Attack and Defense Mechanisms for State Estimation in Smart Grid Mohammad Esmalifalak Supervisor:...

Attack and Defense Mechanisms for State Estimation in Smart Grid

Mohammad EsmalifalakSupervisor: Dr. Zhu Han

ECE Department

OverviewOverview

Introduction to Smart Grid

Power System Model

Bad Data Injection

- Independent Component Analysis

- False Data in Electricity Market

Bad Data Injection Detection

- Anomaly Detection and Support Vector Machine

- Gaming Between Attacker and Defender

Future Work

[2]Mohammad Esmalifalak – PhD Thesis Defense

Smart Power GridSmart Power Grid

Smart way of generation, transmission, and consumption of electricity

Benefits both utilities, consumers, & environment:– Reduce supply capacity while fitting demand.

– Improve reliability and efficiency of grid.

– Integration of green energy, reduction of CO2, etc.

More than 3.4 billion from US federal stimulus bill is targeted.

One of hottest topic in research community

Let’s view how everything is connected graphically!


Smart Grid IllustrationSmart Grid Illustration

[4]

Conceptual diagram in smart grid, “ITERES SMART GRID”

Renewable Energies

Control Center

Communication Channels

Bulk Storage(PEV, etc.)

Mohammad Esmalifalak – PhD Thesis Defense

Power System MonitoringPower System Monitoring

State Estimation (SE): Estimation of states over the power grid using redundant measurements.

[5]

How does control center conduct SE?

Supervisory Control and Data Acquisition (SCADA) system

MeasurementsCommunication(DNP3)

Remote Terminal Unit Control Center


State Estimation (SE)State Estimation (SE)

[6]

SE is vulnerable to cyber attack

Communication could be wireless (e.g., radio, and pager) or wired (e.g., Dial-up telephone, RS-485 multi-drop, 3G, and Ethernet).

These communication links are vulnerable to cyber attack.

Maroochy waste water utility

Unauthorized access to the controlsystem via an insecure wireless network.

Olympic pipeline company

A system administrator was doing development on live SCADA


OverviewOverview


Power System Model

Bad Data Injection






Future Work


Linear State Estimation ModelLinear State Estimation Model

Transmitted active power from bus i to bus j

)sin( jijiijij VVBP

[8]

eHxz )( jiijij BP

Linear approximation for small variance:

Tnx ],...,[ 1

jBGy ijijij

iii VV jjj VV

zHHHx eT

eT 111 )(ˆ

H: Jacobean Matrix (m×n) x: State variable (n×1)z: Measurements (m×1) e: Noise vector (m×1)

(m measurements for n buses and, m>>n)


Suseptance

Bad Data Detection Bad Data Detection

Conventional bad data detection using largest residue:– Residual vector

where

Conventional BDD:

without bad data:

with bad data:

)(ˆ MzHzxHzr

miri ,...,1)max(

111 )( eT

eT HHHHM

[9]

miri ,...,1)max(

CxxreCxHz i 00 )max()(

Cx 0

Stealth (unobservable) attack

Hypothesis test would fail in detecting the attacker, since the control center believes that true state is


Independent Component Analysis (ICA)Independent Component Analysis (ICA)

[10]

Given

nmnmm

nn

hhz

hhz

11

11111

jij and h Define t independen be should s' all ICA, use order toIn j

GyHAyzHz

1n 1k(k<n)

A statistical technique for decomposing a complex signal into independent sub-parts.

If attacker doesn’t have access to Matrix H?


How ICA works?How ICA works?

[11]A. Hyvärinen and E.Oja, “Independent Component Analysis: Algorithms and Applications.”

Gyz WzzGy 1

yqGywzwb TTT One of the independent components of y

If b wants to be one of independent components of the y

q should have only onenon-zero component

If q has more than one non-zero component, y will be more

Gaussian (Central Limit Theory)

Find the best W, which maximizes the non-Gaussianity

of zwT

kurtosis or the fourth-order cumulant, Negentropy

Simulation ResultsSimulation Results

[12]

MSE of ICA inference (z - Gy) vs. SNR.

