A Stream Learning Approach for Real-Time Identification of False Data Injection Attacks in Cyber-Physical Power Systems

TL;DR

This paper introduces a real-time, data-driven framework for detecting, classifying, and mitigating false data injection attacks in power systems, enhancing system resilience against cyber-physical threats.

Contribution

It proposes a novel ensemble learning-based framework capable of real-time attack detection, classification, and control signal recovery under challenging conditions like concept drift and limited labeled data.

Findings

Effective detection of false data injection attacks in real-world power system data

Accurate classification of attack types using the proposed ensemble learner

Successful recovery of control signals, improving system stability

Abstract

This paper presents a novel data-driven framework to aid in system state estimation when the power system is under unobservable false data injection attacks. The proposed framework dynamically detects and classifies false data injection attacks. Then, it retrieves the control signal using the acquired information. This process is accomplished in three main modules, with novel designs, for detection, classification, and control signal retrieval. The detection module monitors historical changes in phasor measurements and captures any deviation pattern caused by an attack on a complex plane. This approach can help to reveal characteristics of the attacks including the direction, magnitude, and ratio of the injected false data. Using this information, the signal retrieval module can easily recover the original control signal and remove the injected false data. Further information regarding the attack type can be obtained through the classifier module. The proposed ensemble learner is compatible with harsh learning conditions including the lack of labeled data, concept drift, concept evolution, recurring classes, and independence from external updates. The proposed novel classifier can dynamically learn from data and classify attacks under all these harsh learning conditions. The introduced framework is evaluated w.r.t. real-world data captured from the Central New York Power System. The obtained results indicate the efficacy and stability of the proposed framework.