A novel trust-based false data detection method for power systems under false data injection attacks

A novel trust-based false data detection method for power systems under false data injection attacks

Accepted Manuscript A novel trust-based false data detection method for power systems under false data injection attacks Bin Xie, Chen Peng, Minjing ...
Download PDF
2MB Sizes 2 Downloads 128 Views
Report

Accepted Manuscript

A novel trust-based false data detection method for power systems under false data injection attacks Bin Xie, Chen Peng, Minjing Yang, Xiaobing Kong, Tengfei Zhang PII: DOI: Reference:

S0016-0032(18)30729-4 https://doi.org/10.1016/j.jfranklin.2018.10.030 FI 3712

To appear in:

Journal of the Franklin Institute

Received date: Revised date: Accepted date:

28 March 2018 10 September 2018 4 October 2018

Please cite this article as: Bin Xie, Chen Peng, Minjing Yang, Xiaobing Kong, Tengfei Zhang, A novel trust-based false data detection method for power systems under false data injection attacks, Journal of the Franklin Institute (2018), doi: https://doi.org/10.1016/j.jfranklin.2018.10.030

This is a PDF file of an unedited manuscript that has been accepted for publication. As a service to our customers we are providing this early version of the manuscript. The manuscript will undergo copyediting, typesetting, and review of the resulting proof before it is published in its final form. Please note that during the production process errors may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain.

ACCEPTED MANUSCRIPT

A novel trust-based false data detection method for power systems under false data injection attacks Bin Xiea , Chen Penga,∗, Minjing Yanga , Xiaobing Kongb , Tengfei Zhangc a School

of Mechanical and Electrical Engineering and Automation, Shanghai University, Shanghai, 200072, China of Control and Computer Engineering, North China Electric Power University, Beijing 102206, China c College of Automation, Nanjing University of Posts and Telecommunications, Nanjing 210023, China

CR IP T

b School

Abstract

This paper proposes a novel trust-based false data detection method for power systems under false data injection attacks (FDIAs). In order to eliminate the interference posed by false data to the power system in the state estimation process, a trust model is first established to estimate the reliability of the system bus. Then an algorithm

AN US

is proposed to update the bus trust value, when all the trust value of neighbour buses at one bus node are quite low, then this bus is diagnosed as a malicious node and the false data are detected. This method guarantees that the power systems can estimate the state accurately against FDIAs based on the trust of bus. The simulations on the benchmark IEEE 14-bus, IEEE 30-bus and IEEE 57-bus test systems are used to demonstrate the feasibility and effectiveness of proposed algorithm.

M

Keywords: Cyber-physical systems, Power systems, Trust-based false data detection, False data injection attacks

ED

1. Introduction

With the fast development of new technologies in sensor, computer, and communication networks, modern power systems become complicated CPS (Cyber-Physical Systems). The CPS gradually becoming an attractive attack

PT

target. Therefore, it is critical to assess and strengthen CPS security for future smart grid. The power systems are critical infrastructure in our society [2], thus attackers may attempt to manipulate sensor measurements, inject fake control commands, delay measurements and control commands, and resort to other malicious activities [1]. Now, the

CE

integration of CPS gives rise to cyber-attack threats in the power systems, which may result into power outages and system blackouts. Therefore, it is important to protect power system applications against such malicious action to

AC

maintain secure and reliable operation of the power grid. The main goal of the operator is to prevent the malicious damages, unauthorized access of electronic information and communication systems, and to ensure confidentiality, integrity, and availability [3]. Currently, the power systems are continuously monitored and controlled by EMS/SCADA (Energy Management

System and Supervisory Control and Data Acquisition) systems to keep the operating condition in a normal and secure state. As a typical CPS, the power grid integrates a physical power transmission system with the cyber computation and communication [4]. However, data attacks constructed by the intelligent attackers, such as false ∗ Corresponding

author:[email protected]

Preprint submitted to SI: Security & Privacy in CPS

January 3, 2019

ACCEPTED MANUSCRIPT

a

Attacker

z

h(x)

Control Center State Estimator

xˆ z  zˆ

r

Alarm!

Bad Data Detection

xˆ u*

Optimal Power Flow

Operator

CR IP T

Contingency Analysis

Power System

u

Fig. 1. State estimation under cyber attacks

data injection attacks can pass the traditional BBD (Bad Data Detect) detection in the estate estimation of the power systems [5]. As a result, the state estimator gets the wrong states, which may misleads the system operator

AN US

that can result in the performance degradation, and even touch off cascading failures. Therefore, it is crucial to ensure the security and reliability of that estimator [6, 7, 10].

In order to protect the power system operation and control against cyber attacks, various bad data detectors and mitigation methods have been proposed in the last decade. They include measurement or system state protectionbased methods [11, 12], sparse optimization or game methods [13, 14], false data detect methods [15, 16, 17], and

M

state estimation-based methods [18, 19, 20]. For example, a collaboration intrusion detection mechanism against false data injection attack is proposed in [16]. A robust security framework of the power systems is presented in [17] to study false data injection attacks. A generalized framework is proposed in [18] to study the vulnerability

ED

of the power systems to FDIAs. In [19] the authors comprehensively overviews the FDI attacks. By tracking the dynamics of probability distribution variation, a new detection approach is presented in [21] to detect the false data injection attacks. A resilient event-triggering H∞ load frequency control is proposed in [22] for multi-area power

PT

systems with energy-limited Denial-of-Service (Dos) attacks, event-triggered communication schemes are presented in [8, 9] to reduce the number of transmitted data. Moreover, the authors in [23, 24] use the data-driven methods in

CE

multi-mode process monitoring and fault detection, respectively. A subjective trust management model is proposed in [25]. To the best of our knowledge, the trust-based false data detection for power systems has not been well studied. This motivates us to carry out the current research.

