Detection, differentiation and localization of replay attack and false data injection attack based on random matrix

Abstract

Replay attack and false data injection attack (FDIA) are two common types of cyber-attacks against supervisory control and data acquisition systems, aiming to disrupt the normal operation of the power system by falsifying meter measurements. In this paper, we proposed a systematic methodology to defend hybrid attack with both replay attack and FDIA. Specifically, we propose a detection method applying random matrix theory to: (1) detect the hybrid attack on static state estimation, and (2) distinguish FDIA from replay attack as well as localize falsified measurements. Firstly, short-term forecast on load and renewable power generation is conducted to obtain the predicted measurements. Secondly, random variables are calculated by differentiating the forecasting measurements and real-time measurements. A random matrix is consequently constructed with the above random variables. Thirdly, hybrid attacks are detected by the changes of the linear eigenvalue statistics of the random matrix obtained by the sliding time window. More importantly, a novel multi-label classifier to distinguish replay attack from FDIA is designed to localize FDIA by combining SVD decomposition and eigenvalue analysis with convolutional neural network (SVD-CNN). Finally, comprehensive simulations on the IEEE 14-bus system and IEEE 57-bus system are provided to validate the performance of the proposed method. It is shown that the proposed detection method has strong detection ability by filtering measurement noise. Moreover, the proposed SVD-CNN improves the accuracy in FDIA localization.