Upload
buituong
View
215
Download
3
Embed Size (px)
Citation preview
Revealing Temporal Features of Attacks againstSmart Grid
Jun Yan, Yihai Zhu, Haibo He, Yan SunDepartment of Electrical, Computer and Biomedical Engineering, University of Rhode Island, Kingston, RI 02881
Email: {jyan, yhzhu, he, yansun}@ele.uri.edu
Abstract—Protecting smart grid against malicious attacks is amajor task for the power and energy community. While differentinitial failures could trigger cascading effects resulting in same orclose final impact, the pattern of intermediate cascading processvaries significantly. In this paper we propose an approach toanalyze temporal features and predict critical intermediate stagesto help prevent a massive cascading failure. Initial victims frommost vulnerable set of nodes are tested in a topological cascadingmodel under different fault tolerances, and the results revealthat they are usually followed by a dramatic increase of failedcomponents at some critical point. By analyzing the processes offailure propagation, we identify important temporal features ofcascading failure and predict critical moments to allow quick andproper response at an early stage. This work provides informativedecision support for defense against large blackouts caused eitherby random contingencies or attack schemes.
I. INTRODUCTION
The traditional power transmission networks, which used
to be monitored and operated manually, is now evolving to-
wards computer-based automatic power systems of generation,
distribution and protection with the integration of computer
communication networks. This new generation of power grid,
referred to as the smart grid, brings significant benefits of
efficiency, reliability, flexibility and adaptability with facilities
like distributed generation, advanced metering infrastructure
(AMI) and renewable resources, among others. However, due
to the growing interconnection of power grids and commu-
nication networks, the smart grid also faces increasing cyber
security issues, since attackers also have more power to access
information of power grids, manipulate data transmission,
and blacks out the power grid either by injecting false data
or modify the operation status of critical substations and
transmission lines [1]–[3].
For smart grid attackers, a general goal is to maximize
the effect of their attacks with lower cost and risk, which
usually means their attacks will aim at triggering cascading
failures by just taking down a few components whose failure
can lead to blackouts in power grids. According to the reports
on the 2003 North America blackout [4] and the recent 2012
North India blackout [5], blackouts are highly associated the
structural vulnerability of power grids as well as delayed or
ineffective response to the early failure propagation. As the
complex dynamics of the procedure of power system cascading
This work was supported by National Science Foundation (NSF) undergrant 1117314.
failure are often difficult to be disintegrated for comprehensive
analysis, these cascading based attacks pose major challenges
to the power and energy community.To address these challenges, many power grid models for
cascading analysis have been developed [6]–[8]. Among them,
ac power flow model have their strength in accuracy as
they carry the reactive power in calculation, which better
approximate power grid in reality at the cost of greater
computational complexity [6] [9]. Dc power flow models are
very popular with a tradeoff between the precision of power
grids approximation and the computational cost of simulation
[10], but they require detailed physical parameters of the power
grid that are hard to obtain in reality. High-level statistic
approaches use historic data to analyze the power grid failure
from a general perspective [11] [12]. Topological models are
also frequently used in the security analysis of power system
as they provide powerful tools from complex system and
computer science fields [13] [14] and work with most GIS
databases of electric utilities in industry.In addition, many researches also work on the modeling and
analysis of cascading failure [6] [15]. Contingency analyses
focus on the study of how different initial victims can influ-
ence the cascading consequence [9] [16]. Studies on system
dynamics and operation status also plays a important role in
cascading analysis [17]–[19]. Finally, detection, prediction and
prevention of both anomaly and attacks like false data injection
can provide helpful decision support from the security and
defense perspective [20]–[22].Besides the smart grid security researches above, there is
one less-developed topic on cascading failure, i.e. the assess-
ment of temporal features or patterns for the intermediate
stages of cascading failure, which can add a new perspective
to the cascading analysis. In reality, a cascading failure rarely
propagates across the whole power transmission network and
blacks out large scale areas without being detected, mitigated
or stopped by self-protective mechanism or rescue effort. In
order to reduce the risk and impact of major blackouts, the
knowledge of temporal features and patterns is critical for
responding to cascading failures with timely and sufficient
defense strength at an early stage. To be specific, there are
three major reasons to further investigate the cascading failure
from the time domain:
1) While various selections of victims can lead to similar
scale of cascading failures in a power grid, the procedure
978-1-4673-4896-6/13/$31.00 ©2013 IEEE
of each varies from one another by features like the
scale, rate, duration of failure propagation at certain
critical moments.
