37) through the programs (38d) and (38i). It turns out that the derived optimal values satisfy the equality , indicating that the optimal multivariate attack with , the optimizer of the program (38i) and an optimal solution to (37), is a stealthy attack in the long-term horizon. We highlight that, thanks to the fact that the optimal values of the programs (38d) (38i) form a Nash equilibrium, even with the exact information of the stealthy attack coefficients , we still cannot decouple the long-term behavior of the residual from the natural disturbances; see Remark 4.8.
In the first simulation, we begin with a general scenario where the multivariate attack is not carefully coordinated, i.e., basic attack. Thus as shown in Figure 3(a), only 4 of 5 vulnerable measurements are compromised that , , and . Note that since the injected data on and are inconsistent, the static detector is also expected to be triggered. To test the detectors in a more realistic setup, we also consider the presence of process and measurements noises. The process noise term added to the state equation of Area 1 is zero-mean Gaussian noises with the covariance matrix , i.e., the covariance of the noise to the frequency is 0.009 and the covariance of other states’ noise is 0.03 [1]. Similarly, the measurement noise term added to the measurements of Area 1 is with the covariance matrix , i.e., the covariance of the frequency measurement is 0.009 and the covariance of other measurements’ noise is 0.03 [1]. Note the residue of BDD in (2) becomes under the noisy system. The attacks are launched at . In Figure 3(c) and Figure 3(e), results of the static detector in (2) and the proposed dynamic detector (diagnosis filter) are presented. Both detectors have succeeded to generate a diagnostic signal when attacks occurred, and the diagnosis filter residual is significantly decoupled from stochastic load disturbances, and keeps sensitive to the multivariate attacks for a successful detection under noisy system settings.
In the second simulation, to challenge the detectors, now the multivariate attacks have been launched on all the 5 vulnerable measurements and the derived attack coefficient from the optimization results has been used for a more intelligent adversary. Thus in Figure 3(b), the corruptions become , , , and . This corresponds to the worst case for the diagnosis filter that the adversary is given the knowledge of the residual generator’s parameter that it tries to minimize the payoff function over . Besides, the noisy system settings have been considered. Figure 3(d) and Figure 3(f) demonstrate all the simulation results. In Figure 3(d), the static detector becomes totally blind to the occurrence of such an intelligent attack. However, as we can see in Figure 3(f), even in the worst case, the diagnosis filter works perfectly well under the noisy system, generate a residual “alert” for the presence of multivariate attacks. We can also see that the residual output becomes close to zero value again after a successful detection during the transient behavior in Figure 3(f), which is consistent to the aforementioned result and Remark 4.8. These simulations also prove the effectiveness and robustness of the proposed diagnosis filter design.
5.3. Further discussions
In this section we elaborate several practical aspects of the proposed filter in the preceding section.
5.3.A. Diagnosis sensitivity to filter poles
While the denominator of the filter in (14) is chosen rather arbitrarily, up to a stability condition, the poles however has a significant impact on the residual sensitivity. As a general rule, the smaller the poles, the faster the residual responds, and the more sensitive the residual responds to model imprecision and noises. Simulation results in Figure 4 in Appendix 2.3 numerically illustrate this relation when the filter poles vary.
5.3.B. Other types of attacks
In addition to a smart multivariate measurement attacks, the main focus of this study, there are several other types of attacks that we briefly discuss in the following:
- •
Denial-of-service (DoS) attack: A type of availability attack where the attacker aims to prevent some specific data from being delivered to the respective destinations.
- •
Replay attack: A two-stage attack where the adversary gathers a sequence of data packets at stage 1, and then replays the recorded data afterwards at stage 2.
From a detection point of view, DoS attacks are trivially detectable without any sophisticated mechanisms as the absence of data is not stealthy. In the typical DoS attack modeling, the missing data is typically replaced with the last received ones [31]. In such a mechanism, the DoS can be treated as an “injection” attack. We investigate the performance of our filter in the presence of this class of attacks in Figure 5 in Appendix 2.3. Numerical results confirm that the proposed filter can successfully detect the DoS attacks. In regard with the replay attack, the articles [22, 14] offer sufficient conditions under which plausible attacks may remain stealthy irrespective of the detection mechanism providing that the attacker has access all the necessary data channels and excite attack of stage 2 at a suitable time.
