Download presentation

Presentation is loading. Please wait.

1
**Spoofing State Estimation**

William Niemira

2
**Overview State Estimation DC Estimator Bad Data Malicious Data**

Examples Mitigation Strategies

3
**State Estimation Finite transmission capacity**

Economic and security aspects must be managed Contingency analysis Pricing Congestion management Accurate state information needed

4
**State Estimation Networks are large Many measurements to reconcile**

Thousands or tens of thousands of buses Large geographical area Many measurements to reconcile Different types Redundant Subject to error

5
State Estimation State estimation uses measurement redundancy to improve accuracy Finds best fit for data Differences between measures and estimates can indicate errors

6
**DC Estimator Overdetermined system of linear equations**

Solved as weighted-least squares problem Assumes: Lossless branches (neglects resistance and shunt impedances) Flat voltage profile (same magnitude at each bus) Reduces computational burden

7
**DC Estimator 𝑧=𝐻𝑥+𝑒 𝑥 is the vector of n states**

𝑧 is the vector of m measurements 𝐻 is the m x n Jacobian matrix 𝑒 is an m vector of random errors

8
**DC Estimator Residual vector 𝑟=𝑧−𝐻𝑥 Estimated as 𝑧− 𝑧 where 𝑧 =𝐻 𝑥**

Minimize: 𝐽 𝑥 = 𝑧−𝐻𝑥 ′ 𝑊 (𝑧−𝐻𝑥) Where 𝑊 is a diagonal matrix of measurement weights

9
**DC Estimator Differentiate 𝐽(𝑥) to obtain 𝐺 𝑥 = 𝐻 ′ 𝑊𝑧**

Where 𝑥 is the state estimate and 𝐺= 𝐻 ′ 𝑊𝐻 is the state estimation gain matrix Bad data assumed if 𝑧−𝐻 𝑥 >ε where ε is some tolerance

10
**1-Bus Example 1 0 0 1 −1 −1 PG PL1 = PGmeas PL1meas PL2meas 𝐻 𝑥 = 𝑧**

PG = PGmeas PL1 = PL1meas – PL1 – PG = PL2meas −1 −1 PG PL1 = PGmeas PL1meas PL2meas 𝐻 𝑥 = 𝑧

11
1-Bus Example For variances of 0.004, 0.001, and for PGmeas , PL1meas , PL2meas respectively 𝑊= 𝐺= 𝐻 ′ 𝑊𝐻=

12
**1-Bus Example 𝑧= PGmeas PL1meas PL2meas = 1.05 −.72 −.29**

𝑥 = 𝐺 −1 𝐻 ′ 𝑊 𝑧= −.7267 𝑧 =𝐻 𝑥 = −.7267 −.2967 𝑟 =𝑧− 𝑧 =

13
3-Bus Example – 50 θ2 – 100 θ3 = P1meas 150 θ2 – 100 θ3 = P2meas – 100 θ θ3 = P3meas – 100 θ3 = P13meas

14
**−50 −100 150 −100 −100 200 0 −100 θ2 θ3 = P1meas P2meas P3meas P13meas**

3-Bus Example −50 − −100 − − θ2 θ3 = P1meas P2meas P3meas P13meas

15
3-Bus Example H= −50 − −100 − −100 , 𝑥= θ2 θ3 , 𝑧= P1meas P2meas P3meas P13meas

16
**Bad Data Bad data usually consists of isolated, random errors**

These types of errors tend to increase the residual Measurements with large residuals can be omitted to check for better fit Works well for non-interacting bad measurements

17
**1-Bus Example Good Data Bad Data**

𝑧= PGmeas PL1meas PL2meas = 1.05 −.72 −.29 𝑥 = 𝐺 −1 𝐻 ′ 𝑊 𝑧= −.7267 𝑧 =𝐻 𝑥 = −.7267 −.2967 𝑟 =𝑧− 𝑧 = 𝑧= PGmeas PL1meas PL2meas = 1.15 −.72 −0.29 𝑥 = 𝐺 −1 𝐻 ′ 𝑊 𝑧= −.7433 𝑧 =𝐻 𝑥 = −.7433 −.3133 𝑟 =𝑧− 𝑧 =

18
Malicious Data Malicious data (data manipulated by an adversary) need not be isolated or random Adversary may inject multiple coordinated measurement errors Errors could interact with each other or other measurements Could change 𝑥 without increasing 𝑧−𝐻 𝑥