2) The resources available to defend cascading failure are
usually limited and require different amount of time
to activate, so timing is critical to properly deploy the
defense power to optimize the effect of rescuing efforts.
3) Though well-design power systems with larger fault
tolerance can be more resilient to cascading failures and
smart grid attacks, the required cost of hardware and
maintenance can be intimidating. Thus comprehensive
studies on temporal features which add a “temporal”
factor to the power system tolerance can maximize the
effectiveness and efficiency of defense with relatively
lower system tolerance, which is critical for smaller,
distributed infrastructures and facilities.
The complex process of power grid cascading failure pro-
vides many temporal features available for cascading analysis.
In this paper, we are particularly interested in the critical
moments during the cascading failure process, which reveal
key information like how the failure propagates, when the
optimal period to react to these cascading effects is and
how the fault tolerance of different power systems affects
these temporal characteristics. The goal of temporal feature
analysis is to add another dimension of power grid security
analysis other than traditional electrical properties, structural
vulnerability and operation dynamics and to contribute to a
comprehensive understanding of smart grid security.The rest of this paper is organized as follows: In Section
II we will first describe the modelling of power grid and
cascading failure in this paper, and then define several typical
temporal features which highlight critical information in cas-
cading failure. In Section III simulation results on a test power
grid will be presented analyzed to reveal how to identify these
features of cascading failure and what factors will affect them.
The conclusion and future work is in Section IV.
II. MODELING POWER GRID CASCADING FAILURE AND
ITS TEMPORAL FEATURES
A. Topological Model of Cascading FailureAs mentioned above, there are various available approaches
that model the power grids based on different aspects. Gen-
erally speaking, the topological models are more scalable and
computationally efficient, and they can approximate power
systems well with proper definition of grid structure and
cascading model. In addition, they can be directly applied to
the latest geospatial data which are widely used in industry.
Since we are mostly interested in the revelation of temporal
features and patterns of power grid cascading failure, a simple
topological model of node cascading failure [23] is chosen for
the work presented in this paper, and all the temporal feature
analyses can be extended to real dc or ac power flow models.
The details of power system and cascading failure modeling
are discussed below.First, in what follows a substation is referred to as a node v
and a transmission line as a branch l, and the load L(v) of a
node v is defined as the sum of the degree of all its neighbors
in the power grid, as shown in equation (1).
L(v) =∑
u∈N(v)
deg(u) (1)
where deg(u) is the degree, or the sum of number of branches
connecting to node u, and N(v) is the set of immediate
neighboring nodes directly linked to node v.
In our cascading failure model(CFM), we assume that a
power grid is originally in normal operation with initial load
L0(v) for each node v. A cascading failure is triggered by
the attack on a selected initial victim node v0, whose status is
instantly set to“failed” and load redistributed to its neighboring
nodes in N(v0). The load of these immediate neighbors that
are not failed will be updated according to a redistribution
function described in equation (2). An overloading happens on
node v if L(v) > L0(v) is satisfied at a certain moment during
the cascading; a failure occurs if the overloading status of a
node lasts long enough with its overloading ratio above a given
threshold, which is a positive value representing the designed
fault tolerance of a power system. This threshold, assigned
to a power grid as a universal constant T , determines if an
overloaded node is still safe within an acceptable range, or it
has reached a certain state that will be considered in danger
and needs to be isolated from the transmission network. A
failed node v will have all its load proportionally redistributed
to its immediate neighbors,
ΔL(w) =L(w)∑
u∈N(v)
L(u)(2)
where ΔL(w) is the extra load redistributed to node w ∈N(v). According to (2), if two neighboring nodes A and B
both carry a load of 100, and the total load of all of Node
A’s neighbors is 1000, then when Node A first fails during
the cascading failure, Node B will carry an extra load of
10 since its original load contributes to 10% of the total
neighboring load of Node A. The redistribution will cause
overloading to all surviving neighbors of v in the grid and
can lead to subsequent cascading failures. Once a node fails,
it will be disconnected from the power grid, which means
it will be removed from the neighborhood sets of all nodes
in current power grid topology, and any branches connecting
to this failed node will be tripped as no more power could
be delivered through it. Note that an isolated node is also
regarded as failed since all branches connecting to it have been
tripped. If no failure occurs after a certain amount of time,
the power grid is considered as stabilized, which marks the
end of cascading failure. In a general topological model, the
temporal intervals are not associated with a physical time unit;
so to avoid ambiguous use of time, for the rest of the paper
we use “round” as the conceptual unit length of time in our
model, which could be related to a specific time period, e.g.
seconds or milliseconds, according to real world application
needs.
