Unmasking Covert Intrusions: Detection of Fault-Masking Cyberattacks on Differential Protection Systems

IF 8.6 1区 计算机科学 Q1 AUTOMATION & CONTROL SYSTEMS
Ahmad Mohammad Saber;Amr Youssef;Davor Svetinovic;Hatem Zeineldin;Ehab F. El-Saadany
{"title":"Unmasking Covert Intrusions: Detection of Fault-Masking Cyberattacks on Differential Protection Systems","authors":"Ahmad Mohammad Saber;Amr Youssef;Davor Svetinovic;Hatem Zeineldin;Ehab F. El-Saadany","doi":"10.1109/TSMC.2024.3456810","DOIUrl":null,"url":null,"abstract":"Line current differential relays (LCDRs) are high-speed relays progressively used to protect critical transmission lines. However, LCDRs are vulnerable to cyberattacks. Fault-masking attacks (FMAs) are stealthy cyberattacks performed by manipulating the remote measurements of the targeted LCDR to disguise faults on the protected line. Hence, they remain undetected by this LCDR. In this article, we propose a two-module framework to detect FMAs. The first module is a mismatch index (MI) developed from the protected transmission line’s equivalent physical model. The MI is triggered only if there is a significant mismatch in the LCDR’s local and remote measurements while the LCDR itself is untriggered, which indicates an FMA. After the MI is triggered, the second module, a neural network-based classifier, promptly confirms that the triggering event is a physical fault that lies on the line protected by the LCDR before declaring the occurrence of an FMA. The proposed framework is tested using the IEEE 39-bus benchmark system. Our simulation results confirm that the proposed framework can accurately detect FMAs on LCDRs and is not affected by normal system disturbances, variations, or measurement noise. Our experimental results using OPAL-RT’s real-time simulator confirm the proposed solution’s real-time performance capability.","PeriodicalId":48915,"journal":{"name":"IEEE Transactions on Systems Man Cybernetics-Systems","volume":"54 12","pages":"7683-7696"},"PeriodicalIF":8.6000,"publicationDate":"2024-09-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Systems Man Cybernetics-Systems","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10687347/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"AUTOMATION & CONTROL SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

Line current differential relays (LCDRs) are high-speed relays progressively used to protect critical transmission lines. However, LCDRs are vulnerable to cyberattacks. Fault-masking attacks (FMAs) are stealthy cyberattacks performed by manipulating the remote measurements of the targeted LCDR to disguise faults on the protected line. Hence, they remain undetected by this LCDR. In this article, we propose a two-module framework to detect FMAs. The first module is a mismatch index (MI) developed from the protected transmission line’s equivalent physical model. The MI is triggered only if there is a significant mismatch in the LCDR’s local and remote measurements while the LCDR itself is untriggered, which indicates an FMA. After the MI is triggered, the second module, a neural network-based classifier, promptly confirms that the triggering event is a physical fault that lies on the line protected by the LCDR before declaring the occurrence of an FMA. The proposed framework is tested using the IEEE 39-bus benchmark system. Our simulation results confirm that the proposed framework can accurately detect FMAs on LCDRs and is not affected by normal system disturbances, variations, or measurement noise. Our experimental results using OPAL-RT’s real-time simulator confirm the proposed solution’s real-time performance capability.
揭开隐蔽入侵的面纱:检测对差分保护系统的故障掩盖网络攻击
线路电流差动继电器(LCDR)是一种高速继电器,逐渐被用于保护关键输电线路。然而,LCDR 容易受到网络攻击。故障掩蔽攻击 (FMA) 是一种隐蔽的网络攻击,通过操纵目标 LCDR 的远程测量来掩盖受保护线路上的故障。因此,这些故障不会被 LCDR 发现。在本文中,我们提出了一个检测 FMA 的双模块框架。第一个模块是根据受保护输电线路的等效物理模型开发的失配指数 (MI)。只有当 LCDR 的本地测量值和远程测量值出现明显不匹配,而 LCDR 本身未触发时,才会触发 MI,这表明存在 FMA。在触发 MI 后,第二个模块(基于神经网络的分类器)会立即确认触发事件是 LCDR 所保护线路上的物理故障,然后再宣布发生 FMA。我们使用 IEEE 39 总线基准系统对所提出的框架进行了测试。我们的仿真结果证实,所提出的框架能够准确检测 LCDR 上的 FMA,并且不受正常系统干扰、变化或测量噪声的影响。我们使用 OPAL-RT 实时模拟器的实验结果证实了所提出解决方案的实时性能。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
IEEE Transactions on Systems Man Cybernetics-Systems
IEEE Transactions on Systems Man Cybernetics-Systems AUTOMATION & CONTROL SYSTEMS-COMPUTER SCIENCE, CYBERNETICS
CiteScore
18.50
自引率
11.50%
发文量
812
审稿时长
6 months
期刊介绍: The IEEE Transactions on Systems, Man, and Cybernetics: Systems encompasses the fields of systems engineering, covering issue formulation, analysis, and modeling throughout the systems engineering lifecycle phases. It addresses decision-making, issue interpretation, systems management, processes, and various methods such as optimization, modeling, and simulation in the development and deployment of large systems.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信