AC

In this paper, we propose a novel trust-based false data detection method for a power system under false data

injection attacks (FDIAs). Different from some existing works, the method we considered is based on the trust of system bus. Fig. 1 shows the conceptual diagram of the power system state estimator under cyber attacks. The main innovation of the proposed method is to track the dynamics of measurements by calculating the trust value of bus between the neighbor buses. Trust value of bus can be calculated from the measurements by using the trust update algorithm. It is implied that when one bus associates all trust value to its neighbours are lower than the threshold which is predetermined, then the bus is assessed as a malicious node and the false data is detected. A weight of trust value calculated from the trust value of bus, is used to adjust the influence of newly

2

ACCEPTED MANUSCRIPT

j

i

bij

gij g si  jbsi

g sj  jb sj

Fig. 2. The Π-model of power systems

CR IP T



received measurement data from the control center. Since the buses with low trust values have little influence on

FDIAs.

AN US

the calculation of the state estimates, the accurate system state can be estimated under the studied systems with

The remainder of this paper is organized as follows: Section 2 introduces the background of power system state estimation, bad data detection, and FDIAs. The trust evaluation mechanism of system buses and trust model are proposed in Section 3. In Section 4, the power system trust update and false data detecting algorithm is proposed, and a state estimation method based on the trust of buses is presented. The simulation results are presented in

M

Section 5, and conclusions are drawn in Section 6.

ED

2. Preliminaries

In this section, the power flow model is first given. Then the method for the state estimation of power systems

PT

is discussed. 2.1. Power flow analysis

Suppose that the conductance is relative small compared to susceptance in the transmission line from buses i

CE

to j. Fig.2 illustrates the Π-model of the electric power system networks. Denote pij and qij as the real power and reactive power from i to j, respectively. The measurement values are related to the power system state thus the

AC

active power flow and reactive power flow from bus i to bus j can be expressed as follows [21]. pij = Vi2 (gij + gsi ) − Vi Vj [gij cos θij + bij sin θij ]

(1)

qij = −Vi2 (bij + bsi ) − Vi Vj [gij sin θij − bij cos θij ]

(2)

where each bus has its corresponding voltage Vi and phase angle θi . Assume that the power system has n buses and θ1 as reference (i.e., θ1 = 0), thus all phase angles are taken relatively to this bus. The number of states need to be estimated from the measures is 2n − 1 which is x = [θ2 , θ3 , · · · , θn , V1 , V2 , · · · , Vn ]T . The difference of voltage 3

ACCEPTED MANUSCRIPT

phase from bus i to j is θij , and θij = θi − θj . gij and bij denote the conductance and susceptance, respectively. Consider the active power Pi and reactive power Qi injected into bus i , the calculation equation of power injected thus can be described as Pi = Vi

X

Vj [Gij cos θij + Bij sin θij ]

(3)

X

Vj [Gij sin θij − Bij cos θij ]

(4)

Qi = Vi

j∈Ni

CR IP T

j∈Ni

where Ni is the neighborhood set of bus i, which consists of all buses directly connected to this bus. Gij +jBij is the line admittance between bus i and j, gsi(j) + bsi(j) is the admittance of the shunt branch at bus i(j). Without loss of generality, supposing that the difference of phase angles is very small between any pair of buses, i.e., θi − θj ≈ 0, the conductance gij is relative small compared to susceptance bij in the transmission line from buses i to j (gij ≈ 0), and neglecting all shunt elements and branch resistances, we can obtain

AN US

sin(θi − θj ) ≈ θi − θj ; cos(θi − θj ) ≈ 1;

(5)

Therefore, we can derive the Eq. (6) and (7) by introducing the approximation condition that θi − θj ≈ 0 and gij ≈ 0 to Eq. (1)-(4).

Vi Vj θij Xij

(6)

X Vj θij Xij

(7)

M

pij =

Pi = V i

j∈Ni

ED

where Xij denotes the reactance which is the reciprocal of susceptance bij . 2.2. Power System State Estimation under Attacks

PT

The main purpose of the state estimate is to estimate the system variables which are hardly measured or even unmeasured. Generally speaking, the states in a power system are the voltage magnitude and the phase angle of each bus. Let xi ≡ θi denote the bus phase angles, i ∈ (2, 3, · · · , n), and xi ≡ Vi denote the voltage magnitudes,

CE

i ∈ (n + 1, n + 2, · · · , 2n). The state estimate problem is to estimate the system state x = (x2 , x3 , · · · , x2n )T from the measurements z (z = (z1 , z2 , · · · , zm )T ), which are collected by SCADA from the field and are transmitted to

AC

the control center, where m >> 2n to ensure that there is high measurement redundancy and observe. Meanwhile, the other m − 2n measurements which can be used to identify bad data measurements. The m meter measurements

are the observed active power injections on buses and the observed active power flow on branches. (.)T denotes

the transpose of vectors or matrices. Generally, the power system AC model is following nonlinear mathematical dependencies h(x) between the measurement z and state x, thus one has z = h(x) + e

(8)

where z represents the sensor measurements and z ∈ Rm×1 , h(x) is a nonlinear relation between the measurement

vector z and the power system state vector x, h(x) = (h1 (x), h2 (x), · · · , hm (x))T , e is measurements error usually 4

ACCEPTED MANUSCRIPT

assumed that following Gaussian distributions with zero mean, i.e., e ∼ N (0, σ 2 ). In general, it is supposed that P the noise elements are independent, so the error covariance matrix e = W = diag{σ1 2 , σ2 2 , · · · , σm 2 }, where σi

is the standard deviation of each measurement i [26]. Thus, E(ei ) = 0, where i = 1, 2, · · · , m, E(ei ej ) = 0. The basic power system state estimation problem is to search the best 2n − 1 dimensional state x from the measurement equation (8). In the state estimator module, the optimization problems which estimate the appropriate state can be formulated as follows: x

(9)

CR IP T

1 kz − h(x)k22 σ2

arg min J(x) =

The residual r which corresponds to the difference between the received measurement z and the value for this measurements as a function of the estimate state h(ˆ x). r = z − h(ˆ x)

(10)

The problem stated in (9) can be solved iteratively by using the WLS (Weighted Least Squares).