Update Overloading Timer
Initiates an attack on selected victims
Load Redistribution
Overloaded Node Identified?
Node Failure Identified?
Power Grid Topology Updated
Cascading Failure EndsN
Y
N
Y
Fig. 1. The flowchart of cascading failure model. A cascading failure endswhen no failure emerges for 3D rounds.
In reality, each overloading node will still be able to carry
a certain amount of extra load for a period of time. From the
defensive view, this period represents a transitional window
embedded in the power system that allows proper reactions
before the overloading situation worsens. Therefore we apply
a time-delay overcurrent relay in our model which monitors
and modifies the status of overloading nodes. To be specific, a
timer will be triggered whenever a node starts to overload,
and its output is defined as an accumulative function of
both overloading ratio and time. In each round we test the
overloading status of nodes, increase the value of the timer
and update cascading node failures accordingly. It may take
several rounds for a node turns from overloading to failure, and
once it fails the corresponding load redistribution and topology
updating will be executed before the next round.
With the assumptions above, the accumulative time-delay
function is defined as
d(n) =n∑
k=0
L− TL0 (3)
where n is the number of rounds that a node has been in
overloading status, T is the tolerance of a given system, and
L is the current load of a given node. Similar to [9], the timer
is triggered when L is larger than its capacity TL0, and an
empirical threshold of d(n) is set up so that any node carrying
an extra load of 50% of its capacity for D rounds will be
regarded as failed, and the relay will instantly disconnect all
failed nodes from the power grid. In other words, D is the
maximal time-delay before the relay considers the overloading
of a given node is fatal enough to be cut off from the power
grid.
According to equation (3), the overloading timer launches
only when a node’s load exceeds its capacity, otherwise it will
be reset to zero thus will not affect the status of a node if it has
already failed or recovered from a dangerous state. Equation
(3) also shows that nodes with lower overloading ratio or less
overloading rounds will remain alive for longer period.
In summary, the overall procedure of cascading failure is
illustrated in Fig.1, and this builds up the platform for our
temporal feature analysis.
B. Temporal Features of Cascading Failure
To reveal the temporal features in the intermediate stages of
cascading failures initiated by attacks, in this paper we choose
a simple measurement, i.e. the percentage of failed nodes at
a given moment, denoted as PoF , to evaluate the cascading
process. It is defined as the ratio of the number of failed
nodes to the current round over the total number of nodes in a
power grid. For each cascading failure initiated from different
victims, we find three useful aspects to look into the temporal
feature based on PoF :
1) Leaps: A “leap” is the sudden boost the number of
failure within a small number of rounds during the nonlinear
increase of PoF over time, which means an acceleration of
cascading failure during this period. Its duration and mag-
nitude differentiate various process of cascading failure from
each other and provides key information on the optimal timing
for response action. With similar final PoF , the duration of a
cascading failure can tell how quick a leap shocks the power
grid and the magnitude can illustrate how strong the impact is.
Specifically, a leap of the failure percentage occurs between
round n and n+Δn if the following criterion is satisfied
PoF (n+Δn)− PoF (n) ≥ P1 (4)
for all rounds between n and n + Δn. In this paper we set
P1 = 0.025, thus we will consider an continuous increase of
PoF as a leap if its magnitude is no less than 2.5% for at
least one round, and its duration is the max Δn that satisfies
the condition in 4). Note that P1 is related to the strength of
the initial attack, and for some large power grids P1 should
be decreased accordingly as the powerful attacks in smaller
grids is not likely to lead to the same magnitude of leaps for
large areas.