5.3.C. Observer-based diagnosis filters
Another major technique for anomaly detection builds on observer-based techniques. In this view, the estimate of the system states, or in more general setting output observer, is a reference to alert the abnormality [11]. We close this section by a brief summary of the differences between these approaches and the one proposed in this study.
- •
The observer-based approaches typically yield diagnosis filters with higher dynamical system degrees than the approach proposed in this study. A low-order diagnosis filter is often more desired due to practical aspects of online implementation particularly for large-scale power systems.
- •
Observer-based diagnosis filters usually rely on a precondition of system observability. An extended version of such filters relaxes this condition to the so-called Luenberger-type conditions [2]. Our diagnosis filter, however, requires a weaker condition reflected through the feasibility condition of the resulting optimization programs, e.g., when the program (20) in Lemma 4.2 is feasible.
- •
Thanks to the optimization-based framework, unlike the observer-based approaches, we have a systematic approach to incorporate a multivariate attack scenario into the framework.
6. Conclusion
In this article, we investigated the problem of anomaly detection in the power system cyber security with a particular focus on exploiting the dynamics information where tempering multiple measurements data may be possible. Our study showed that a dynamical perspective to the detection task indeed offers powerful diagnosis tools to encounter attack scenarios that may remain stealthy from a static point of view. The effectiveness of this result was validated by simulations in the IEEE 39-bus system. Future research directions that we envision include an extension to nonlinear systems, as well as a setting exposed to the “dynamic” (time-variant) attacks in Remark 4.5, as opposed to the linear models and stationary attack scenarios studied in this article.
Appendix I: Technical Proofs
1.1. Proof of Theorem 4.3
Let us recall that , and as such, the payoff function of the robust reformulation (22) is where . By introducing an auxiliary variable in the simplex set , one can rewrite as
[TABLE]
In this light, the original robust strategy (22) can be equivalently described via
[TABLE]
Note that given a fixed the inner minimax optimization is indeed a bilinear objective in the decision variables and the respective feasible sets and are convex. Since one of the sets, , is also compact, then the zero-duality gap holds. Therefore, interchanging the optimization over and yields
[TABLE]
The inner minimization of (39) is a (feasible) linear program. We can use the duality again. To this end, let us assume that the decision variables and are fixed and consider the Lagrangian function
[TABLE]
where optimizing over an unconstrained variable becomes
[TABLE]
Using the above characterization as the most inner optimization program in (1.1) leads to
[TABLE]
It then suffices to combine maximizing over the auxiliary variable together with the variables and to arrive at the main result in (27).
1.2. Proof of Theorem 4.7
We first prove the convex reformulation. For a given , the inner minimization of (36) can be translated as
[TABLE]
The Lagrangian of the inner minimization reads as
[TABLE]
Optimizing over the variables yields
[TABLE]
Then, combining maximization over the auxiliary variables , , together with the variable arrives at the optimization program,
[TABLE]
Note that the actual program (38d) is a restriction of (50) where the variables and are restricted to and . Next, we show that this restriction is indeed without loss of generality. To this end, suppose the tuple (, , , ) is an optimal solution to the program (50). Note that the optimal variables and may satisfy one of the following three properties:
- (i)
: In this case, , and therefore the optimal value . This optimal solution can be trivially achieved in the program (38d) by setting .
- (ii)
: Observe that the tuple \big{(}\beta_{0}^{{}^{\prime}}=1, , , \lambda^{{}^{\prime}}={\lambda^{\star}}/{(\beta_{0}^{\star}-\beta_{1}^{\star})}\big{)} is a feasible solution with the objective value . Since by optimality assumption and , then this feasible solution has a possibly higher optimal value, and therefore . That is, and .
- (iii)
: Following similar steps as the previous case together with the symmetric property of the feasible set , one can show that the optimal value of the program (50) also coincides with the restricted version in (38d).
