Attack and Defend Mechanisms for State Estimation in Smart Grid

Aging power industries together with an increase in the demand from industrial and residential customers are the main incentive for policy makers to define a road map to the next generation power system called the smart grid. Changing the traditional structure of power systems and integrating communication devices are beneficial for better monitoring and decision making by the system operators, but at the same time it increases the risk of cyber attacks. Power system blackout in 2003 created serious problems for customers in the eastern US and Canada. Although different investigations report reasons other than cyber attack for the blackout, many researchers believe a similar tragedy could happen with targeted cyber attacks. Later in 2007, researchers at the Idaho National Lab tried to attack a synchronous generator. The attack was successful and the generator was self-destroyed in a couple of minutes. This attack alarmed cyber-security decision makers, motivating them to define a critical infrastructure that is vulnerable to cyber-attack. An example of this vulnerability is the current bad data detection routine in state estimation, which is not able to detect a certain type of cyber attack called \emph{stealth attack}. Stealth attacks are able to manipulate the state estimation results in order to take economical advantages or make technical problems for power grid.

In this dissertation, we analyze the cyber attack against state estimation, from both the attacker and defender points of views. We first review the structure of the electricity market, and then we present the way that the attacker alters the congestion in the ex--post market (in the desired direction) and makes financial profits. We investigate the case that attackers without prior knowledge of the power grid topology, try to make inferences through phasor observations. The inferred structural information is used to launch stealth attacks. This attack is formulated to change the price of electricity in the real-time market.

Second, we look at the false data injection from the defender point of view. Because of a huge number of measurements in the network, attacking and defending all measurements are impossible for the attacker and defender, respectively. This situation is modeled as a zero-sum game between the attacker and the defender, and we describe how the interest of one party (attacker or defender) can influence the other's interest. The results of this game defines the proportion of times that the attacker and defender will attack and defend different measurements, respectively.

Finally, we illustrate how the normal operations of power networks can be statistically distinguished from the case under stealthy attacks. We first propose two machine learning based techniques for stealthy attack detection. The first method utilizes the supervised learning over labeled data and trains a support vector machine. The second method requires no labeled outputs for training data and detects deviation in the measurements. In both methods, principle component analysis is used to reduce the dimensionality of the data to be processed, which leads to lower computational complexities.