2) First response moment: In the early stage of failure
propagation, the period before the first leap occurs or the
overall failure percentage reaches a certain level is often
the golden time to take actions to minimize the impact of
cascading failure. The first response moment n0 is defined as
n0 = min{n1, n2} (5)
where
n1 =argminn
{PoF (n+ 1)− PoF (n) ≥ P1} (6)
n2 =argminn
{PoF (n) ≥ P2} (7)
In the equations above, we choose P1 = 0.025 as in previous
case, and choose P2 = 0.1 as the threshold for a significant
damage to the power grid. Hence equation (5) identifies the
very first round n0 in which either a leap appears, or the failure
percentage reaches 10%.
3) Number of leaps and buffer period: In each cascading
procedure, there could be multiple leaps, and the number of
leaps in a single cascading procedure reflects how radical the
increase of PoF is. Given a fixed final failure percentage
PoF , a number of leaps indicate that the cascading failure will
go through several stages, between which the rate propagation
will slow down for certain amount of time, then accelerate
again when some more critical components fail due to the fatal
overloading. Hence these intervals between leaps of a PoF
!
!
!
!
!
!!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!!
!
!
!!
!
!!
!
!
!
!
!
!
!
!
!
!
!
!
!
!!
!
!
! !
!
!
!
!
!
!
!
! !
!!
!
!
!
!
!
!
!
!!
!!!
!
!!
!!
!
!
!
!
!
!
!
!!
!
!
!
!
!
!
!
!
!
!
!
!!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
! ! !
!
!
!
!
!
!
!
!
!
!
!
!
!
!!
!
!!
!
!
!
!
!
!
!
!
!
!!
!
!!
!!
!
!!
!!!!!
!!
!!
!!
!
!
!
!
!
!
!
!
!
!
!!
!
!
!
!
!
!
!
!!
!
!
!
!
!!
!
!
!
!
!
!!
!!
!!
!!
!
!!
!
!!!!!
!!
!
!
!
!! !
!! !
! !
!
!
!
!
!
!
!
!!
!
!
!
!
!!
!!!
!!
!!!!
!!
! !
!!
!
!
!!
!!
!
!
!
!!
!!! !!
!
!!
!
!
!
!
!
!
!! ! !
!
!
!
!
! !
!
!
!
!
!
!
!
!!
!!
!
!!!
!
!
!
!
!
!
!
!
!!
!
!
!
!
!
!
!
!!
!
!
!
!!
!
!
!!
!
!
!
!
!
!
!
!
!!
!
!
!
!
!
!
!
!
!
!
!
!! !
!!
!
!
!
!!!
! !
!
!
!
!
!!
! !!
!
! !
!
!
!!
!
!
! !
!
! !
!!
!
!
!
!
!
!
!
!
!!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!!
!
! !
!
!
!
!
!
!
!
!!
!
!
!
!
!
!
!
!
!
!
!
! !! !!
!
!
!
!
!
!!
!
!
!
!
!
!
!
!!
!
!
! !
!
!!
! !
! !
!
!!!
!
!
!
!!
!
! !
!
!
!
!
!
!
!
!
!
!
!!
!
!
!
!
!!!
!
!
!
!
!
!!
!!
!!
!!!! !
!
!
!
! !
!
!
!
!
!!
! !
!
!
!
!!!!!
!!
! !!!
!
! !!!
! !
!
!
!
! !
!
!!
!!
!
!
!
!!
!
!
!
!
!
!
!
!!!
!
!
!
!!!!
!
!
!
!
! !
!!
! !!
!!!!
!!
!!!
!
!! !!
!!
!
!
!
!
! !
!!
!
!!
!
! !
!
!
!
!
!
!
!!
!!
! !
! !
!!
!
!
!
!
!
!
!!
!!
! !
!
!
!
!
!
!
!!
!
!
!!
!
!
!!
!
!!!
!!
!
!
!
!
! ! !
!
!
!
!!
!
!
!
! !
!
!!
!
! !
!
!
!
!!
!
!
!!
!
!
!!
!
!!
!
!
!
!
!
!!!!
!
!
!
!
!!
!
!
!
!
!
!
!!
! !
!
!
!
!
! !! !
!
!
!!
!!
!
!
!
!
!
!
! !
!
!
!!!
!
!
!
