Bad Data Injection in Smart Grid Attack and Defense Mec：壞數(shù)據(jù)注入在智能電網(wǎng)中的攻擊和防御機(jī)制

1、Bad Data Injection in Smart Grid: Attack and Defense MechanismsZhu HanUniversity of HoustonOverviewIntroduction to Smart GridPower System State Estimation ModelBad Data InjectionDefender Mechanism Quickest DetectionAttacker Learning SchemeIndependent Component AnalysisFuture WorkA Few Topics in Smar

2、t Grid Communication ConclusionsQuick View of Amigo Lab“Smarter Power GridSensing, measurement, and control devices with two-way communications between the suppliers and customers.Benefits both utilities, consumers & environment:Reduce supply while fitting demand Save money, optimal usage.Improve re

3、liability and efficiency of grid Integration of green energy, reduction of CO2 More than 3.4 billion from US federal stimulus bill is targeted.Obama stimulus planOne of hottest topic in research communityBut what are the problems from signal processing, communication and networking points of view?Sm

4、art GridAre more easily integrated into power sys. Less depend on fossil fuelConnect grid to charge overnight when demand is lowRealtime analysis, Manage, plan, and forecast the energy system to meets the needsCan generate own and sellback excess energyGather, monitor the usage so the supply more ef

5、ficiently and anticipate challenging peaksUse sophisticated comm. Technology to find/fix problems faster, enhancing reliabilityin-home management tool to track usageSupervisory Control and Data Acquisition CenterReal-time data acquisitionNoisy analog measurementsVoltage, current, power flowDigital m

6、easurementsState estimationMaintain system in normal stateFault detectionPower flow optimizationSupply vs. demandSCADA TX data from/to Remote Terminal Units (RTUs), the substations in the gridPrivacy & Security Concern More connections, more technology are linked to the obsolete infrastructure. Add-

7、on network technology: sensors and controls estimationMore substations are automated/unmannedVulnerable to manipulate by third partyPurposely blackout Financial gainStory of EnronHow to tackle this issue at this moment?Provide one example nextPower System State Estimation ModelTransmitted active pow

8、er from bus i to bus jHigh reactance over resistance ratioLinear approximation for small varianceState vector , measure noise e with covariance e Actual power flow measurement for m active power-flow branchesDefine the Jacobian matrix We have the linear approximation H is known to the power system b

9、ut not known to the attackersBad Data Injection and Detection State estimation from zBad data detectionResidual vector Without attackerwhereBad data detection (with threshold )without attacker: with attacker:otherwiseStealth (unobservable) attack: z=Hx+c+e, where c=HxHypothesis test would fail in de

10、tecting the attacker, since the control center believes that the true state is x + x.OverviewIntroduction to Smart GridPower System State Estimation ModelBad Data InjectionDefender Mechanism Quickest DetectionAttacker Learning SchemeIndependent Component AnalysisFuture WorkA Few Topics in Smart Grid

11、 Communication ConclusionsQuick View of Amigo LabBasics of Quickest Detection (QD)Detect distribution changes of a sequence of observations as quick as possible with the constraint of false alarm or detection probability. min processing time s.t. Prob(true estimated) ClassificationBayesian framework

12、: known prior information on probability SPRT (e.g. quality control, drug test, )Non-Bayesian framework: unknown distribution and no prior CUSUM (e.g. spectrum sensing, abnormal detection ) QD System Model Assuming Bayesian framework with non-stealthy attackthe state variables are random with The bi

13、nary hypothesis test:The distribution of measurement z under binary hyp: (differ only in mean) We want a detectorFalse alarm and detection probabilities Detection Model - NonBayesianNon-Bayesian approach unknown prior probability, attacker statistic modelThe unknown parameter exists in the post-chan

14、ge distribution and may changes over the detection process. You do not know how attacker attacks.Minimizing the worst-case effect via detection delay:We want to detect the intruder as soon as possible while maintaining PD.Actual time of active attackDetection timeDetection delayMulti-thread CUSUM Al

15、gorithmCUSUM Statistic: where Likelihood ratio term of m measurements:By recursion, CUSUM Statistic St at time t:Average run length (ARL) for declaring attack with threshold hHow about the unknown?Declare the attacker is existing!Otherwise, continuous to the process. Linear Solver for the UnknownRao