AN US

Generally speaking, the bad data processing is ubiquitously employed in state estimation of the power systems. Since some meters can be corrupted by gross errors in various reasons such as FDIAs or failure of meters. Therefore, the BDD method is generally used by grid designers to identify and remove data measurements with gross errors [27]. For example, the chi-square (χ2 ) test is widely used to detect bad data measurements, which is based on the L2 norm of measurement residuals. It is usually assumed that measurement error follow a normal distribution

with zero mean and they are mutual independence, J (x) follows a χ2 distribution with a ψ degree of freedom,

M

where (ψ = m − 2n + 1). Considering a desired confidence level (e.g., 95%), we can get a threshold χ2(m−2n+1,p) by consulting the table of chi-square distribution. Due to the existence of measuring errors and disturbances cased by

ED

device malfunction or stealthy data attacks injection, so the measurement data z is usually not equivalent to the

PT

estimate magnitudes h(ˆ x) (i.e. z 6= h(ˆ x)). We made a definition for the largest normalized residual (LNR) as: LN R = kz − h(ˆ x)k22

(11)

The BDD is employed to determine whether the bad data is existence or not. Considering the binary hypothesis

CE

test

  H0 : LN R ≤ τ 2

 H1 : LN R > τ 2

(12)

AC

where τ is the BDD threshold which is computed for a given false alarm rate α, namely, P r{LN R > τ 2 } = α. H1 is accepted if bad data existence and rejected otherwise. In false data injection attacks, the adversary who has the knowledge of the network information of power system (e.g., topology and line paraments) can construct stealthy data attacks to bypass the BDD schemes. The following Theorem shows that a manipulated measurement vector za could not be detected by the classical BDD due to tha fact that the measurement residuals with false data injection attacks are the same as the measurement residuals with no false data injection attacks. Theorem 1. The malicious measurement data za could avoid the detection by the residual detector under the condition a = h(ˆ xa ) − h(ˆ x), if the original measurement z could bypass the `2 -norm detector. 5

ACCEPTED MANUSCRIPT

Proof. Because the original measurement z can bypass the `2 -norm detector, i.e. krk = kz − h(ˆ x)k ≤ τ holds. The `2 -norm of the attacked measurement residual ra is as follows kra k =kza − h(ˆ xa )k =kz + a − h(ˆ xa ) + h(ˆ x) − h(ˆ x)k

(13)

=kr + a − h(ˆ xa ) + h(ˆ x)

CR IP T

=krk ≤ τ Where a is attack vector, a = h(ˆ xa ) − h(ˆ x) and x ˆa = x ˆ + c.



It is found that the residual of the attack measurements (ra ) is the same as the one without any attack (r). Thus, the BDD schemes will invalid to detect data injection attack using the current statistical testing used in the state estimation process. In such a case, the system operator would mistake x ˆa for the valid estimate of state variables

AN US

x. Therefore, arbitrary errors can be injected into state estimation x ˆ without being detected. The stealthy data injection attack which will mislead system operator making the wrong operational decisions, or, worse still, result in disastrous consequences, for example, casing large area regional blackout in electric power systems. Another attack construct strategy of stealthy data injection is described as follows. kra k =kza − h(ˆ xa )k

(14)

ED

M

=kz + a − h(ˆ x + c)k     z1 h1 (ˆ x1 ) − k =k  z2 + a2 h2 (ˆ x1 , x ˆ2 + c)

=kz − h(ˆ x)k

=krk

Table 1

CE

Trust level of nodes

PT

where a2 = h2 (ˆ x1 , x ˆ2 +c)−h2 (ˆ x1 , x ˆ2 ). The variables with the subscript ’1’ correspond to the measurements data Table 2 Trust value of node v2

Trust value

Meaning

Ωi

Tin

Tout

Black − List

1

[0, ζ)

Malicious node

1

0.18

0.81

Yes

2

[ζ, 0.7)

Low trustworthy

3

0.25

0.89

Yes

3

[0.7, 1]

Trustworthy node

4

0.21

0.93

Yes

AC

Level

and state variables which are not altered by the attackers; variables with subscript ’2’ correspond to measurements and state variables that are altered [28]. Since the traditionally used BDD method is invalid, therefore, in the following section, a trust-based false data detection method will be proposed to deal with this case.

6

ACCEPTED MANUSCRIPT

3. Trust evaluation mechanism of system buses In this section, a trust model of network node is established, and trust evaluation mechanism of bus can be carried out according the long-term behavior characteristics of the system buses. 3.1. Trust model In this subsection, we present the credibility model based on graph theory, which is denoted as G = (V, E, T ).