Fig. 2. The power grid of Bay Area with 510 nodes, displayed in ArcMap10.0. Substations are marked in green and transmission lines in blue
curve, if exists, can provide useful information on the buffer
periods during which actions should be taken to effectively
mitigate the cascading failure before the next dramatic rise of
failure percentage.
The knowledge of this feature reveals more importance
when the defense strength of power grids are limited to cope
with small scale cascading failures. There can be many small
leaps and buffer periods in some cases, and each of them
requires power grid managers to reallocate power demands,
activate backup resources that can be put into effect during
transitional window to restore normal power delivery; whereas
in other cases, fast cascading failure with consecutive large
leaps merely allows very limited time to response immediately
at an early stage.
For all temporal features discussed above, one fact to notice
in our model is that the system parameters such as maximal
time-delay D, system tolerance T as well as the spatial
connection can substantially affect the cascading procedure
in different power grids. Therefore in the simulation we will
also test how these factors can impact the cascading failure.
III. SIMULATION RESULT
A. Benchmark System and Parameter Setup
In the following simulations, we will reveal temporal fea-
tures of cascading failure by testing various maximal delays
D, victim sets v0 and system tolerances T . The test power
grid in our simulation is the Bay Area grid which is extracted
from the POWERmap GIS dataset provided by PLATTS and
whose topology and geometry are described in Fig.2. It is a
typical regional power grid of a metropolitan area which will
easily draw the attention of potential attackers.
We consider the power grid has a possible system tolerance
T ranging from 1.0 to 2.0 in our simulation. Assuming that
attackers can only obtain limited information of the power grid
such as the topology and the top loaded nodes, but they have
no further knowledge of the status of power grid generation,
operation or management, intuitively they are likely to choose
the nodes with the greatest load, if no other cost of attack
considered. So we perform the simulation of a single victim
attack on the nodes with the greatest initial load to explore
the temporal features in cascading failure and how they are
affected by different system parameters.
B. Temporal Feature Revealed
First, by setting system tolerance T = 1.1, we select the top
9 nodes with the largest load as the candidate set of victims,
and then simulate the cascading process for various values of
D that yield a cascading failure under the given tolerance.
The PoF curves obtained from simulations with respect to
the number of rounds are illustrated in Fig.3. Some general
information is shown in Table I, where OL0 is the number of
overloaded nodes at Round 1 when the corresponding node is
attacked, and PoFf is the final failure percentage after each
attack under the condition that T = 1.1 and D = 0. As we
can see from Fig.3 and TableI, the final percentage of failure
is very close and therefore exploring the temporal feature can
be the practical way to compare the vulnerability of different
nodes in terms of cascading failure.
TABLE IGENERAL INFORMATION ON THE NODES UNDER ATTACK
Rank Load Node ID F0 PoFf
1 15 2496 26 92.94%
2 14 2112 24 92.94%
3 38 1380 20 92.75%
4 53 1131 13 92.94%
5 29 825 11 92.75%
6 77 781 11 92.75%
7 76 741 13 92.94%
8 57 702 13 92.94%
9 55 689 13 92.94%
Take the cascading failure of attacking Node 55 as an
example and assume we have the prior knowledge that D = 4.
Note that a leap in this power grid involves the failure of at
least 12 nodes within one round, which can be a serious failure
in the power system. From Fig.4, we can identify three leaps
during the cascading failure: a minor leap takes place at Round
8, two major ones from Round 10 to Round 12 and Round 26
to Round 35, respectively. Hence the first response time n0 in
this specific case is 8, and there is one short buffer period
at Round 9, another longer one from Round 16 to Round
25. These temporal features highlight the critical moments
for responding to the cascading failure caused by attacking
Node 55: To avoid a cascading failure in the gird, actions
must be made within 8 rounds to deal with the 13 overloaded
nodes after the failure of Node 55, by either calling up backup
resources or cutting off demands. If this critical period is
missed, the failure propagation will accelerate and it would
be difficult to limit the cascading effect until Round 13, after
which the cascading speed slows down to less than 2.5% per
round for 13 rounds. And this will be the last chance to curb
the cascading failure at a failure percentage of about 22%.
