电网同步数据入侵检测、分类和缓解的网络弹性机制

IF 5.3 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection Pub Date : 2025-07-06 DOI:10.1016/j.ijcip.2025.100785

Soma Bhattacharya, Brundavanam Seshasai, Ebha Koley, Subhojit Ghosh

{"title":"电网同步数据入侵检测、分类和缓解的网络弹性机制","authors":"Soma Bhattacharya, Brundavanam Seshasai, Ebha Koley, Subhojit Ghosh","doi":"10.1016/j.ijcip.2025.100785","DOIUrl":null,"url":null,"abstract":"<div><div>In recent times, owing to their ability in providing accurate synchronized phasor information with global positioning system (GPS) based common time reference, phasor measurement units (PMUs) have emerged as one of the most significant components of the wide-area monitoring system of modern power networks. However, the use of public GPS signal and increased dependence on the communication infrastructure for transmitting phasor information have made the PMU (also referred to as synchrophasor) dependent operations highly vulnerable to the cyber intrusions. Intrusions on synchrophasor data is generally executed by either manipulating the common time reference (referred to as time synchronization attack (TSA)) or by injecting a falsified data into the actual PMU acquired signal to recreate a non-existing scenario (referred to as replay attack (RA)). For both the attacks, the acquisition of manipulated data at the control centre negatively disturbs the wide-area monitoring and control operations, which might even lead the network to blackout. Motivated by the requirement of increasing the resiliency of power networks against TSA and RA, the development of an accurate, reliable and comprehensive scheme for detecting, classifying and mitigating the impact of phasor intrusions has been sought in the present work. The three-stage mechanism involves processing of the phasor data acquired from multiple PMUs using bi-directional gated recurrent unit (Bi-GRU) based classifiers to detect intrusion (first stage) and further classify the type of intrusion as TSA or RA (second stage). Post-intrusion classification, in the final stage, Bessel interpolation is applied to filter out the spoofed data and further replace it with intrusion-free (pre-attack) data. The proposed scheme has been extensively validated for practical settings in real-time testbed with regards to detecting intrusions, distinguishing intrusions from contingencies, classifying intrusion and estimating the state variables closer to the pre-attack levels.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"50 ","pages":"Article 100785"},"PeriodicalIF":5.3000,"publicationDate":"2025-07-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A cyber-resilient mechanism for detection, classification and mitigation of intrusion on synchrophasor data in power networks\",\"authors\":\"Soma Bhattacharya, Brundavanam Seshasai, Ebha Koley, Subhojit Ghosh\",\"doi\":\"10.1016/j.ijcip.2025.100785\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>In recent times, owing to their ability in providing accurate synchronized phasor information with global positioning system (GPS) based common time reference, phasor measurement units (PMUs) have emerged as one of the most significant components of the wide-area monitoring system of modern power networks. However, the use of public GPS signal and increased dependence on the communication infrastructure for transmitting phasor information have made the PMU (also referred to as synchrophasor) dependent operations highly vulnerable to the cyber intrusions. Intrusions on synchrophasor data is generally executed by either manipulating the common time reference (referred to as time synchronization attack (TSA)) or by injecting a falsified data into the actual PMU acquired signal to recreate a non-existing scenario (referred to as replay attack (RA)). For both the attacks, the acquisition of manipulated data at the control centre negatively disturbs the wide-area monitoring and control operations, which might even lead the network to blackout. Motivated by the requirement of increasing the resiliency of power networks against TSA and RA, the development of an accurate, reliable and comprehensive scheme for detecting, classifying and mitigating the impact of phasor intrusions has been sought in the present work. The three-stage mechanism involves processing of the phasor data acquired from multiple PMUs using bi-directional gated recurrent unit (Bi-GRU) based classifiers to detect intrusion (first stage) and further classify the type of intrusion as TSA or RA (second stage). Post-intrusion classification, in the final stage, Bessel interpolation is applied to filter out the spoofed data and further replace it with intrusion-free (pre-attack) data. The proposed scheme has been extensively validated for practical settings in real-time testbed with regards to detecting intrusions, distinguishing intrusions from contingencies, classifying intrusion and estimating the state variables closer to the pre-attack levels.</div></div>\",\"PeriodicalId\":49057,\"journal\":{\"name\":\"International Journal of Critical Infrastructure Protection\",\"volume\":\"50 \",\"pages\":\"Article 100785\"},\"PeriodicalIF\":5.3000,\"publicationDate\":\"2025-07-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Critical Infrastructure Protection\",\"FirstCategoryId\":\"5\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1874548225000460\",\"RegionNum\":3,\"RegionCategory\":\"工程技术\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Critical Infrastructure Protection","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1874548225000460","RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