CR IP T

Trust entity set is denoted as V = {v1 , v2 , · · · , vn }, where n is the number of bus in the power system. The smart grid is a highly disturbed network, which is deployed using a number of sensors in various of harsh environments. E is the set of edge, which present the relation on V , and |E| is the number of directed network links, where eij in E represents a directed edge from node vi to its neighbor node vj ; T : T (eij ) −→ R∈ [0, 1] denotes the trust value of each edge eij . The trust value is a real number between 0 and 1. The initial value of trust is Tmax = 1, it is

5

AN US

reasonably to suppose that the network nodes are all trustworthy at the beginning and the value is maximum. Bus index

1 Branch index

1

M

4 Meter measurement index 5 Branch flow measurement Bus injection measurement 2 1

3

5

1

2

2

5

3 4

6

ED

3

4

4

AC

CE

PT

Fig. 3. Example of a 5-bus power system

3

0.89

0.18 1

2 0.81

0.25 0.93 0.21

0.77 0.81 0.87

4

5

0.84

Fig. 4. Example diagram of 5-bus node trust

According to the above definition, the trust model of a power system can be represented as a directed weighted graph. As can be seen in Fig. 3 [29], there are 5-bus state nodes topology of power system, which can be transformed into directed weighted graph for ease of presentation in Fig 4. Represent the power system as a trust graph in 7

ACCEPTED MANUSCRIPT

which an edge represents a transmission line and a node as a bus. From Fig. 4, when false data injected in node 2, the trust value T12 , T32 , T42 is relative small correspondingly. In our trust model, T denotes for a bus’s trust value, which is defined in an interval with continuous range between 0 and 1 (i.e. 0 ≤ Tij ≤ 1), where the trust value 0 indicates that complete distrust, while the value 1 signifies absolute trust. A simple grading criteria for trust is defined and an example of node’s trust levels is listed in Table 1. A threshold value ζ is used to detect malicious node. That is to say, if the trust value of a node is

CR IP T

lower than ζ, it will be considered as malicious node by its evaluating node. Every bus in our model has its own trust table, such as Table 2 which is based on Fig. 4. In Table 2, the Ωi denotes the neighbor node of v2 that can communication and exchange information directly; Tin is the trust value that the neighbor node gets about node v2 ; Tout is the trust value that node v2 known about the neighbor; Black-List meaning that whether its neighbor consider v2 as a malicious node when the threshold ζ is set to 0.4 in this example. As can be seen in Fig. 4, when false data injected in node 2, the trust value of its neighbor node 1, 3, 4 is relative small (e.g. T12 = 0.18, T32 = 0.25,

AN US

T42 = 0.21). Therefore, according the trust value of evaluating node and node 2 exists in the black lists of all its neighbors can draw a conclusion that the node 2 is a malicious node.

4. Trust-based state estimation and FDIAs detection

In this section, a trust-based network node filtering scheme is presented in order to improve the security of the

M

state estimation process in the power system. This section is divided into three parts, first, a trust update scheme of node in the power systems is introduced. Second, a trust update and FDIAs detection algorithm is proposed. Third, the WLS state estimation is combined with the credibility update mechanism to ensure that the state buses

ED

with low credibility values have limited influence on the state estimation. 4.1. Trust update of system buses

PT

Due to the dynamic characteristics of node, which may receives the measured value from the fault devices, or may be tampered by the attacks. Therefore, the nodes need to execute an algorithm for updating the credibility

CE

value Tij . A novel trust-based method is proposed in this paper to reduce the influence of injected false data in bus. It is mentioned earlier that the node i receives the measurements data z from its neighbor node j, j ∈ Ωi , also, the node i receives the local estimation x ˆkj from its neighbors. The differences between the estimates of node

AC

i and j are denoted by ekij and can be shown as follows: ekij = x ˆki − x ˆkj

(15)

Correspondingly, the ekij can be equivalently written as ekij = ekj − eki

(16)

where eki = xki − x ˆki , ekj = xki − x ˆkj is the estimation error at nodes i and j, respectively. ekj −eki = xki − x ˆkj −(xki − x ˆki ) =

x ˆki − x ˆkj , so formulation (16) is equivalent to the (15). The statistics of vectors ekij are considered, which determine 8

ACCEPTED MANUSCRIPT

Algorithm 1 Trust value update and false data detection Input: input parameters τ1 , τ2 , α, Σ, Tmax , ζ, k Output: Trust value and the detection of false data attack 1:

while the new measurements data are existed do

2:

Compute the difference between estimates: ekij = x ˆki − x ˆkj Update the trust values:   min{T + τ , T ij 1 max } Tij =  max{T − τ , 0} ij 2

5:

6: 7: 8: 9: 10:

(ekij )T Σ−1 ekij ≤ χ2 (α)

(ekij )T Σ−1 ekij > χ2 (α)

if Tij < ζ, ∀j ∈ Ωi then False data detected

AN US

4:

CR IP T

3:

else Set k = k + 1 and go to step 2 return trust value

the reliability of the measurements data sent by its neighbors. The vector is defined by ek = (eki ), thus it can be

M

obtained that the vector ek has a multivariate normal distribution, since it is updated based on linear dynamics with initial state following normal distribution. Consequently, the vectors ekij follow multivariate normally distribution as

ED

well. It is easily to get that eki have zero means, therefore ekij have zero means also. It is derived that the confidence regions for ekij follow the Chi-square distribution. For a multivariate normally distributed vector x ,with mean µ

PT

and covariance Σ, the trust region

{x|(x − µ)T Σ−1 (x − µ) ≤ χ2 (α)}

(17)

where χ2 (α) is the chi-square distribution with n degrees of freedom and its value can be calculated at α. The

CE

trusty regions are different with the change of α. Therefore, the trust regions can be determined by choosing a suit α for estimating the actual state of power system accurately. The update mechanism of the trust value is based on whether the ekij is inside the trust region or not. In other

AC

words, when ekij is inside the credibility region determined by parameter α, the trust value Tij is increased, while ekij is outside the trust region, the trust value Tij is decreased. According to the aforementioned the update algorithm of the trust value, every time the error ekij lies in the trust

region(i.e. {x|(x − µ)T Σ−1 (x − µ) ≤ χ2 (α)}), the trust value Tij is increased by τ1 up to Tmax , while every time the

error ekij is outside of trust region, the trust value decreased by τ2 low to 0, where τ1 and τ2 are all positive value. It should be noted that even a bus in normal operation can has its decreased trust value. In order to reflect how close or far the errors from the trust regions, a good method is to choose the paraments reasonably. For example, if χ2 (α) is small compare to eTij Σ−1 eij , then τ2 should be chosen large as well, so that the correspondingly trust 9

