Detection, recognition, and localization of multiple attacks through event unmixing

Abstract

Security of large power systems is primarily focused on transient and dynamic stability, and intentional attacks generally fall within only a few types of influence upon the grid. Many of the scenarios manifest as equipment failures caused by physical damage, interruption of communication networks, and/or mis-feeding of information. Conventional power systems are designed to be robust to accidental failures. Nevertheless, under the post 9/11 environment, coordinated multiple strikes become a realistic threat. Therefore, an online system for multiple attacks detection, recognition, and localization is essential for providing accurate information to control and actuation. In this paper, we propose a novel conceptual framework, referred to as “event unmixing”, for the online analysis of multiple attacks, where we interpret the disturbance caused by multiple attacks as a linear mixture of more than one constituent root faults. By incorporating temporal stamps into the construction of an overcomplete dictionary, consisting of patterns of different root faults, we are able to detect, recognize and identify the starting time of each fault based on the concept of “event unmixing”. This is followed by the fault localization process by utilizing the starting time of each individual fault detected at different sensors based on the triangulation method. The proposed framework has been evaluated using both PSS/E simulated data and real data collected from the frequency disturbance recorders (FDRs) of the Frequency Monitoring Network (FNET). The experimental results demonstrate the effectiveness of the proposed framework for analysis of multiple attacks.