However, it is observed that during this period, although there
are 4 rounds with only one or no node failure, there are already
over 15% nodes failed and between 8 to 34 nodes overloaded,
so it requires much more effort to stop the cascading failure
compared to the first response period. After this period, the
0 10 20 30 40 500
0.2
0.4
0.6
0.8
1Node 15, L0 = 2496
D = 0D = 1D = 2D = 3D = 4D = 5
0 10 20 30 40 500
0.2
0.4
0.6
0.8
1Node 14, L0 = 2112
D = 0D = 1D = 2D = 3D = 4D = 5
0 10 20 30 40 500
0.2
0.4
0.6
0.8
1Node 38, L0 = 1380
D = 0D = 1D = 2D = 3
0 10 20 30 40 500
0.2
0.4
0.6
0.8
1Node 53, L0 = 1131
D = 0
0 10 20 30 40 500
0.2
0.4
0.6
0.8
1Node 29, L0 = 825
D = 0
0 10 20 30 40 500
0.2
0.4
0.6
0.8
1Node 77, L0 = 781
D = 0D = 1
0 10 20 30 40 500
0.2
0.4
0.6
0.8
1Node 76, L0 = 741
D = 0D = 1D = 2D = 3
0 10 20 30 40 500
0.2
0.4
0.6
0.8
1Node 57, L0 = 702
D = 0D = 1D = 2D = 3
0 10 20 30 40 500
0.2
0.4
0.6
0.8
1Node 55, L0 = 689
D = 0D = 1D = 2D = 3D = 4D = 5
Fig. 3. The cascading failure caused by attacks when T = 1.1. The X-axis is the round of cascading failure while the Y-axis is the failure percentage PoF .Each cascading failure starts from different attack victims that have the greatest load in Bay Area.
0 5 10 15 20 25 30 35 40 45 500
0.01
0.02
0.03
0.04
0.05
0.06
0.07
0.08
0.09
0.1
Rounds of cascading failure
Δ Po
F
Fig. 4. The change of failure percentage PoF compared to previous roundafter attacking node 57, given T = 1.1 and D = 4
failure percentage exhibits another fast rise before it finalizes
at about 92%.
C. Factors that affect temporal features
As shown in Fig.3, the maximal time-delay D plays an
important role in the cascading procedure. Many nodes only
have one major leap because of the heavy initial load they
carried, especially when D is low and allows little time before
an overloading turns to a failure. In Fig.3, the cascading
procedure for all these 9 nodes are quite similar when D = 0and so it is hard to discover important information from the
corresponding PoF curves.
However, when the value of D is increased, some nodes like
Node 14, 38, 76 57 and 55 will yield some leaps during the
cascading, and buffer periods emerge when D is increased
large enough. In reality, if D is large enough, the power
system will have enough time to restore normal operation
automatically or manually, hence eliminating the chance of
cascading failure. For instance, for Node 53 and 29, by
increasing D to any integers larger than 0, no cascading failure
will occur in Bay Area even if the nodes being attacked have
the 4th and 5th largest load in the power grid. As shown in
the figures, a leap can also be delayed by increased D as a
nonlinear function of D, and the total number of rounds of
cascading failure before it stabilizes, the first response time
n0 is also increased by D accordingly.
Also, from the PoF curves, we can see that the spatial
location and connection can affect temporal features as well.
First, when two nodes are spatially close to each other, their
PoF curves exhibit similar patterns given the same system
parameters, as shown in cases of attacks on Node 15 and
14, and Node 55 and 57. Besides, while the buffer periods
can start at various rounds with different lengths if D is
changed, they always correspond to a certain value of failure
percentage PoF , which is associated with a given geographic
area affected by the cascading failure and therefore the buffer
period is also related to the cluster of failed nodes.
Finally, choose the single victim attack on node 57 as an
example, the effect of system tolerance T on the interme-
diate stages of cascading failure are shown in Fig.5, which
exhibits similar pattern to the effect of maximal time-delay D.
Increasing T from 1.0 to 1.3 can break down a large leap into
smaller ones, thus generates a buffer period and increases the
length of it. Also when T reaches a threshold, it can essentially
prevent the cascading failure; for instance, when T is equal
or larger than 1.3, there will be not cascading effect if the
attacker chooses to initiate the cascading failure from Node
57. However, in reality the cost to construct and maintain such
a high tolerance can be prohibitive, which means the temporal
feature is still important in providing critical information for
0 5 10 15 20 250
0.2
0.4
0.6
0.8
1
Rounds of cascading failure
Per
cent
age
of fa
ilure
T=1.0T=1.1T=1.2T=1.3
Fig. 5. The influence of system tolerance when D = 1. Each cascadingfailure starts from Node 57 in Bay Area.
the timing of defense response.