ACCEPTED MANUSCRIPT

value is decreased rapidly. An incremental procedure for updating the trust values chose based on the paraments τ1 and τ2 . In such a case, the trust value calculation can be written as follows:   min{T + τ , T (ekij )T Σ−1 ekij ≤ χ2 (α) ij 1 max } Tij =  max{T − τ , 0} (ekij )T Σ−1 ekij > χ2 (α) ij 2

(18)

4.2. Trust-based FDI Detection

CR IP T

The detection and identification of false data injection attacks in power systems are presented in this subsection, which can be formulated as a trust-based evaluation problem. In the previous subsections we have shown how to compute the trust of system buses. In this subsection, we focus on the problem of detecting the presence of false data among the measurements at malicious node, and introduce an algorithm to detect the FDIAs with the detecting mechanism presented in Algorithm 1.

In Algorithm 1, the value of threshold α determines the false alarm and the missed detection. Obviously, if all

AN US

the trust value of the neighbour bus are lower to the predetermined threshold ζ, then the bus i shares the false data with its neighbours, namely, the false data is detected. How to theoretically determine the appropriate threshold of trust (ζ) is out of scope of this paper. For engineering applications, the threshold of trust may be easily determined based on samples of trials. 4.3. Trust-based distributed estimation

M

An estimation algorithm based on the credibility of node is proposed in this subsection. The trust value of node is presented in Algorithm 1 based on the trust of buses in the power systems. The weights of trust depended on the

ED

estimation x ˆki . A low value of the weight between node i and j means that node j has little influence on the node i during the process of state estimation. Therefore, it is meaningful to choose the weights wij to be proportionate

PT

to the credibility values Tij . The weights wij of credibility value is normalized so that they sum up to one, that is wij = P

Tij

j∈Ωi

Tij

(19)

CE

As the weights decrease with the trust values, so that nodes with small trust will have little influence in the computation of the local state estimations, and vice versa. The distributed estimation based on trust of node in the power system is presented in Algorithm 2. On the one hand, Algorithm 2 extends the view of node with respect

AC

to the smart grid by making the state estimation process. The way that through collaboration made the nodes can potentially have a more accurate estimation on the global state of the power system, which otherwise would be more difficult. On the other hand, the weights of trust value limit the influence of false data injection by updating the trust of node in their neighbors, according to their recorded behavior. The node has chosen randomly. Because the node of the power system its trust value all can be calculated. According to the trust value, the malicious node can be searched. On this basis, the state estimation process becomes more accurate and robust.

10

ACCEPTED MANUSCRIPT

Algorithm 2 State estimation based on trust value Input: τ1 , τ2 , Σ, α, R0 , x0 , Tmax , k Output: State estimation of bus: x ˆki 1:

Initialization: x ˆi = x0 , Ri = R0 , Tij = Tmax

2:

while the new measurements data are existed do

3:

Compute the gain matrix G(xki ): G(xki ) = H T (xki )R−1 H(xki )

5:

Compute tk :

6:

tk = H T (xki )R−1 [z − h(xki )] Compute increment ∆xki :

AN US

7:

CR IP T

4:

8:

∆xki = [G(xki )]−1 tk 9:

if max|∆xki | > εx then

10:

xk+1 = xki + ∆xki i Compute the errors between estimates: ekij = x ˆki − x ˆkj

12:

Update the trust values:

  min{T + τ , T ij 1 max } Tij =  max{T − τ , 0} ij 2

ED

13:

PT

14: 15:

CE

wij = P

21: 22:

Tij

j∈Ωi

19:

20:

(ekij )T Σ−1 ekij > χ2 (α)

Tij

Update the state of the node:

AC

18:

(ekij )T Σ−1 ekij ≤ χ2 (α)

Update the consensus weights

16:

17:

M

11:

x ˆk+1 = i

X

j∈Ωi

Set k = k + 1 and go to step 3 else End return state estimation value of system buses

11

wij xk+1 j

ACCEPTED MANUSCRIPT

Table 3 Statistics of power system test cases

# of branches

# of state variables

# of meter measurements

IEEE 14-bus

20

27

54

IEEE 30-bus

41

59

112

IEEE 57-bus

80

113

217

CR IP T

Case

THREE WINDING TRANSFORMER EQUIVALENT

G

GENERATORS

C

SYNCHRONOUS CONDENSERS

9

7

C

13

8

14 4 12 11 10

E

9

G

AN US

C

8

6

C

1

4

5

2

G

3

M

C

ED

Fig. 5. IEEE 14-bus power system model

5. Simulation

In this section, we test the proposed false data detection and state estimation strategy through extensive

PT

simulation using benchmark IEEE power systems, including the IEEE 14-bus, IEEE 30-bus and IEEE 57-bus systems. The statistics of these power system test case are presented in Table 3. To the best of our knowledge,

CE

there is no known publicly available real-world power system cyber attack data. Thus, realistic power system simulation is carried out by the use of MATLAB based on its simulation tool MATPOWER. The name of the source files for extracting the basic data from the power system are case14.m, case30.m and case57.m, respectively.

