Real-time data-assisted replay attack detection in wide-area protection system

The cyber-attack surface in the power grid has widened with the deployment of the wide-area monitoring, protection, and control (WAMPAC) system. Replay attacks are one of the most challenging attacks to detect in a WAMPAC system. The authors aim to address the problem of identification and repercuss...

Full description

Saved in:
Bibliographic Details
Published in:IET generation, transmission & distribution transmission & distribution, 2020-10, Vol.14 (19), p.4021-4032
Main Authors: Chougule, Minal, Soman, Shreevardhan A
Format: Article
Language:English
Subjects:
challenging attacks
continuous replay attacks
control system
cyber‐attack surface
phasor measurement
phasor measurement unit data
power engineering computing
power grids
power system control
power system faults
power system measurement
power system protection
security of data
Special Section: Next Generation of Synchrophasor-based Power System Monitoring, Operation and Control
time data‐assisted replay attack detection
WAMPAC system
wide‐area backup protection schemes
wide‐area monitoring
wide‐area protection schemes
wide‐area protection system
Citations: Items that this one cites
Items that cite this one
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The cyber-attack surface in the power grid has widened with the deployment of the wide-area monitoring, protection, and control (WAMPAC) system. Replay attacks are one of the most challenging attacks to detect in a WAMPAC system. The authors aim to address the problem of identification and repercussions of continuous replay attacks on wide-area backup protection schemes. The continuous replay attacks introduce a permanent lag in the phasor measurement unit (PMU) data. The authors classify such attacks into small, medium, and wide-scale based on the number of compromised substations. Furthermore, the signature of a replay attack is derived using a one-step-ahead prediction of PMU data. The resulting forecast error distributions are subsequently analysed using the Kullback–Leibler divergence metric. Results using field PMU data show that this method successfully distinguishes replay attacks from normal system operation and faults in the system. Therefore, the proposed scheme can be used to detect and mitigate the effects of replay attacks on wide-area protection schemes.
ISSN:1751-8687
1751-8695
DOI:10.1049/iet-gtd.2020.0215