19
**Attack Formation Given: 𝑧−𝐻 𝑥 <ε**

Attacked measurement vector 𝑧 𝑎 =𝑧+𝑎 Attack vector 𝑎 Estimated states due to attack 𝑥 𝑎= 𝑥 +𝑐 Clever adversary chooses 𝑎=𝐻𝑐 𝑧 𝑎 −𝐻 𝑥 𝑎 = 𝑧+𝑎−𝐻( 𝑥 +𝑐) = 𝑧−𝐻 𝑥 +(𝑎−𝐻𝑐) = 𝑧−𝐻 𝑥 <ε

20
**1-Bus Example 1 0 0 1 −1 −1 PG PL1 = PGmeas PL1meas PL2meas**

PG = PGmeas PL1 = PL1meas – PL1 – PG = PL2meas −1 −1 PG PL1 = PGmeas PL1meas PL2meas

21
1-Bus Example 𝐻= −1 −1 𝑧= PGmeas PL1meas PL2meas x= PG PL1 Unobservable attack vectors: Any linear combination of 𝑎 1 and 𝑎 2 𝑎 1 = 1 0 −1 , 𝑎 2 = 0 1 −1

22
**1-Bus Example Unattacked Attacked**

𝑧= PGmeas PL1meas PL2meas = 1.05 −.72 −.29 𝑥 = 𝐺 −1 𝐻 ′ 𝑊 𝑧= −.7267 𝑧 =𝐻 𝑥 = −.7267 −.2967 𝑟 =𝑧− 𝑧 = 𝑧= PGmeas PL1meas PL2meas −1 = 1.55 −.22 −1.29 𝑥 = 𝐺 −1 𝐻 ′ 𝑊 𝑧= −.2267 𝑧 =𝐻 𝑥 = −.2267 − 𝑟 =𝑧− 𝑧 =

23
For Real? In practice, state estimators are more complicated than previous examples Assumed strong adversary: Has access to topology information Has some means to change measurements Why would someone do this? Simulate congestion—could affect markets Reduce awareness of system operator

24
AC Estimator AC model accounts for some effects neglected in the DC model Attacks as generated earlier will affect residual Attack may not have effect intended by adversary

25
**AC Estimator 𝑧=ℎ(𝑥)+𝑒 𝑥 is the vector of n states**

𝑧 is the vector of m measurements ℎ(.) is nonlinear vector function relating measurements to states 𝑒 is an m vector of random errors

26
**AC Estimator Solved using Gauss Newton method**

Gain matrix: 𝐺 𝑥 = 𝐻 ′ 𝑥 𝑅𝑧 −1 𝐻 𝑥 𝑅𝑧 is diagonal matrix of variances Estimation procedure: Δ 𝑥 ν = 𝐺( 𝑥 ν ) −1 𝐻′( 𝑥 ν ) 𝑅𝑧 −1 Δ𝑧( 𝑥 ν ) 𝑥 ν+1 = 𝑥 ν +Δ 𝑥 ν

27
**AC Estimator DC approximation is pretty good**

Harder to detect attack than random error Relatively large attacks may escape detection Grid state affects quality of DC attack

28
**Detection Focus on quantities neglected by DC model (VARs)**

VARs tend to be localized AttackLosses changeVAR flow and generation changes

29
Detection Alternative approach is to estimate parameters simultaneously with states Augment state vector with known parameters Compare known values to parameter estimates to find bad data

30
Detection Choose something known to the control center but not an attacker Example: TCUL xformer tap position, D-FACTS setting Attacks will perturb parameter estimates

31
Conclusions State estimators, even nonlinear estimators, are vulnerable to malicious data Malicious data is different from conventional bad data Nonlinearity effects of the attack may be detectable Parameter estimation can verify data

32
Questions? Thank you!

Similar presentations

OK

Factor P 16 8(8-5ab) 4(d² + 4) 3rs(2r – s) 15cd(1 + 2cd) 8(4a² + 3b²)

Factor P 16 8(8-5ab) 4(d² + 4) 3rs(2r – s) 15cd(1 + 2cd) 8(4a² + 3b²)

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google

Ppt on e waste management in india Psychology ppt on personality Ppt on online travel agency Ppt on regular expression in java Ppt on our nation india Ppt on food industry in india Ppt on special types of chromosomes in human Ppt on types of software system Ppt on data collection methods for quantitative research Free download ppt on training and development in hrm