IV. CONCLUSIONS AND FUTURE WORK
In this paper we reveal several critical temporal features in
the cascading analysis of power system. While for the most
loaded nodes in the power grid the cascading procedure leads
to similar final failure percentage, the intermediate process
vary significantly. Therefore, temporal features such as the
temporal location, magnitude, duration, number of occurrence
of leaps as well as the buffer period that allows a second
chance to response provides key information on the defense
against smart grids attacks. This study on the temporal fea-
tures of cascading procedure caused by malicious attacks can
provide a critical dimension to a comprehensive understanding
of smart grid security, including operation, protection as well
as planning of the smart grid.
There are several interesting future research directions along
this topic. For instance, in our current study we focus on the
topological structure of the grid. It would be important to
consider power flow analysis models and use branch tripping
instead of substation failure, such as the models presented in
[9] and [24], to understand the grid behavior under attack.
From a defense perspective, it is also useful to simulate
different defense strategies and observe the grid reactions to
different types and stages of grid failures, either through cyber-
attacks or physical failures of the grid.
REFERENCES
[1] X. Li, X. Liang, R. Lu, X. Shen, X. Lin, and H. Zhu, “Securing smartgrid: cyber attacks, countermeasures, and challenges,” CommunicationsMagazine, IEEE, vol. 50, no. 8, pp. 38 –45, Aug. 2012.
[2] P.-Y. Chen, S.-M. Cheng, and K.-C. Chen, “Smart attacks in smart gridcommunication networks,” Communications Magazine, IEEE, vol. 50,no. 8, pp. 24 –29, Aug. 2012.
[3] D. Kundur, X. Feng, S. Liu, T. Zourntos, and K. Butler-Purry, “Towardsa framework for cyber attack impact analysis of the electric smart grid,”in Smart Grid Communications (SmartGridComm), 2010 First IEEEInternational Conference on, Oct. 2010, pp. 244 –249.
[4] “Final report on the august 14, 2003 blackout in the united statesand canada: Causes and recommendations,” U.S.-Canada Power SystemOutage Task Force, Tech. Rep., Apr. 2004.
[5] “Report of the enquiry committee on grid disturbance in northern regionon 30th july 2012 and in northern, eastern & north-eastern region on 31stjuly 2012,” The Enquiry Committee, Ministry of Power, Government ofIndia, Tech. Rep., Aug. 2012.
[6] M. Vaiman, K. Bell, Y. Chen, B. Chowdhury, I. Dobson, P. Hines, M. Pa-pic, S. Miller, and P. Zhang, “Risk assessment of cascading outages:Methodologies and challenges,” Power Systems, IEEE Transactions on,vol. 27, no. 2, pp. 631–641, May 2012.
[7] M. Vaiman, K. Bell, Y. Chen, B. Chowdhury, I. Dobson, P. Hines,M. Papic, S. Miller, and P. Zhang, “Risk assessment of cascadingoutages: Part 1 - overview of methodologies,” in Power and EnergySociety General Meeting, 2011 IEEE, Jul. 2011, pp. 1 –10.
[8] M. Papic, K. Bell, Y. Chen, I. Dobson, L. Fonte, E. Haq, P. Hines,D. Kirschen, X. Luo, S. Miller, N. Samaan, M. Vaiman, M. Varghese,and P. Zhang, “Survey of tools for risk assessment of cascading outages,”in Power and Energy Society General Meeting, 2011 IEEE, Jul. 2011,pp. 1–9.
[9] M. Eppstein and P. Hines, “A “random chemistry” algorithm for identify-ing collections of multiple contingencies that initiate cascading failure,”Power Systems, IEEE Transactions on, vol. 27, no. 3, pp. 1698–1705,Aug. 2012.
[10] B. Stott, J. Jardim, and O. Alsac, “Dc power flow revisited,” PowerSystems, IEEE Transactions on, vol. 24, no. 3, pp. 1290 –1300, aug.2009.
