Dynamic Data Injection Attack Detection of Cyber-Physical Power Systems with Uncertainties

Understanding potential behaviors of attackers is of paramount importance for improving the cyber-security of power systems. However, the attack behaviors in existing studies are often modeled statically on a single snapshot, which neglects the reality of a dynamically time-evolving power system. Accordingly, a dynamic cyber-attack model with local network information is proposed to characterize the typical data injection attack with the integration of potential dynamic behaviors of an attacker. The proposed model collaboratively alters the meter measurement in a stealthy way to illegally contaminate the system state, thus posing severe threats to cyber-physical power systems. We then develop a novel anomaly detection countermeasure from the perspective of state estimation to effectively recognize the dynamic injection attack. In this countermeasure, an interval state forecasting method is proposed to approximate the possible largest variation bounds of each state variable based on a worst-case analysis considering the forecasting uncertainties of renewable energy sources, electric loads, and network parameter perturbations. In addition, the kernel quantile regression is introduced and implemented to formulate the uncertainties in renewable energy and electric load forecast as a series of confidence intervals. When any state variable falls outside its pre-forecasted intervals, the proposed countermeasure detects the anomaly and sets an alarm condition indicating the possibility of data contamination. Finally, the results from our extensive studies on several IEEE standard test systems have been presented to demonstrate the feasibility of the dynamic attack and the effectiveness of the detection countermeasure.