Attack and Defense Mechanisms for State Estimation in Smart Grid
Mohammad EsmalifalakSupervisor: Dr. Zhu Han
ECE Department
OverviewOverview
Introduction to Smart Grid
Power System Model
Bad Data Injection
- Independent Component Analysis
- False Data in Electricity Market
Bad Data Injection Detection
- Anomaly Detection and Support Vector Machine
- Gaming Between Attacker and Defender
Future Work
[2]Mohammad Esmalifalak – PhD Thesis Defense
Smart Power GridSmart Power Grid
Smart way of generation, transmission, and consumption of electricity
Benefits both utilities, consumers, & environment:– Reduce supply capacity while fitting demand.
– Improve reliability and efficiency of grid.
– Integration of green energy, reduction of CO2, etc.
More than 3.4 billion from US federal stimulus bill is targeted.
One of hottest topic in research community
Let’s view how everything is connected graphically!
[3]Mohammad Esmalifalak – PhD Thesis Defense
Smart Grid IllustrationSmart Grid Illustration
[4]
Conceptual diagram in smart grid, “ITERES SMART GRID”
Renewable Energies
Control Center
Communication Channels
Bulk Storage(PEV, etc.)
Mohammad Esmalifalak – PhD Thesis Defense
Power System MonitoringPower System Monitoring
State Estimation (SE): Estimation of states over the power grid using redundant measurements.
[5]
How does control center conduct SE?
Supervisory Control and Data Acquisition (SCADA) system
MeasurementsCommunication(DNP3)
Remote Terminal Unit Control Center
Mohammad Esmalifalak – PhD Thesis Defense
State Estimation (SE)State Estimation (SE)
[6]
SE is vulnerable to cyber attack
Communication could be wireless (e.g., radio, and pager) or wired (e.g., Dial-up telephone, RS-485 multi-drop, 3G, and Ethernet).
These communication links are vulnerable to cyber attack.
Maroochy waste water utility
Unauthorized access to the controlsystem via an insecure wireless network.
Olympic pipeline company
A system administrator was doing development on live SCADA
Mohammad Esmalifalak – PhD Thesis Defense
OverviewOverview
Introduction to Smart Grid
Power System Model
Bad Data Injection
- Independent Component Analysis
- False Data in Electricity Market
Bad Data Injection Detection
- Anomaly Detection and Support Vector Machine
- Gaming Between Attacker and Defender
Future Work
[7]Mohammad Esmalifalak – PhD Thesis Defense
Linear State Estimation ModelLinear State Estimation Model
Transmitted active power from bus i to bus j
)sin( jijiijij VVBP
[8]
eHxz )( jiijij BP
Linear approximation for small variance:
Tnx ],...,[ 1
jBGy ijijij
iii VV jjj VV
zHHHx eT
eT 111 )(ˆ
H: Jacobean Matrix (m×n) x: State variable (n×1)z: Measurements (m×1) e: Noise vector (m×1)
(m measurements for n buses and, m>>n)
Mohammad Esmalifalak – PhD Thesis Defense
Suseptance
Bad Data Detection Bad Data Detection
Conventional bad data detection using largest residue:– Residual vector
where
Conventional BDD:
without bad data:
with bad data:
)(ˆ MzHzxHzr
miri ,...,1)max(
111 )( eT
eT HHHHM
[9]
miri ,...,1)max(
CxxreCxHz i 00 )max()(
Cx 0
Stealth (unobservable) attack
Hypothesis test would fail in detecting the attacker, since the control center believes that true state is
Mohammad Esmalifalak – PhD Thesis Defense
Independent Component Analysis (ICA)Independent Component Analysis (ICA)
[10]
Given
nmnmm
nn
hhz
hhz
11
11111
jij and h Define t independen be should s' all ICA, use order toIn j
GyHAyzHz
1n 1k(k<n)
A statistical technique for decomposing a complex signal into independent sub-parts.