16、 test asymptotically equivalent model of GLRT:The linear unknown solver for m measurements:Recursive CUSUM Statistic w/ linear unknown parameter solve:Modified CUSUM statisticsThe unknown is no long involvedSimulation: Adaptive CUSUM algorithm2 different detection tests: FAR: 1% and 0.1%Active attac

17、k starts at time 5Detection of attack at time 7 and 8, for different FARsMarkov Chain based Analytical ModelDivide statistic space into discrete states between 0 and thresholdObtain the transition probabilitiesObtain expectation of detection delay, false alarm rate and missing probabilityOverviewInt

18、roduction to Smart GridPower System State Estimation ModelBad Data InjectionDefender Mechanism Quickest DetectionAttacker Learning SchemeIndependent Component AnalysisFuture WorkA Few Topics in Smart Grid Communication ConclusionsQuick View of Amigo LabIndependent Component Analysis (ICA)Linear Inde

19、pendent Component Analysisfind a linear representation of the data so that components are as statistically independent as possible.i.e., among the data, find how many independent sources.Question for bad data injection:Without knowing H, the attacker can be caught. Could attacker launch stealthy att

20、ack to the system even without knowledge about H?Using ICA, attacker could estimate H and consequently, lunch an undetectable attack. ICA BasicsA special case of blind source separationu = G vu = ui, i = 1, 2, m: observable vectorG = gij, i = 1, 2, m, j = 1, 2, n: mixing matrix(unknown)v = vi, i = 1

21、, 2, n: source vector (unknown)Linear ICA implementation: FastICA from HyvrinenStealth False Data Injection with ICASupposing that the noise is small, then we what to do the mapping:u = G v z = H xProblem: state vector x is highly correlatedConsider: x = A y, whereA: constant matrix that can be esti

22、matedy: independent random vectorsThen we can apply Linear ICA on z = HA yWe cannot know H, but we can know HAStealthy attack: Z=Hx+HAy+eNumerical Simulation SettingSimulation setup4-Bus test system, IEEE 14-Bus and 30-busMatpowerNumerical Results MSE of ICA inference (z-Gy) vs. the number of observ

23、ations (14-bus case).Performance of the AttackThe PDF is the same w or w/o attacking. So log likelihood is equal to 1 unable to detectOverviewIntroduction to Smart GridPower System State Estimation ModelBad Data InjectionDefender Mechanism Quickest DetectionAttacker Learning SchemeIndependent Compon

24、ent AnalysisFuture WorkA Few Topics in Smart Grid Communication ConclusionsQuick View of Amigo Lab1. Distributed Smart Grid State Estimation The deregulation has led to the creation of many regional transmission organizations within a large interconnected power system.A distributed estimation and co

25、ntrol is need .Distributed observability analysisBad data detectionChallenges:Bottleneck and reliability problems with one coordination center.Need for wide area monitoring and controlConvergence and optimality Fully-Distributed State EstimationWith N substations/nodesBy iteratively exchanging infor

26、mation with neighbors All local control center can achieve an unbiased consensus of system-wide state estimation.Local observation matrixUnknown StateLocal Jacobian matrixUseful information to be detected2. Optimality of Fault Detection Algorithm Detecting the attack as an intermediate step towards

27、obtaining a reliable estimate about the injected false dataFacilitates eliminating the disruptive effects of the false dataJoint estimation and detection problemDefine an estimation performance measure Seek to the optimize it while ensuring satisfactory of the detection performancePerformance measur

28、ement3. Manipulate Electricity Market Example: Ex Post MarketMarket that recalculate optimal points for generation and consumption based on real-time data Min : St:28Generation CostPower Balance Generation & Transmission limits 4. PMUPMU can measure voltage angle directlyDefender: placement problem,

29、 no need to place nearby Attackers new strategy with existence of PMU1625734PMUPMUPMUPMUPMUPMUPMU295. Game Theory Analysis(attacker,defender)NAN(0,0)(b,-b)D(c,-c)(-a,a)a, b, c tHow to formulate the game?A Few Topics in Smart Grid CommunicationsBad data injectionDemand side managementPeak to average

30、ratioScheduling problemRenewable energyThe renewable energy is unreliable. Have to use diesel generators during shortageNot cheap and not greenPHEV routing, scheduling and resource allocationCommunication link effect on the smart gridConclusionsBad data injection problem formulationFrom defender point of viewdetect malicious bad data injection attack as quick