Non-Intrusive Hybrid Two-Stage Detection of Dynamic Attacks in Wide-Area Damping Controller Using Autoencoder and Unscented Kalman Filter with Unknown Input Estimation

IF 6.1 1区工程技术 Q1 ENGINEERING, ELECTRICAL & ELECTRONIC

Journal of Modern Power Systems and Clean Energy Pub Date : 2025-04-22 DOI:10.35833/MPCE.2024.000946

Abhishek Saini;Hussain M. Mustafa;Pratyasa Bhui;Anurag K. Srivastava

{"title":"Non-Intrusive Hybrid Two-Stage Detection of Dynamic Attacks in Wide-Area Damping Controller Using Autoencoder and Unscented Kalman Filter with Unknown Input Estimation","authors":"Abhishek Saini;Hussain M. Mustafa;Pratyasa Bhui;Anurag K. Srivastava","doi":"10.35833/MPCE.2024.000946","DOIUrl":null,"url":null,"abstract":"Wide-area damping controllers (WADCs) help in damping poorly damped inter-area oscillations (IAOs) using wide-area measurements. However, the vulnerability of the communication network makes the WADC susceptible to malicious dynamic attacks. Existing cyber-resilient WADC solutions rely on accurate power system models or extensive simulation data for training the machine learning (ML) model, which are difficult to obtain for large-scale power system. This paper proposes a novel non-intrusive hybrid two-stage detection framework that mitigates these limitations by eliminating the need for real-time access to large system data or attack samples for training the ML model. In the first stage, an autoencoder is deployed at the actuator location to detect dynamic attacks with sharp gradient variations, e. g., triangular, saw-tooth, pulse, ramp, and random attack signals. In the second stage, an unscented Kalman filter with unknown input estimation at the control center identifies smoothly varying dynamic attacks by estimating the control signal received by the actuator using synchrophasor measurements. A modified cosine similarity (MCS) metric is proposed to compare and quantify the similarity between the estimated control signal and the control signal sent by the WADC placed at the control center to detect any dynamic attacks. The MCS is designed to differentiate between events and dynamic attacks. The performance of the proposed framework has been validated on a hardware-in-the-loop (HIL) cyber-physical test-bed built by using the OPAL-RT simulator and industry-grade hardware.","PeriodicalId":51326,"journal":{"name":"Journal of Modern Power Systems and Clean Energy","volume":"13 5","pages":"1763-1775"},"PeriodicalIF":6.1000,"publicationDate":"2025-04-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10974441","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Modern Power Systems and Clean Energy","FirstCategoryId":"5","ListUrlMain":"https://ieeexplore.ieee.org/document/10974441/","RegionNum":1,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}

引用次数: 0

Abstract

Wide-area damping controllers (WADCs) help in damping poorly damped inter-area oscillations (IAOs) using wide-area measurements. However, the vulnerability of the communication network makes the WADC susceptible to malicious dynamic attacks. Existing cyber-resilient WADC solutions rely on accurate power system models or extensive simulation data for training the machine learning (ML) model, which are difficult to obtain for large-scale power system. This paper proposes a novel non-intrusive hybrid two-stage detection framework that mitigates these limitations by eliminating the need for real-time access to large system data or attack samples for training the ML model. In the first stage, an autoencoder is deployed at the actuator location to detect dynamic attacks with sharp gradient variations, e. g., triangular, saw-tooth, pulse, ramp, and random attack signals. In the second stage, an unscented Kalman filter with unknown input estimation at the control center identifies smoothly varying dynamic attacks by estimating the control signal received by the actuator using synchrophasor measurements. A modified cosine similarity (MCS) metric is proposed to compare and quantify the similarity between the estimated control signal and the control signal sent by the WADC placed at the control center to detect any dynamic attacks. The MCS is designed to differentiate between events and dynamic attacks. The performance of the proposed framework has been validated on a hardware-in-the-loop (HIL) cyber-physical test-bed built by using the OPAL-RT simulator and industry-grade hardware.

查看原文本刊更多论文

基于未知输入估计的自编码器和无气味卡尔曼滤波器的广域阻尼控制器动态攻击非侵入混合两阶段检测

广域阻尼控制器（wadc）有助于利用广域测量来阻尼阻尼差的区域间振荡（iao）。然而，通信网络的脆弱性使得WADC容易受到恶意的动态攻击。现有的网络弹性WADC解决方案依赖于准确的电力系统模型或广泛的仿真数据来训练机器学习（ML）模型，而这些模型很难在大规模电力系统中获得。本文提出了一种新的非侵入式混合两阶段检测框架，通过消除实时访问大型系统数据或攻击样本以训练ML模型的需要，减轻了这些限制。在第一阶段，自动编码器部署在执行器位置，以检测具有急剧梯度变化的动态攻击，例如三角形，锯齿状，脉冲，斜坡和随机攻击信号。在第二阶段，在控制中心使用未知输入估计的无气味卡尔曼滤波器，通过使用同步相量测量估计执行器接收的控制信号，平滑地识别变化的动态攻击。提出了一种改进的余弦相似度（MCS）度量，用于比较和量化估计的控制信号与放置在控制中心的WADC发送的控制信号之间的相似度，以检测任何动态攻击。MCS旨在区分事件攻击和动态攻击。利用OPAL-RT模拟器和工业级硬件，在硬件在环（HIL）网络物理试验台上验证了该框架的性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Modern Power Systems and Clean Energy ENGINEERING, ELECTRICAL & ELECTRONIC-

CiteScore

12.30

自引率

14.30%

发文量

审稿时长

13 weeks

期刊介绍： Journal of Modern Power Systems and Clean Energy (MPCE), commencing from June, 2013, is a newly established, peer-reviewed and quarterly published journal in English. It is the first international power engineering journal originated in mainland China. MPCE publishes original papers, short letters and review articles in the field of modern power systems with focus on smart grid technology and renewable energy integration, etc.