If attacker doesn’t have access to Matrix H?
Mohammad Esmalifalak – PhD Thesis Defense
How ICA works?How ICA works?
[11]A. Hyvärinen and E.Oja, “Independent Component Analysis: Algorithms and Applications.”
Gyz WzzGy 1
yqGywzwb TTT One of the independent components of y
If b wants to be one of independent components of the y
q should have only onenon-zero component
If q has more than one non-zero component, y will be more
Gaussian (Central Limit Theory)
Find the best W, which maximizes the non-Gaussianity
of zwT
kurtosis or the fourth-order cumulant, Negentropy
Simulation ResultsSimulation Results
[12]
MSE of ICA inference (z - Gy) vs. SNR.
When SNR is high (40dB) the MSE is as low as 10e-4
Probabilities of detection for Different Schemes
Detection of stealth attack with conventional BDD is impossible
Mohammad Esmalifalak – PhD Thesis Defense
OverviewOverview
Introduction to Smart Grid
Power System Model
Bad Data Injection
- Independent Component Analysis
- False Data in Electricity Market
Bad Data Injection Detection
- Anomaly Detection and Support Vector Machine
- Gaming Between Attacker and Defender
Future Work
[13]Mohammad Esmalifalak – PhD Thesis Defense
Electricity Market OverviewElectricity Market Overview
[14]
Predicted values for power network
DCOPF for Day-Ahead Electricity
Market
AheadDayLMP
AheadDayDispatch
Direct Measurements
in power network
State Estimation
DCOPF for Real-Time Electricity
Market
AheadDayDispatch
TimealLMP Re
Optimal Power Flow
(OPF)
Bid’s from Generators and loads, Structure of network, etc
Electricity Prices, Schedule for generators
Mohammad Esmalifalak – PhD Thesis Defense
Electricity Markets in USElectricity Markets in US
[15]
Federal Energy Regulatory Commission (FERC)
Mohammad Esmalifalak – PhD Thesis Defense
Day-Ahead Electricity Market Day-Ahead Electricity Market
1-Day Ahead Market:Market that computes optimal points for generation and
consumption (usually a day before real time)
Min :
St:
I
iii PgC
1
*)(
LlFFF
IiPgPgPg
LdPg
lll
iii
k
jj
I
ii
,...,1
,...,1max*min
max*min
1
*
1
*
[16]
Generation Cost
Power Balance
Generation & Transmission Limits
Mohammad Esmalifalak – PhD Thesis Defense
Real-Time Electricity Market Real-Time Electricity Market
2-Real Time Market:Market that recalculate optimal points for generation and
consumption based on real-time data
Min :
St:
I
iiii PgPgC
1
* )(
LlFFF
IiPgPgPg
PPg
lll
iii
I
iL
I
ii
,...,1
,...,1max*min
maxmin
11
[17]
Generation Cost
Power Balance
Generation & Transmission Limits
Mohammad Esmalifalak – Thesis Defense
Changing Congestion Changing Congestion
[18]
300MW
10$
14$
15$
30$
35$
Brighton600MW
Sundance200MW
Solitude520MW
B1
B4
B3
B2
B5
300MW
300MW
Z1
Z2
Z4
Z5
Z9
Z3
Z6
Z7Z8Z10
Z11
Increase or decreaseEstimated transmitted power
Stealth attack also is limited(Expert engineers)
Put higher cost for secure measurements
Mohammad Esmalifalak – PhD Thesis Defense
Decreasing Congestion Decreasing Congestion
[19]
Inserting false data will release the congestion in Line 29
Releasing congestion will change the prices
Mohammad Esmalifalak – PhD Thesis Defense
Virtual trade in Day ahead
Release congestion in ex-post real time market
Making profit in Real time market
OverviewOverview
Introduction to Smart Grid
Power System Model
Bad Data Injection
- Independent Component Analysis
- False Data in Electricity Market
Bad Data Injection Detection
- Anomaly Detection and Support Vector Machine
- Gaming Between Attacker and Defender
Future Work
[20]Mohammad Esmalifalak – PhD Thesis Defense
21
Principle Component Analysis Principle Component Analysis
cm
cm
bm
bm
am
am
ccbbaa
t
yxyxyx
yxyxyx
Z 111111
c
a
mth sample
1st sample
Mohammad Esmalifalak – PhD Thesis Defense
PCAb
22
Visualizing the Operational PointsVisualizing the Operational Points
m
t
Z
Z
Z 1
)( nmmth sample
1st sample
Power system measurements are correlated and can be compressed efficiently.