AC

MATPOWER is extensively used for obtain the power system data and presents a realistic simulation environment for the real world complex power systems [30]. In experiments, we simulate FDI attacks on power system state estimation using the AC power flow model. All the experiments are simulated and computed by MATLAB R2016a running on a laptop personal computer with an intel(R) core(TM) i5-2430M CPU at 2.4 GHz, 6GB of RAM memory, and 64-bit Windows operating system. First, the simulation results are conducted on the IEEE 14-bus power system model [31], as shown in Fig. 5. For ease of analysis, the power system model of IEEE 14-bus can be converted into the trust network graph, which is displayed in Fig. 6, where the color with red marked at bus 7 was injected false data by introducing

12

ACCEPTED MANUSCRIPT

T9, 14

3

,6 13

6

11

T11, 10 T10, 11

10

T

6,

T

5,

14

8

7,

T7, 8 T8, 7

5

6

T10, 9 9 T9, 10 7 T 9, 9 T 7, 7 T T

T4, 9 T9, 4

T 6, 1

T13, 14 T14, 13

13

T14, 9

T12, 13 T13, 12

T

T6, 12 T12, 6

12

4

CR IP T

T2, 3 T3, 2

2

T4, 3

T 2, 4 T 4, 2

4

T3, 4

,2

T2, 1 T1, 2 T2 T5 , 5

T5, 4 T4, 5

5

7

T1, 5 T5, 1

4,

1

3

Fig. 6. Trust network graph of IEEE 14-bus power system model

1

AN US

T94 ζ T87

0.9

T47

0.8

0.6 0.5

M

Trust value (Tij)

T97

0.7

0.4

ED

0.3 0.2

0

50

100 150 Iterations (k)

200

250

PT

Fig. 7. Performance of proposed algorithm 1 under FDIAS for IEEE 14-bus test power system

CE

malicious tempering measurement data z7 . Here, the voltage phase angles and voltage magnitudes as system state are obtained after an accurate state estimation are considered. The sensor measurements z is obtained from the power flow solution of the benchmark system using the MATPOWER. All the branch power flows (both input and

AC

output) and bus power injections have been considered to come into the measurement vector. It can be seen in Fig. 5, the IEEE-14 bus test system has 14 buses and 20 branches. Therefore, the total

measurements consist of 14 power injection sensors, 20 input power flow sensors, and 20 output power flow sensors (54 sensors in total). Similarly, the measurement sensor of IEEE-30 test system and IEEE-57 test system can be calculated in the same way and the statistics of power system test cases are shown in Table 3. Thus, the IEEE-14 bus system has 54 measurements (z1 , z2 , · · · , z54 ) and 27 states (θ2 , θ3 , · · · , θ14 , V1 , V2 , · · · , V14 ), which provides a degree of freedom of 27. Following a chi-square test considering 95% confidence level, the anomaly threshold for BDD module become 40.11 with the appropriately determined trust threshold ζ = 0.4 by samples of trials.

13

ACCEPTED MANUSCRIPT

1 T68

0.9

ζ T67

0.8

T57

0.6 0.5 0.4 0.3 0.2 0.1

0

50

100 150 Iterations (k)

200

CR IP T

Trust value (Tij)

0.7

250

AN US

Fig. 8. Performance of proposed Algorithm 1 under FDIAs for IEEE 30-bus test power system

1

T41 43

0.9

ζ T41 11

0.8

T43 11 T13 11

0.6

M

Trust value (Tij)

0.7

0.5 0.4

ED

0.3 0.2 0.1

0

PT

0

50

100 150 Iterations (k)

200

250

CE

Fig. 9. Performance of proposed Algorithm 1 under FDIAs for IEEE 57-bus test power system

When false data injected in power system, the simulation results of the detecting attack are presented in Fig.

AC

7. The trust value T87 , T47 , T97 are lower than the trust threshold ζ. Note that bus 7 at IEEE-14 test system has the neighbour buses 8, 4, 9, namely, its all neighbours are have low trust to it. Meanwhile, the trust value at bus 9 to one of its neighbour bus 4 is 0.8 that is higher than the trust threshold. Therefore, we can draw a conclusion that the bus 7 is injected false data, then the false data is detected. Similar simulation results were obtained in Fig. 8 and Fig. 9 when the false data attacks detection algorithm was employed on the IEEE 30-bus and IEEE 57-bus benchmark test systems. When false data injected at bus 7 in IEEE-30 test system, the trust value of its neighbours (T67 , T57 ) are all lower than the threshold 0.4, while the trust value bus 6 to one of its neighbour bus 8 is 0.85. In the same way, when the false data injected at bus 11 in IEEE-57 bus test system, the trust value its all

14

ACCEPTED MANUSCRIPT

1.11

0 Without FDIAs Injected FDIAs Proposed algorithm with FDIAs

1.1

−4

1.08

−6

1.07

θ in radians

1.06 1.05

−8 −10 −12

1.04

−14

1.03

−16

1.02 0

2

4

6 8 Bus number

10

12

−18

14

(a) The state estimate of voltage magnitudes

0

2

CR IP T

Voltage magnitudes (p.u.)

1.09

1.01

Without FDIAs Injection FDIAs Proposed algorithm with FDIAs

−2

4

6 8 Bus number

10

12

14

(b) The state estimate of phase angle

AN US

Fig. 10. Performance of proposed algorithm 2 under different scenes for IEEE 14-bus test power system

neighbours to bus 11 (T41 11 , T43 11 , T13 11 ) are all below the trust threshold as well. It is seen in Fig. 7, Fig. 8 and Fig. 9, the bus 7(11) is a malicious node because all neighbours have low trust to it, thus the FDIAs are detected. The simulation results illustrate that the power system state estimation Algorithm 1 which is based on the trust value of system buses are feasible and effective.

M

Under the normal operating conditions (without FDIAs scenario), the estimated power system states following the true states. An attacker is assumed to manipulate the measurement data at bus 7. Without FDIAs, injection

ED

FDIAs and proposed algorithm with FDIAs, such three scenarios corresponding simulation results illustrated in Fig. 10(a)-(b). From Fig. 10(a)-(b), when false data is injected in IEEE 14-bus system, the estimated states are too far from the true system state. After that, the following three cases are analysed. The voltage unit given in

voltage angles θi .

