Malicious synchrophasor detection based on highly imbalanced historical operational data

Abstract

By maliciously manipulating the synchrophasors produced by phasor measurement units in power systems, cyber attackers can mislead the control center into taking wrong actions. From the viewpoint of machine learning, normal and malicious synchrophasors may exhibit different spatial distribution characteristics when mapped into a latent space. Hence, a malicious synchrophasor detector can be acquired by training a classification model with instances derived from historical operational synchrophasor data. However, malicious synchrophasors occur infrequently in practice. It is likely to incur a great deal of effort and may even introduce inevitable experience errors when extracting and labeling a sufficient number of malicious synchrophasors from historical operational data for training. For most existing detectors, if they are directly trained with highly imbalanced datasets, their performances may severely deteriorate. In this paper, a novel type of malicious synchrophasor detector is developed based on a combinatorial use of data rebalancing, Bagging-based ensemble learning, and the widely recognized eXtreme Gradient Boosting (XGBoost) classifier. Experiments show that although fewer malicious instances are provided, the proposed detector is still capable of detecting malicious synchrophasors.