This concludes the proof of the convex reformulation from (36) to (38d). In regard with the minimax problem (37), let us recall the symmetric property of the feasible set in the variable . With a fixed , the inner maximization can be directly formed as whose Lagrangian becomes
[TABLE]
Optimizing over the variable leads to
[TABLE]
Thus, combining minimization over the auxiliary variables together with the variable , the minimax optimization (37) can be reformulated as the linear program (38i).
Finally, we show that the solution to programs (38) indeed forms a Nash equilibrium between the programs (36) and (37). Thus far, we have reformulated maximin and minimax problems as linear programs (38). The idea is to show that these programs have the same optimal values. In fact, we show that the programs are dual of each other, and that the strong duality holds when both programs are feasible. To this end, we resort to the duality of (38d) with the Lagrangian
[TABLE]
Optimizing over the variables , yields
[TABLE]
It is not difficult to see that the above program coincides with the program (38i); this concludes the proof.
Appendix II: System Parameters & Added Simulation Results
2.1. Dynamic Feedback Controller Modeling
Consider a dynamical system (e.g., the electrical power system studied in Section 3). Suppose the control signal is implemented as a dynamic feedback controller described by the discrete-time dynamics
[TABLE]
where the input is the dynamical system measurements , the output the control signal , and the internal state of the controller is denoted by . When an attack occurs on the measurements, it affects the dynamics of the controller and consequently the involved physical system. To study the control dynamics together with the original dynamical system, one can augment the states of the system (3) together with the controller’s as . Assuming that the control signal can also be measured, one can also introduce an augmented measurement signals as . Following this procedure, the dynamics of the closed-loop system is described by
[TABLE]
where the involved matrices are defined as
[TABLE]
In this view, the augmented system (51) shares the same structure as (4) studied in the main part of the article for the case of static feedback controller.
2.2. AGC Parameters of the three-area 39-bus system
In this subsection we provide the involved matrices and parameters of the three-area 39 system. We take the model description of Area 1 in the three-area system in Figure 2 of Section 3 as an instance,
[TABLE]
[TABLE]
As we have assumed a measurement model with high redundancy, the matrix for Area 1 becomes
[TABLE]
In Area 1, the vulnerable measurements to cyber attacks are the ones of tie-line power flows , and . Thus the AGC signal would be corrupted into
[TABLE]
Then the parameters regarding multivariate attacks are
[TABLE]
[TABLE]
2.3. Additional simulation results
In Figure 4 we present the simulation results of the residual signal from the proposed diagnosis filter under different poles (, respectively). We also show the simulation results of the residual signal from the proposed diagnosis filter under DoS attacks in Figure 5.
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1[1] A. Ameli, A. Hooshyar, E. El-Saadany, and A. Youssef , Attack detection and identification for automatic generation control systems , IEEE Transactions on Power Systems, (2018), p. 1.
- 2[2] V. Andrieu and L. Praly , On the existence of a kazantzis–kravaris/luenberger observer , SIAM Journal on Control and Optimization, 45 (2006), pp. 432–456.
- 3[3] A. Ashok, M. Govindarasu, and V. Ajjarapu , Online detection of stealthy false data injection attacks in power system state estimation , IEEE Transactions on Smart Grid, 9 (2018), pp. 1636–1646.
- 4[4] H. Bevrani , Robust Power System Frequency Control , Power Electronics and Power Systems, Springer, 2008.
- 5[5] C. Chen, K. Zhang, K. Yuan, L. Zhu, and M. Qian , Novel detection scheme design considering cyber attacks on load frequency control , IEEE Transactions on Industrial Informatics, 14 (2018), pp. 1932–1941.
- 6[6] T. M. Chen and S. Abu-Nimeh , Lessons from stuxnet , Computer, 44 (2011), pp. 91–93.
- 7[7] C. Cybersecurity , Framework for improving critical infrastructure cybersecurity version 1.1 , tech. rep., National Institute of Standards and Technology, Apr. 2018.
- 8[8] R. Deng and H. Liang , False data injection attacks with limited susceptance information and new countermeasures in smart grid , IEEE Transactions on Industrial Informatics, (2018), p. 1.