PT

per unit (p.u.) and the voltage angle in radians, to determine the state estimation in voltage magnitudes Vi and

CE

Case 1: When false data are injected at bus 7, the phase angles at bus 4, bus 7, bus 8, bus 9 are changed from θ4 = −10.940 to −9.232 radians, θ7 = −14.340 to −10.420, θ8 = −13.340 to −9.418, θ9 = −14.980 to −11.710, respectively.

AC

Case 2: When false data are injected at bus 7, the voltages at bus 4, bus 7, bus 8, bus 9 are changed from

V4 = 1.017 to 1.023, V7 = 1.061 to 1.065, V8 = 1.090 to 1.098, V9 = 1.055 to 1.061, respectively. Case 3: When false data are injected at bus 7, the proposed state estimation algorithm which is based on the

trust of the neighbor buses performed well and obtained the accurate system state which almost following the true states.

It is no surprising that the estimated states both phase angles and voltage magnitudes at adjacent buses

of the bus 7 (bus 4, 8, 9 were injected false data) were far from the original power system states. However, the accurate system states almost follow the true states when the proposed Algorithm 2 is applied. Therefore, the buses with low trust values which may be injected attack have little influence on the computation of the estimates where

15

ACCEPTED MANUSCRIPT

1.1

0 Without FDIAs Injected FDIAs Proposed algorithm with FDIAs

1.08

Without FDIAs Injection FDIAs Proposed algorithm with FDIAs

−2

1.06

−6 θ in radians

1.04

1.02

−8 −10 −12 −14

1 −16 0.98

0

5

10

15 Bus number

20

25

−18

30

0

(a) State estimate of voltage magnitudes

5

CR IP T

Voltage magnitudes (p.u.)

−4

10

15 Bus number

20

25

30

(b) State estimate of phase angles

AN US

Fig. 11. Performance of Algorithm 2 under different scenes for IEEE 30-bus test power system

1.1

0

Without FDIAs Injected FDIAs Proposed algorithm with FDIAs

1.08

−2 −4

M

1.02 1 0.98 0.96 0.94

10

20

30 Bus number

40

50

−8

−10 −12 −14 −16 −18 −20

60

PT

0

θ in radians

−6

1.04

ED

Voltage magnitudes (p.u.)

1.06

0.92

Without FDIAs Injection FDIAs Proposed algorithm with FDIAs

10

20

30 Bus number

40

50

60

(b) The state estimate of phase angles

CE

(a) The state estimate of voltage magnitudes

0

Fig. 12. Performance of Algorithm 2 under different scenes for IEEE 57-bus test power system

AC

the weighted of trust is adjusted in real time. Similar observations were made when performing experiments on the IEEE 30-bus and IEEE 57-bus benchmark

test systems which are plotted in Fig. 11(a-b) and Fig. 12(a-b), respectively. It can be seen in Fig. 11(a-b), when false data are injected at bus 7, the estimated states at the neighbour buses (bus 5 and 6), are deviated from the real states seriously. Moreover, when false data are injected at bus 11 in IEEE-57 test system, the estimated states at the adjacent bus (bus 13, 41, 43), are far from the original system states, which can be seen from Fig. 12(a-b). From Figs. 10, 11, and 12, not only the estimated system states of the neighbour buses at bus 7 (11) deviated from original system states greatly, but also the estimated state of other buses be affected correspondingly. Therefore,

16

ACCEPTED MANUSCRIPT

it is invalid to estimate the states of power systems by using the classical WLS when false data are injected at system buses. However, the accurate system states are obtained when the the proposed state estimation algorithm is employed.

6. Conclusion In this paper, a new detecting mechanism that exploits the trust value of system buses has been proposed to

CR IP T

detect FDIAs for AC power systems, and a state estimate algorithm has been presented as well based on the weight of trust at system bus. The main ideal of the detection method is that when all the trust value of neighbour buses to the bus are lower than one predetermined threshold, then the bus is estimated as a malicious node and false data attacks are detected. The proposed state estimation method is robust to FDIAs, since the bus with low trust values has little influence on the estimation of the power system states. Test results show that the proposed trust-based

AN US

method are capable of detecting FDIAS and estimating the power system state accurately.

7. Acknowledgment

This work was supported in part by the National Natural Science Foundation of China under Grants 61833011, 61673255, 61633016 and 61533010, the Outstanding Academic Leader Project of Shanghai Science under Grant

M

18XD1401600.

References

ED

References

[1] R. B. Bobba, K. M. Rogers, Q. Wang, H. Khurana, K. Nahrstedt, T. J. Overbye, Detecting false data injection

PT

attacks on dc state estimation, Preprints of the First Workshop on Secure Control Systems Cpsweek 2010, pp. 6–12.

CE

[2] C. Peng, J. Zhang, H. Yan, Adaptive event-triggering H∞ load frequency control for network-based power systems, IEEE Transactions on Industrial Electronics, 65 (2)(2018) 1685-1694.

AC

[3] I. Matei, J. S. Baras, V. Srinivasan, Trust-based multi-agent filtering for increased smart grid security, in: Control & Automation, 2012, pp. 716–721.

[4] Q. Yang, J. Yang, W. Yu, D. An, N. Zhang, W. Zhao, On false data-injection attacks against power system state estimation: Modeling and countermeasures, IEEE Transactions on Parallel & Distributed Systems 25 (3) (2014) 717–729. [5] Y. Liu, P. Ning, M. K. Reiter, False data injection attacks against state estimation in electric power grids, 2009, pp. 21–32.