Mohammad Esmalifalak – PhD Thesis Defense
ij
ij
kP
PZ
Transmitted active power
Injected active power
23
IEEE 118 Bus Test SystemIEEE 118 Bus Test System
Normal Operating Points
Attacked Points
Mohammad Esmalifalak – PhD Thesis Defense
24
Anomaly DetectionAnomaly Detection
In data mining, the data sets considerably different fromthe remainder of data are called outliers or anomalies.
Statistical characteristics of the historical data
Probability density function of feature i
Mohammad Esmalifalak – PhD Thesis Defense
?
25
Anomaly DetectionAnomaly Detection
Mohammad Esmalifalak – PhD Thesis Defense
Smaller threshold Larger threshold Best threshold
Alarms anomaly even for some normal operating points
Misses some anomaly operating points
Uses training data set to learnthe best possible threshold
Semi-supervised learning: Although choosing the threshold without training set is possible, for best results in the test sets, we can use training set to learn best threshold.
26
Clustering MethodsClustering Methods
Normal Operating Points
Attacked Points
Line outage
Generator outage
Clustering methods like, Support Vector Machine (SVM)
Mohammad Esmalifalak – PhD Thesis Defense
27
Support Vector Machine Support Vector Machine
Mohammad Esmalifalak – PhD Thesis Defense
-1
1 -1
1
28
Clustering MethodsClustering Methods
Mohammad Esmalifalak – PhD Thesis Defense
Precision Recall
With almost 390 training samples, SVM can learn this clustering problem.
0 100 200 300 400 500 600 700 800 900 10000
0.2
0.4
0.6
0.8
1
1.2
Number of Training Samples
F1
Sco
re
Training Accuracy
CV Accuracy
OverviewOverview
Introduction to Smart Grid
Power System Model
Bad Data Injection
- Independent Component Analysis
- False Data in Electricity Market
Bad Data Injection Detection
- Anomaly Detection and Support Vector Machine
- Gaming Between Attacker and Defender
Future Work
[29]Mohammad Esmalifalak – PhD Thesis Defense
Attacker and Defender Gaming Attacker and Defender Gaming
[30]
Attacker/Defender cannot attack/defend all measurements Game
7,3 8,2
4,6 5,5
Defender
Attacker
Game table for attacker and defender
Mohammad Esmalifalak – PhD Thesis Defense
Two–Person Zero–SumTwo–Person Zero–Sum
[31]
Proportion of times that attacker/defender, attack/defend to/from measurements, respectively
Mohammad Esmalifalak – PhD Thesis Defense
Conclusion Conclusion
[32]
• Application of cyber technologies improves the quality of monitoring and decision making in smart grid but increases the cyber attack vulnerability.
•Vulnerabilities:Having access to measurements’ data reveals the structure of network [4].Attacker has financial benefit from attacking measurements [3].
• Protection: Learning Normal operating region of Power Network by machine learning techniques (such as anomaly detection and SVM) [2].Analyzing the behavior of attacker and defender using game theory [1].
Mohammad Esmalifalak – PhD Thesis Defense
Future WorkFuture Work
[33]
Using data mining to extract information from the smart meters’ large data set and transform it into an understandable structure for control center
Analyzing new types of attack (Economical and technical effects).
