Hybrid detection of intermittent cyber-attacks in networked power systems

Abstract

This article addresses the concept of a compound attack detection mechanism, that links estimation-based and set-theoretic methods, and is mainly focused on the disclosure of intermittent data corruption cyber-attacks. The detection mechanism is developed as a security enhancing tool for the load-frequency control loop of a networked power system that consists of several interconnected control areas. The dynamics of the power network are derived in observable form in the discrete-time domain, considering that an adversary corrupts the frequency measurements of certain control areas by means of a bias injection cyber-attack. Simulations indicate that an estimation-based detector is unable to discern an intermittent attack, especially when the latter one occurs at the same time as changes in the power load. The detector can be improved by exploiting the safe operation constraints imposed on the state variables of the system. It is shown that the disclosure of intermittent data corruption cyber-attacks in the presence of unknown power load changes is guaranteed only when the estimation-based detector is combined with its set-theoretic counterpart. To this end, a robust invariant set for the networked power system is computed and an alarm is triggered whenever the state vector exits this set. Simulations indicate that the above detectors can operate jointly in terms of a hybrid scheme, which enhances their detection capabilities.