101 research outputs found
Anomaly Detection and Mitigation for Wide-Area Damping Control using Machine Learning
In an interconnected multi-area power system, wide-area measurement based damping controllers are used to damp out inter-area oscillations, which jeopardize grid stability and constrain the power flows below to their transmission capacity. The effect of wide-area damping control (WADC) significantly depends on both power and cyber systems. At the cyber system layer, an adversary can inflict the WADC process by compromising either measurement signals, control signals or both. Stealthy and coordinated cyber-attacks may bypass the conventional cybersecurity measures to disrupt the seamless operation of WADC. This paper proposes an anomaly detection (AD) algorithm using supervised Machine Learning and a model-based logic for mitigation. The proposed AD algorithm considers measurement signals (input of WADC) and control signals (output of WADC) as input to evaluate the type of activity such as normal, perturbation (small or large signal faults), attack and perturbation-and-attack. Upon anomaly detection, the mitigation module tunes the WADC signal and sets the control status mode as either wide-area mode or local mode. The proposed anomaly detection and mitigation (ADM) module works inline with the WADC at the control center for attack detection on both measurement and control signals and eliminates the need for ADMs at the geographically distributed actuators. We consider coordinated and primitive data-integrity attack vectors such as pulse, ramp, relay-trip and replay attacks. The performance of the proposed ADM algorithms was evaluated under these attack vector scenarios on a testbed environment for 2-area 4-machine power system. The ADM module shows effective performance with 96.5% accuracy to detect anomalies.This is a manuscript of an article published as Ravikumar, Gelli, and Manimaran Govindarasu. "Anomaly Detection and Mitigation for Wide-Area Damping Control using Machine Learning." IEEE Transactions on Smart Grid (2020). DOI: 10.1109/TSG.2020.2995313. Posted with permission.</p
Hardware-in-the-Loop CPS Security Architecture for DER Monitoring and Control Applications
Deeper penetration of interoperable cyber-physical distributed energy resources (DER) and their utility-wide remote monitoring and control drastically increases cybersecurity attack surface. Utilities require to adopt the DER interconnection and communication standards to a range of autonomous, advanced and curve-based grid-support functions to securely monitor and control DER devices for ensuring power quality, voltage, and system frequency. In this paper, we present DER monitoring and control (DERMC) cyber-physical system (CPS) architecture including standard communication protocols such as IEEE 2030.5 [1] and discuss various stealthy cyber attack vectors that affect communications and operations of DER. We propose a hardware-in-the-loop (HIL) CPS security architecture and testbed design with industry-grade software and hardware systems and a real-time digital simulator for high-fidelity grid impact characteristic analysis against cyber attack vectors. We use the testbed to demonstrate impact characteristics for modified IEEE 13 bus system including 11 solar photovoltaic units. The experiments demonstrated significant results by 100% real-time performance and zero overruns.This is a manuscript of a proceeding published as Ravikumar, Gelli, Burhan Hyder, and Manimaran Govindarasu. "Hardware-in-the-Loop CPS Security Architecture for DER Monitoring and Control Applications." In 2020 IEEE Texas Power and Energy Conference (TPEC). (2020). DOI: 10.1109/TPEC48276.2020.9042578. Posted with permission.</p
CIM oriented graph database for network topology processing and applications integration
Scenario-based auto data generation framework using hardware-in-the-loop testbed for deep learning-based applications in DER distribution grid
The high penetration of Distributed Energy Resources (DERs) has significantly increased the complexity of modern power systems, as these systems now face challenges such as variability in generation, the need for dynamic load balancing, integration of intermittent renewable sources, and real-time data processing. Machine Learning (ML) and Deep Learning (DL) approaches have demonstrated their capabilities in forecasting, voltage control, and anomaly detection applications, enabling optimizing system performance, enhancing decision-making, and improving fault detection.
However, the effectiveness of ML/DL models heavily depends on the availability of high-quality datasets that are sufficient, diverse, and enriched with relevant features. Existing data generation approaches may not fully meet the requirements for ML and DL applications, as they lack scalability, flexibility, or the ability to capture diverse and sufficient scenarios. There is a need to generate datasets with sufficient diverse data and required features for ML/DL applications in power systems.
This thesis proposes a scenario-based auto-data generation framework for ML and DL applications in power systems. The framework ensures the generating datasets with diverse, sufficient and required features for power system applications. The Python script provides users dynamic control over parameters and signal configurations, allowing users to generate datasets aligned with specific ML and DL needs. The user models diverse scenarios, such as faults, cyberattack perturbations, etc., and API facilitates data acquisition and automates data generation. The framework is implemented on a Hardware-in-the-Loop (HIL) testbed using OPAL-RT, where various faults and cyberattacks are modeled on a DER-integrated distribution grid for anomaly detection application. A total of 339 datasets of fault and cyberattacks were generated and combined into a comprehensive anomaly detection dataset. We utilized the datasets generated by the scenario-based auto-generation framework to verify data sufficiency for anomaly detection using an LSTM-based model. The framework successfully identified anomalies, including faults and cyberattacks, achieving an accuracy of 99.01%. We outlined the data preprocessing steps, feature engineering techniques, model training processes, and evaluation metrics to develop a robust anomaly detection system
Efficient Modeling of IEC-61850 Logical Nodes in IEDs for Scalability in CPS Security Testbed
Graphics model for power systems using layouts and relative coordinates in CIM framework
Distributed Intrusion Detection System using Semantic-based Rules for SCADA in Smart Grid
Cyber-physical system (CPS) security for the smart grid enables secure communication for the SCADA and wide-area measurement system data. Power utilities world-wide use various SCADA protocols, namely DNP3, Modbus, and IEC 61850, for the data exchanges across substation field devices, remote terminal units (RTUs), and control center applications. Adversaries may exploit compromised SCADA protocols for the reconnaissance, data exfiltration, vulnerability assessment, and injection of stealthy cyberattacks to affect power system operation. In this paper, we propose an efficient algorithm to generate robust rule sets. We integrate the rule sets into an intrusion detection system (IDS), which continuously monitors the DNP3 data traffic at a substation network and detects intrusions and anomalies in real-time. To enable CPS-aware wide-area situational awareness, we integrated the methodology into an open-source distributed-IDS (D-IDS) framework. The D-IDS facilitates central monitoring of the detected anomalies from the geographically distributed substations and to the control center. The proposed algorithm provides an optimal solution to detect network intrusions and abnormal behavior. Different types of IDS rules based on packet payload, packet flow, and time threshold are generated. Further, IDS testing and evaluation is performed with a set of rules in different sequences. The detection time is measured for different IDS rules, and the results are plotted. All the experiments are conducted at Power Cyber Lab, Iowa State University, for multiple power grid models. After successful testing and evaluation, knowledge and implementation are transferred to field deployment
- …
