Anomaly Detection in Distribution Power System based on a Condition Monitoring Vector and Ultra- Short Demand Forecasting

This paper presents a proactive intrusion detection system (IDS) for smart distribution power systems. The considered attack scenario is manipulation of the advanced measuring infrastructures (AMIs) readings and/or smart inverters data. These manipulated data from the grid edge devices mislead the grid operator for making proper operational planning decisions. In a stealthy attack model, where the attacker compromises significant number of these smart devices, serious demand-supply unbalance can occur that may result in major blackouts. The proposed IDS is based on a condition monitoring vector (CMV) equipped with a learned ultra-short-term demand forecasting (USTDF) mechanism. This cybersecurity approach is able to verify smart devices readings. In the proposed method, the instantaneous difference of collected AMIs and other smart devices data with the ultra-short term forecasted demand is defined as the CMV. This vector probes a pre-defined error band for identifying the compromised smart devices. The learned USTDF mechanism is based on the distribution grid historical load profile and the temperature data for the goal area. An accurate multi-dimensional regression model is developed and learned for forecasting the load behavior in this area. Finally, the suspicious areas are flagged or become separated from the main grid by the network operator based on the proposed CMV outcomes and the output of decision-making module. The proposed IDS aims to enhance the cybersecurity of the smart devices at the grid-edge that plays major role in ensuring the resiliency of the grid. The theoretical analyses are verified by several case studies.