When SNR is high (40dB) the MSE is as low as 10e-4

Probabilities of detection for Different Schemes

Detection of stealth attack with conventional BDD is impossible


OverviewOverview


Power System Model

Bad Data Injection






Future Work


Electricity Market OverviewElectricity Market Overview

[14]

Predicted values for power network

DCOPF for Day-Ahead Electricity

Market

AheadDayLMP

AheadDayDispatch

Direct Measurements

in power network

State Estimation

DCOPF for Real-Time Electricity

Market

AheadDayDispatch

TimealLMP Re

Optimal Power Flow

(OPF)

Bid’s from Generators and loads, Structure of network, etc

Electricity Prices, Schedule for generators


Electricity Markets in USElectricity Markets in US

[15]

Federal Energy Regulatory Commission (FERC)


Day-Ahead Electricity Market Day-Ahead Electricity Market

1-Day Ahead Market:Market that computes optimal points for generation and

consumption (usually a day before real time)

Min :

St:

I

iii PgC

1

*)(

LlFFF

IiPgPgPg

LdPg

lll

iii

k

jj

I

ii

,...,1

,...,1max*min

max*min

1

*

1

*

[16]

Generation Cost

Power Balance

Generation & Transmission Limits


Real-Time Electricity Market Real-Time Electricity Market

2-Real Time Market:Market that recalculate optimal points for generation and

consumption based on real-time data

Min :

St:

I

iiii PgPgC

1

* )(

LlFFF

IiPgPgPg

PPg

lll

iii

I

iL

I

ii

,...,1

,...,1max*min

maxmin

11

[17]

Generation Cost

Power Balance

Generation & Transmission Limits

Mohammad Esmalifalak – Thesis Defense

Changing Congestion Changing Congestion

[18]

300MW

10$

14$

15$

30$

35$

Brighton600MW

Sundance200MW

Solitude520MW

B1

B4

B3

B2

B5

300MW

300MW

Z1

Z2

Z4

Z5

Z9

Z3

Z6

Z7Z8Z10

Z11

Increase or decreaseEstimated transmitted power

Stealth attack also is limited(Expert engineers)

Put higher cost for secure measurements


Decreasing Congestion Decreasing Congestion

[19]

Inserting false data will release the congestion in Line 29

Releasing congestion will change the prices


Virtual trade in Day ahead

Release congestion in ex-post real time market

Making profit in Real time market

OverviewOverview


Power System Model

Bad Data Injection






Future Work


21

Principle Component Analysis Principle Component Analysis

cm

cm

bm

bm

am

am

ccbbaa

t

yxyxyx

yxyxyx

Z 111111

c

a

mth sample

1st sample


PCAb

22

Visualizing the Operational PointsVisualizing the Operational Points

m

t

Z

Z

Z 1

)( nmmth sample

1st sample

Power system measurements are correlated and can be compressed efficiently.


ij

ij

kP

PZ

Transmitted active power

Injected active power

23

IEEE 118 Bus Test SystemIEEE 118 Bus Test System

Normal Operating Points

Attacked Points


24

Anomaly DetectionAnomaly Detection

In data mining, the data sets considerably different fromthe remainder of data are called outliers or anomalies.

Statistical characteristics of the historical data

Probability density function of feature i


?

25

Anomaly DetectionAnomaly Detection


Smaller threshold Larger threshold Best threshold

Alarms anomaly even for some normal operating points

Misses some anomaly operating points

Uses training data set to learnthe best possible threshold

Semi-supervised learning: Although choosing the threshold without training set is possible, for best results in the test sets, we can use training set to learn best threshold.

26

Clustering MethodsClustering Methods

Normal Operating Points

Attacked Points

Line outage

Generator outage

Clustering methods like, Support Vector Machine (SVM)


27

Support Vector Machine Support Vector Machine


-1

1 -1

1

28

Clustering MethodsClustering Methods


Precision Recall

With almost 390 training samples, SVM can learn this clustering problem.

0 100 200 300 400 500 600 700 800 900 10000

0.2

0.4

0.6

0.8

1

1.2

Number of Training Samples

F1

Sco

re

Training Accuracy

CV Accuracy

OverviewOverview


Power System Model

Bad Data Injection






Future Work


Attacker and Defender Gaming Attacker and Defender Gaming

[30]

Attacker/Defender cannot attack/defend all measurements Game

7,3 8,2

4,6 5,5

Defender

Attacker

Game table for attacker and defender


Two–Person Zero–SumTwo–Person Zero–Sum

[31]

Proportion of times that attacker/defender, attack/defend to/from measurements, respectively


Conclusion Conclusion

[32]

• Application of cyber technologies improves the quality of monitoring and decision making in smart grid but increases the cyber attack vulnerability.

