Distributed detection and isolation of topology attacks in power networks

Abstract

This paper addresses the issue of detecting and isolating topology attacks in power networks. A topology attack, unlike a data attack and power injection attack, alters the physical dynamics of the power network by removing bus interconnections. These attacks can manifest as both cyber and physical attacks. A physical topology attack occurs when a bus interconnection is physically broken, while a cyber topology attack occurs when incorrect information about the network topology is transmitted to the system estimator and incorporated as the truth. To detect topology attacks, a stochastic hypothesis testing problem is considered assuming noisy measurements are obtained by periodically sampling a dynamic process described by the networked swing equation dynamics, modified to assume stochastic power injections. A centralized approach to network topology detection and isolation is introduced as a two-part scheme consisting of topology detection followed by topology isolation, assuming a topology attack exists. To address the complexity issues arising with performing centralized detection in large-scale power networks, a decentralized approach is presented that uses only local measurements to detect the presence of a topology attack. Simulation results illustrate that both the centralized and decentralized approaches accurately detect and isolate topology attacks.