[11] H. Ren and I. Dobson, “Using transmission line outage data to estimatecascading failure propagation in an electric power system,” Circuits andSystems II: Express Briefs, IEEE Transactions on, vol. 55, no. 9, pp.927–931, Sep. 2008.
[12] A. Holmgren and S. Molin, “Using disturbance data to assess vulner-ability of electric power delivery systems,” Journal of InfrastructureSystems, vol. 12, no. 4, pp. 243–251, 2006.
[13] E. Cotilla-Sanchez, P. Hines, C. Barrows, and S. Blumsack, “Comparingthe topological and electrical structure of the north american electricpower infrastructure,” Systems Journal, IEEE, vol. PP, no. 99, p. 1, May2012.
[14] S. Jonnavithula and R. Billinton, “Topological analysis in bulk powersystem reliability evaluation,” Power Systems, IEEE Transactions on,vol. 12, no. 1, pp. 456–463, Feb. 1997.
[15] R. Baldick, B. Chowdhury, I. Dobson, Z. Dong, B. Gou, D. Hawkins,H. Huang, M. Joung, D. Kirschen, F. Li, J. Li, Z. Li, C.-C. Liu, L. Mili,S. Miller, R. Podmore, K. Schneider, K. Sun, D. Wang, Z. Wu, P. Zhang,W. Zhang, and X. Zhang, “Initial review of methods for cascading failureanalysis in electric power transmission systems,” in Power and EnergySociety General Meeting - Conversion and Delivery of Electrical Energyin the 21st Century, 2008 IEEE, Jul. 2008, pp. 1 –8.
[16] N. Bhatt, S. Sarawgi, R. O’Keefe, P. Duggan, M. Koenig, M. Leschuk,S. Lee, K. Sun, V. Kolluri, S. Mandal, M. Peterson, D. Brotzman,S. Hedden, E. Litvinov, S. Maslennikov, X. Luo, E. Uzunovic, B. Far-danesh, L. Hopkins, A. Mander, K. Carman, M. Vaiman, M. Vaiman,and M. Povolotskiy, “Assessing vulnerability to cascading outages,” inPower Systems Conference and Exposition, 2009. PSCE ’09. IEEE/PES,Mar. 2009, pp. 1 –9.
[17] B. A. Carreras, V. E. Lynch, I. Dobson, and D. E. Newman, “Complexdynamics of blackouts in power transmission systems,” Chaos: AnInterdisciplinary Journal of Nonlinear Science, vol. 14, no. 3, pp. 643–652, 2004.
[18] I. Dobson, B. A. Carreras, V. E. Lynch, and D. E. Newman, “Complexsystems analysis of series of blackouts: Cascading failure, critical points,and self-organization,” Chaos: An Interdisciplinary Journal of NonlinearScience, vol. 17, no. 2, p. 026103, 2007.
[19] D. Newman, B. Carreras, V. Lynch, and I. Dobson, “Exploring complexsystems aspects of blackout risk and mitigation,” Reliability, IEEETransactions on, vol. 60, no. 1, pp. 134–143, Mar. 2011.
[20] G. Hug and J. Giampapa, “Vulnerability assessment of ac state estima-tion with respect to false data injection cyber-attacks,” Smart Grid, IEEETransactions on, vol. 3, no. 3, pp. 1362 –1370, Sep. 2012.
[21] Y. Yuan, Z. Li, and K. Ren, “Modeling load redistribution attacks inpower systems,” Smart Grid, IEEE Transactions on, vol. 2, no. 2, pp.382 –390, Jun. 2011.
[22] J. Lin, W. Yu, X. Yang, G. Xu, and W. Zhao, “On false data injection at-tacks against distributed energy routing in smart grid,” in Cyber-PhysicalSystems (ICCPS), 2012 IEEE/ACM Third International Conference on,Apr. 2012, pp. 183 –192.
[23] W. Wang, Q. Cai, Y. Sun, and H. He, “Risk-aware attacks and catas-trophic cascading failures in u.s. power grid,” in Global Telecommuni-cations Conference (GLOBECOM 2011), 2011 IEEE, Dec. 2011, pp.1–6.
[24] E. Bompard, E. Pons, and D. Wu, “Extended topological metrics forthe analysis of power grid vulnerability,” Systems Journal, IEEE, vol. 6,no. 3, pp. 481–487, Sep. 2012.