•Vulnerabilities:Having access to measurements’ data reveals the structure of network [4].Attacker has financial benefit from attacking measurements [3].

• Protection: Learning Normal operating region of Power Network by machine learning techniques (such as anomaly detection and SVM) [2].Analyzing the behavior of attacker and defender using game theory [1].


Future WorkFuture Work

[33]

Using data mining to extract information from the smart meters’ large data set and transform it into an understandable structure for control center

Analyzing new types of attack (Economical and technical effects).

Protection against the new types of malware that are recently being introduced ( for e.g. Stuxnet, Zeus, etc).

Developing new defend mechanisms (Using signal processing or machine learning methods).


Privacy of the data. Public acceptance of the smart meters of the smart meters needs solid security investigations.

Affordable global communication infrastructure and embedded systems make it now relatively easy to give incentives to the loads and changetheir behaviors (demand side management).

Publication ListPublication List

[34]

[1] M. Esmalifalak, H. Nguyen, R. Zheng, L. Xie, L. Song, and Z. Han, “Stealthy Attack Against Electricity Market Using Independent Component Analysis” Submitted to IEEE Journal on Selected Areas in Communication (J-SAC)

[4] Y. Huang, M. Esmalifalak, Y. Cheng, H. Li, K. A. Campbell, and Z. Han, Adaptive Quickest Estimation Algorithm for Smart Grid Network Topology Error," to appear, IEEE Systems Journal, Special Issue on Smart Grid Communications Systems.

[5] M. Esmalifalak, G. Shi, Z. Han, and L. Song “Bad Data Injection Attack and Defense in Electricity Market using Game Theory Study” to appear IEEE Transactions on Smart Grid, Special Issue on Cyber, Physical, and System Security for Smart Grid.

[6] N. Forouzandehmehr, M. Esmalifalak, A. Mohsenian, and Z. Han, “A Dynamic Game for Demand Side Management of Smart Building with Renewable Energy Resource” Submitted to, IEEE Transaction on Smart Grid.

[7] Y. Huang, M. Esmalifalak, H. Nguyen, R. Zheng and Z. Han, “Bad Data Injection in Smart Grid: Attack and Defense Mechanisms” to appear, IEEE Communication Magazine (COMMAG-11-00367).

Journal/Magazine Papers


[2] M. Esmalifalak, N. Nguyen, R. Zheng, and Z. Han, “Detecting Stealthy False Data Injection Using Machine Learning in Smart Grid” Submitted to IEEE Transactions on Smart Grid.

[3] L. Liu, M. Esmalifalak, and Z. Han “Protection Against False Data Injection Attacks in Power Grids via Sparsity and Low Rank”, Submitted to, IEEE Transaction on Smart Grid.

Publication ListPublication List

[35]

[1] M. Esmalifalak, N. Nguyen, R. Zheng, and Z. Han, “Detecting Stealthy False Data Injection Using Machine Learning in Smart Grid” submitted to GLOBCOM 2013, Atlanta, GA, 2013.

[2] L. Liu, M. Esmalifalak, and Z. Han “Detection of False Data Injection in Power Grid Exploiting Low Rank and Sparsity”, IEEE International Conference on ommunications, Budapest, Hungary, June 2013

[3] M. Esmalifalak, G. Shi, Z. Han, and L. Song “Attack Against Electricity Market–Attacker and Defender Gaming”, IEEE Global Communications Conference Exhibition Industry Forum (Globecom 2012), Anaheim, USA, Dec. 2012.

[4] M. Esmalifalak, Z. Han, and L. Song “Effect of Stealthy Bad Data Injection on Network Congestion in Market Based Power System” IEEE Wireless Communications and Networking Conference , Paris, France, Apr. 2012. (Best Paper Award)

[5] M. Esmalifalak, H. Nguyen, R. Zheng and, Z. Han, “Stealth False Data Injection using Independent Component Analysis in Smart Grid,” Second IEEE Conference on Smart Grid Communications (IEEE SmartGrid Comm), Brussels, Belgium, Oct. 2011.

Conference Papers


[36]

Thanks for Your Attention


Attack and Defense Mechanisms for State Estimation in Smart Grid Mohammad Esmalifalak Supervisor:...

Documents

Transcript of Attack and Defense Mechanisms for State Estimation in Smart Grid Mohammad Esmalifalak Supervisor:...