MISGUIDE: Security-Aware Attack Analytics for Smart Grid Load Frequency Control

TL;DR

MISGUIDE is a novel framework that analyzes and identifies optimal, stealthy false data injection attacks on smart grid load frequency control systems, considering complex dynamics and detection mechanisms.

Contribution

It introduces MISGUIDE, a defense-aware attack analytics tool that extracts verifiable attack vectors using optimization, addressing limitations of prior rule-based and ML-based methods.

Findings

Successfully identifies optimal attack vectors in real-world data

Validates attack vectors through hardware-in-the-loop simulations

Enhances understanding of attack detectability and timing

Abstract

Incorporating advanced information and communication technologies into smart grids (SGs) offers substantial operational benefits while increasing vulnerability to cyber threats like false data injection (FDI) attacks. Current SG attack analysis tools predominantly employ formal methods or adversarial machine learning (ML) techniques with rule-based bad data detectors to analyze the attack space. However, these attack analytics either generate simplistic attack vectors detectable by the ML-based anomaly detection models (ADMs) or fail to identify critical attack vectors from complex controller dynamics in a feasible time. This paper introduces MISGUIDE, a novel defense-aware attack analytics designed to extract verifiable multi-time slot-based FDI attack vectors from complex SG load frequency control dynamics and ADMs, utilizing the Gurobi optimizer. MISGUIDE can identify optimal (maliciously triggering under/over frequency relays in minimal time) and stealthy attack vectors. Using real-world load data, we validate the MISGUIDE-identified attack vectors through real-time hardware-in-the-loop (OPALRT) simulations of the IEEE 39-bus system.