Stealthy False Data Injection Attack Detection in Power Transmission System Using Security Analytics
[Thesis]
Ashrafuzzaman, Mohammad
Sheldon, Frederick T.
University of Idaho
2020
186 p.
Ph.D.
University of Idaho
2020
The electric smart grid, a critical national infrastructure and among the largest and most complex cyber-physical systems, is under constant and multifarious threat of cyber-attacks. State estimation (SE) is at the foundation of a series of critical control processes in a power transmission system. A sophisticated cyber-attacker can intelligently change the values in the measurement matrix used to compute state estimation. These data integrity attacks can potentially disrupt the critical control processes, adversely affecting a power system operationally and economically. Stealthy false data injection (SFDI) attacks against SE cannot be detected by the conventional bad-data detection mechanisms. In this dissertation, a security analytics framework to detect SFDI attacks on static SE measurement data is presented. A threat model that identified three possible attack models was developed, and synthetic datasets corresponding to these attack models were generated for standard IEEE 14-bus and 57-bus systems. After normalizing and reducing the number of features in the datasets, a number of supervised, unsupervised, and stacking ensemble machine learning models were trained and tested for model selection. Through the model selection process, including hyper-parameter tuning and cross-validation, trained models were identified that can detect the SFDI attacks accurately and reliably. Evaluation of the models using standard metrics shows that supervised artificial neural networks with four hidden layers and 1200 hidden units per layer can detect 98.24% of the attacks with a false alarm rate of 1.25%. Among the unsupervised models, elliptic envelope performs the best with 73% detection rate with 3% false alarm rate. It was also found that the detection rate is the same for all the machine learning methods for all the six datasets corresponding to different attack models and bus systems. The core contributions of this dissertation are the demonstration that a machine learning based security analytics framework can successfully detect the SFDIA attacks and the identification of artificial neural network with the right set of hyper-parameter values as the best performing model. Additional contributions include a survey and a taxonomy of false data injection attacks on different parts of the power grid for the first time in the literature, an exhaustive survey of machine learning based approaches for detecting SFDI attacks, implementation of a software for running the machine learning models, and identification of a number of research ideas based on this research.