17

ACCEPTED MANUSCRIPT

[6] M. A. Rahman, H. Mohsenian-Rad, False data injection attacks against nonlinear state estimation in smart power grids, in: Power and Energy Society General Meeting, 2013, pp. 1–5. [7] F. Liu, J. Huang, Y. Shi, D. Xu, Fault detection for discrete-time systems with randomly occurring nonlinearity and data missing: A quadrotor vehicle example, Journal of the Franklin Institute 350 (9) (2013) 2474–2493. [8] C. Peng, J. Zhang, and Q.-L. Han, Consensus of multi-agent systems with nonlinear dynamics using an inte-

Cybernetics: Systems, 2018, DOI: 10.1109/TSMC.2018.2814572

CR IP T

grated sampled-data-based event-triggered communication scheme, IEEE Transactions on Systems, Man, and

[9] C. Peng, S. D. Ma, X.P. Xie, Observer-based non-PDC control for networked T-S fuzzy systems with an event-triggered Communication, IEEE Transactions on Cybernetics, 47 (8)(2017)2279-2287.

[10] J. Zhao, G. Zhang, Z. Y. Dong, K. P. Wong, Forecasting-aided imperfect false data injection attacks against

AN US

power system nonlinear state estimation, IEEE Transactions on Smart Grid 7 (1) (2015) 6–8.

[11] S. Bi, Y. J. Zhang, Defending mechanisms against false-data injection attacks in the power system state estimation, in: IEEE GLOBECOM Workshops, 2011, pp. 1162–1167.

[12] R. Deng, G. Xiao, R. Lu, Defending against false data injection attacks on power system state estimation, IEEE Transactions on Industrial Informatics 13 (1) (2017) 198–207.

M

[13] L. Liu, M. Esmalifalak, Q. Ding, V. A. Emesih, Z. Han, Detecting false data injection attacks on power grid by sparse optimization, IEEE Transactions on Smart Grid 5 (2) (2014) 612–621.

ED

[14] M. Esmalifalak, G. Shi, H. Zhu, L. Song, Bad data injection attack and defense in electricity market using game theory study, Smart Grid IEEE Transactions on 4 (1) (2013) 160–169.

PT

[15] X. Liu, Z. Li, False data attacks against ac state estimation with incomplete network information, IEEE Transactions on Smart Grid 8 (5) (2017) 2239–2248.

CE

[16] X. Liu, P. Zhu, Y. Zhang, K. Chen, A collaborative intrusion detection mechanism against false data injection attack in advanced metering infrastructure, IEEE Transactions on Smart Grid 6 (5) (2015) 2435–2443. [17] K. Manandhar, X. Cao, F. Hu, Y. Liu, Detection of faults and attacks including false data injection attack in

AC

smart grid using kalman filter, Control of Network Systems IEEE Transactions on 1 (4) (2014) 370–379.

[18] J. Zhao, L. Mili, M. Wang, A generalized false data injection attacks against power system nonlinear state estimator and countermeasures, IEEE Transactions on Power Systems PP (99) (2018) 1–1.

[19] R. Deng, G. Xiao, R. Lu, H. Liang, A. V. Vasilakos, False data injection on state estimation in power systemsattacks, impacts, and defense: A survey, IEEE Transactions on Industrial Informatics 13 (2) (2017) 411–423. [20] F. Pasqualetti, R. Carli, F. Bullo, Distributed estimation via iterative projections with application to power network monitoring, Automatica 48 (5) (2012) 747–758. 18

ACCEPTED MANUSCRIPT

[21] C. Gu, P. Jirutitijaroen, M. Motani, Detecting false data injection attacks in ac state estimation, IEEE Transactions on Smart Grid 6 (5) (2015) 2476–2483. [22] C. Peng, J. Li, M. Fei, Resilient event-triggering H∞ load frequency control for multi-area power systems with energy-limited dos attacks, IEEE Transactions on Power Systems 32 (5) (2017) 4110–4118. [23] W. Du, Y. Fan, Y. Zhang, Multimode process monitoring based on data-driven method, Journal of the Franklin

CR IP T

Institute 354 (6) (2017) 2613–2627. [24] Z. Chen, S. X. Ding, H. Luo, K. Zhang, An alternative data-driven fault detection scheme for dynamic processes with deterministic disturbances, Journal of the Franklin Institute 354 (1) (2017) 556–570.

[25] H. Xia, Z. Jia, L. Ju, X. Li, Y. Zhu, A subjective trust management model with multiple decision factors for manet based on ahp and fuzzy logic rules, in: IEEE/ACM International Conference on Green Computing and

AN US

Communications, 2011, pp. 124–130.

[26] A. Anwar, A. N. Mahmood, M. Pickering, Modeling and performance evaluation of stealthy false data injection attacks on smart grid in the presence of corrupted measurements, Journal of Computer & System Sciences 83 (1) (2016) 58–72.

[27] J. Bae, S. Lee, Y. W. Kim, J. H. Kim, Protection strategies against false data injection attacks with uncertain

M

information on electric power grids, Journal of Electrical Engineering & Technology 12 (1) (2017) 19–28. [28] G. Liang, J. Zhao, F. Luo, S. R. Weller, Z. Y. Dong, A review of false data injection attacks against modern

ED

power systems, IEEE Transactions on Smart Grid 8 (4) (2017) 1630–1638. [29] S. Bi, Y. J. Zhang, Graphical methods for defense against false-data injection attacks on power system state

PT

estimation, IEEE Transactions on Smart Grid 5 (3) (2014) 1216–1227. [30] Z. H. Yu, W. L. Chin, Blind false data injection attack using pca approximation method in smart grid, IEEE

CE

Transactions on Smart Grid 6 (3) (2015) 1219–1226. [31] S. K. Singh, K. Khanna, R. Bose, B. K. Panigrahi, A. Joshi, Joint-transformation-based detection of false data

AC

injection attacks in smart grid, IEEE Transactions on Industrial Informatics 14 (1) (2018) 89–97.

19