Protection against the new types of malware that are recently being introduced ( for e.g. Stuxnet, Zeus, etc).
Developing new defend mechanisms (Using signal processing or machine learning methods).
Mohammad Esmalifalak – PhD Thesis Defense
Privacy of the data. Public acceptance of the smart meters of the smart meters needs solid security investigations.
Affordable global communication infrastructure and embedded systems make it now relatively easy to give incentives to the loads and changetheir behaviors (demand side management).
Publication ListPublication List
[34]
[1] M. Esmalifalak, H. Nguyen, R. Zheng, L. Xie, L. Song, and Z. Han, “Stealthy Attack Against Electricity Market Using Independent Component Analysis” Submitted to IEEE Journal on Selected Areas in Communication (J-SAC)
[4] Y. Huang, M. Esmalifalak, Y. Cheng, H. Li, K. A. Campbell, and Z. Han, Adaptive Quickest Estimation Algorithm for Smart Grid Network Topology Error," to appear, IEEE Systems Journal, Special Issue on Smart Grid Communications Systems.
[5] M. Esmalifalak, G. Shi, Z. Han, and L. Song “Bad Data Injection Attack and Defense in Electricity Market using Game Theory Study” to appear IEEE Transactions on Smart Grid, Special Issue on Cyber, Physical, and System Security for Smart Grid.
[6] N. Forouzandehmehr, M. Esmalifalak, A. Mohsenian, and Z. Han, “A Dynamic Game for Demand Side Management of Smart Building with Renewable Energy Resource” Submitted to, IEEE Transaction on Smart Grid.
[7] Y. Huang, M. Esmalifalak, H. Nguyen, R. Zheng and Z. Han, “Bad Data Injection in Smart Grid: Attack and Defense Mechanisms” to appear, IEEE Communication Magazine (COMMAG-11-00367).
Journal/Magazine Papers
Mohammad Esmalifalak – PhD Thesis Defense
[2] M. Esmalifalak, N. Nguyen, R. Zheng, and Z. Han, “Detecting Stealthy False Data Injection Using Machine Learning in Smart Grid” Submitted to IEEE Transactions on Smart Grid.
[3] L. Liu, M. Esmalifalak, and Z. Han “Protection Against False Data Injection Attacks in Power Grids via Sparsity and Low Rank”, Submitted to, IEEE Transaction on Smart Grid.
Publication ListPublication List
[35]
[1] M. Esmalifalak, N. Nguyen, R. Zheng, and Z. Han, “Detecting Stealthy False Data Injection Using Machine Learning in Smart Grid” submitted to GLOBCOM 2013, Atlanta, GA, 2013.
[2] L. Liu, M. Esmalifalak, and Z. Han “Detection of False Data Injection in Power Grid Exploiting Low Rank and Sparsity”, IEEE International Conference on ommunications, Budapest, Hungary, June 2013
[3] M. Esmalifalak, G. Shi, Z. Han, and L. Song “Attack Against Electricity Market–Attacker and Defender Gaming”, IEEE Global Communications Conference Exhibition Industry Forum (Globecom 2012), Anaheim, USA, Dec. 2012.
[4] M. Esmalifalak, Z. Han, and L. Song “Effect of Stealthy Bad Data Injection on Network Congestion in Market Based Power System” IEEE Wireless Communications and Networking Conference , Paris, France, Apr. 2012. (Best Paper Award)
[5] M. Esmalifalak, H. Nguyen, R. Zheng and, Z. Han, “Stealth False Data Injection using Independent Component Analysis in Smart Grid,” Second IEEE Conference on Smart Grid Communications (IEEE SmartGrid Comm), Brussels, Belgium, Oct. 2011.
Conference Papers
Mohammad Esmalifalak – PhD Thesis Defense
[36]
Thanks for Your Attention
Mohammad Esmalifalak – PhD Thesis Defense