近年来，相量测量单元（pmu）由于能够与基于全球定位系统（GPS）的通用时间基准提供精确的同步相量信息，已成为现代电网广域监测系统的重要组成部分之一。然而，公共GPS信号的使用和对传输相量信息的通信基础设施的依赖增加使得PMU（也称为同步相量）依赖操作极易受到网络入侵。对同步数据的入侵通常通过操纵公共时间参考（称为时间同步攻击（TSA））或通过向实际PMU获取的信号中注入伪造的数据来重新创建不存在的场景（称为重放攻击（RA））来执行。对于这两种攻击，在控制中心获取被操纵的数据对广域监测和控制操作产生负面干扰，甚至可能导致网络中断。由于需要提高电网对TSA和RA的弹性，目前的工作一直在寻求一种准确、可靠和全面的方案来检测、分类和减轻相量入侵的影响。该三阶段机制包括使用基于双向门控循环单元（Bi-GRU）的分类器处理从多个pmu获取的相量数据，以检测入侵（第一阶段），并进一步将入侵类型分类为TSA或RA（第二阶段）。后入侵分类，在最后阶段，使用贝塞尔插值法过滤掉被欺骗的数据，并将其替换为无入侵（攻击前）数据。该方案在检测入侵、区分入侵和突发事件、对入侵进行分类以及估计更接近攻击前水平的状态变量等方面已经在实时测试平台的实际设置中得到了广泛的验证。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A cyber-resilient mechanism for detection, classification and mitigation of intrusion on synchrophasor data in power networks

In recent times, owing to their ability in providing accurate synchronized phasor information with global positioning system (GPS) based common time reference, phasor measurement units (PMUs) have emerged as one of the most significant components of the wide-area monitoring system of modern power networks. However, the use of public GPS signal and increased dependence on the communication infrastructure for transmitting phasor information have made the PMU (also referred to as synchrophasor) dependent operations highly vulnerable to the cyber intrusions. Intrusions on synchrophasor data is generally executed by either manipulating the common time reference (referred to as time synchronization attack (TSA)) or by injecting a falsified data into the actual PMU acquired signal to recreate a non-existing scenario (referred to as replay attack (RA)). For both the attacks, the acquisition of manipulated data at the control centre negatively disturbs the wide-area monitoring and control operations, which might even lead the network to blackout. Motivated by the requirement of increasing the resiliency of power networks against TSA and RA, the development of an accurate, reliable and comprehensive scheme for detecting, classifying and mitigating the impact of phasor intrusions has been sought in the present work. The three-stage mechanism involves processing of the phasor data acquired from multiple PMUs using bi-directional gated recurrent unit (Bi-GRU) based classifiers to detect intrusion (first stage) and further classify the type of intrusion as TSA or RA (second stage). Post-intrusion classification, in the final stage, Bessel interpolation is applied to filter out the spoofed data and further replace it with intrusion-free (pre-attack) data. The proposed scheme has been extensively validated for practical settings in real-time testbed with regards to detecting intrusions, distinguishing intrusions from contingencies, classifying intrusion and estimating the state variables closer to the pre-attack levels.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

International Journal of Critical Infrastructure Protection COMPUTER SCIENCE, INFORMATION SYSTEMS-ENGINEERING, MULTIDISCIPLINARY

CiteScore

8.90

自引率

5.60%

发文量

审稿时长

>12 weeks

期刊介绍： The International Journal of Critical Infrastructure Protection (IJCIP) was launched in 2008, with the primary aim of publishing scholarly papers of the highest quality in all areas of critical infrastructure protection. Of particular interest are articles that weave science, technology, law and policy to craft sophisticated yet practical solutions for securing assets in the various critical infrastructure sectors. These critical infrastructure sectors include: information technology, telecommunications, energy, banking and finance, transportation systems, chemicals, critical manufacturing, agriculture and food, defense industrial base, public health and health care, national monuments and icons, drinking water and water treatment systems, commercial facilities, dams, emergency services, nuclear reactors, materials and waste, postal and shipping, and government facilities. Protecting and ensuring the continuity of operation of critical infrastructure assets are vital to national security, public health and safety, economic vitality, and societal wellbeing. The scope of the journal includes, but is not limited to: 1. Analysis of security challenges that are unique or common to the various infrastructure sectors. 2. Identification of core security principles and techniques that can be applied to critical infrastructure protection. 3. Elucidation of the dependencies and interdependencies existing between infrastructure sectors and techniques for mitigating the devastating effects of cascading failures. 4. Creation of sophisticated, yet practical, solutions, for critical infrastructure protection that involve mathematical, scientific and engineering techniques, economic and social science methods, and/or legal and public policy constructs.