False Data Injection Cyber-Attack Detection
State estimation estimates the system condition in real-time and provides a base case for other energy management system (EMS) applications including real-time contingency analysis and security-constrained economic dispatch. Recent work in the literature shows malicious cyber-attack can inject false measurements that bypass traditional bad data detection and cause actual overloads. Thus, it is very important to detect such cyber-attacks. In this paper, multiple metrics are proposed to monitor abnormal load deviations and suspicious branch flow changes. A systematic two-stage approach is proposed to detect false data injection (FDI) cyber-attack. The first stage determines whether the system is under attack while the second stage identifies the target branch. Numerical simulations verify that FDI can cause severe system violations and demonstrate the effectiveness of the proposed two-stage FDI detection (FDID) method. It is concluded that the proposed FDID approach can efficiently detect FDI cyber-attacks and identify the target branch; furthermore, the associated false alarm rate and false dismissal rate are very low.
READ FULL TEXT