Detection of false data injection attacks in smart grid cyber-physical systems

Abstract

Building an efficient, green, and multifunctional smart grid cyber-physical system (CPS) while maintaining high reliability and security is an extremely challenging task, particularly in the ever-evolving cyber threat landscape. This challenge is also compounded by the increasing pervasiveness of information and communications technologies across the power infrastructure, as well as the growing availability of advanced hacking tools in the hacker community. One of the most critical security threats in smart grid CPSs lies in the high-profile false data injection (FDI) attacks, where attackers attempt to inject either fabricated measurement data to mislead power grid state estimation & bad data detection or tampered command data to misguide power management & control. Accordingly, FDI attacks can be subdivided into false measurement data injection (FmDI) attacks and false command data injection (FcDI) attacks, respectively. Detection techniques for FDI attacks have been a significant research focus for smart grid CPSs to withstand these security threats and further protect the power infrastructure. However, conventional state estimation based bad data detection approaches have been proved vulnerable to the evolving FDI attacks. To meet this gap, this thesis introduces four creative research works to analyze and detect FDI attacks in smart grid CPSs. First, a stochastic Petri net based analytical model is developed to evaluate and analyze the system reliability of smart grid CPSs, specifically against topology attacks with system countermeasures (i.e., intrusion detection systems and malfunction recovery techniques). Topology attacks are evolved from FmDI attacks, where attackers initialize FmDI attacks by tempering with both measurement data and grid topology information. This analytical model is featured by bolstering both transient and steady-state analysis of system reliability. Second, a distributed host-based collaborative detection scheme is proposed to detect FmDI attacks in smart grid CPSs. It is considered in this work that phasor measurement units (PMUs), deployed to measure the operating status of power grids, can be compromised by FmDI attackers. Trusted host monitors (HMs) are assigned to each PMU to monitor and assess PMUs’ behaviors. Neighboring HMs make use of the majority voting algorithm based on a set of predefined normal behavior rules to identify the existence of abnormal measurement data collected by PMUs. In addition, an innovative reputation system with an adaptive reputation updating algorithm is designed to evaluate the overall operating status of PMUs, by which FmDI attacks as well as the attackers can be distinctly observed. Third, a Dirichlet-based detection scheme for FcDI attacks in hierarchical smart grid CPSs are proposed. In the future hierarchical paradigm of a smart grid CPS, it is considered that the decentralized local agents (LAs) responsible for local management and control can be compromised by FcDI attackers. By issuing fake or biased commands, the…