A Moving-target Cyber-Attack Detection Strategy for Large-scale Power Systems using Dynamic Clustering

TL;DR

This paper presents a dynamic clustering-based moving-target detection strategy for identifying cyber-attacks in large-scale power systems, enhancing security by adapting to system changes and detecting sophisticated threats.

Contribution

It introduces an active defense method utilizing dynamic clustering and moving-target principles to improve cyber-attack detection in power systems.

Findings

Effective detection of cyber-attacks even with attacker knowledge

Demonstrated success on IEEE 24-bus power system

Adaptive to system operating point variations

Abstract

In recent years, cyber-security of power systems has become a growing concern. To protect power systems from malicious adversaries, advanced defense strategies that exploit sophisticated detection algorithms are required. Motivated by this, in this paper we introduce an active defense method based on dynamic clustering. Our detection strategy uses a moving-target approach where information about the system's varying operating point is first used to cluster measurements according to their transfer function characteristics that change over time. Then, detection is carried out through series of similarity checks between measurements within the same cluster. The proposed method is effective in detecting cyber-attacks even when the attacker has extensive knowledge of the system parameters, model and detection policy at some point in time. The effectiveness of our proposed detection algorithm is demonstrated through a numerical example on the IEEE 24-bus power system.