Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bad Data Injection in Smart Grid: Attack and Defense Mechanisms Zhu Han University of Houston.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Bad Data Injection in Smart Grid: Attack and Defense Mechanisms Zhu Han University of Houston."— Presentation transcript:

1 Bad Data Injection in Smart Grid: Attack and Defense Mechanisms Zhu Han University of Houston

2 Overview Introduction to Smart Grid Power System State Estimation Model Bad Data Injection Defender Mechanism –Quickest Detection Attacker Learning Scheme –Independent Component Analysis Future Work A Few Topics in Smart Grid Communication Conclusions Quick View of Amigo Lab

3 “Smarter” Power Grid Sensing, measurement, and control devices with two-way communications between the suppliers and customers. Benefits both utilities, consumers & environment: –Reduce supply while fitting demand –Save money, optimal usage. –Improve reliability and efficiency of grid –Integration of green energy, reduction of CO 2 More than 3.4 billion from US federal stimulus bill is targeted. –Obama stimulus plan One of hottest topic in research community –But what are the problems from signal processing, communication and networking points of view?

4 Smart Grid Are more easily integrated into power sys. Less depend on fossil fuel Connect grid to charge overnight when demand is low Realtime analysis, Manage, plan, and forecast the energy system to meets the needs Can generate own and sellback excess energy Gather, monitor the usage so the supply more efficiently and anticipate challenging peaks Use sophisticated comm. Technology to find/fix problems faster, enhancing reliability in-home management tool to track usage

5 Supervisory Control and Data Acquisition Center Real-time data acquisition –Noisy analog measurements u Voltage, current, power flow –Digital measurements State estimation –Maintain system in normal state –Fault detection –Power flow optimization –Supply vs. demand SCADA TX data from/to Remote Terminal Units (RTUs), the substations in the grid

6 Privacy & Security Concern More connections, more technology are linked to the obsolete infrastructure. –Add-on network technology: sensors and controls estimation –More substations are automated/unmanned Vulnerable to manipulate by third party –Purposely blackout –Financial gain –Story of Enron How to tackle this issue at this moment? Provide one example next

7 Power System State Estimation Model Transmitted active power from bus i to bus j –High reactance over resistance ratio –Linear approximation for small variance –State vector, measure noise e with covariance Ʃ e –Actual power flow measurement for m active power-flow branches –Define the Jacobian matrix –We have the linear approximation –H is known to the power system but not known to the attackers

8 Bad Data Injection and Detection State estimation from z Bad data detection –Residual vector –Without attacker where –Bad data detection (with threshold  ) without attacker: with attacker:otherwise Stealth (unobservable) attack: z=Hx+c+e, where c=H  x –Hypothesis test would fail in detecting the attacker, since the control center believes that the true state is x +  x.

9 Overview Introduction to Smart Grid Power System State Estimation Model Bad Data Injection Defender Mechanism –Quickest Detection Attacker Learning Scheme –Independent Component Analysis Future Work A Few Topics in Smart Grid Communication Conclusions Quick View of Amigo Lab

10 Basics of Quickest Detection (QD) Detect distribution changes of a sequence of observations as quick as possible with the constraint of false alarm or detection probability. min [processing time] s.t. Prob(true ≠ estimated) < ŋ Classification 1. Bayesian framework: l known prior information on probability l SPRT (e.g. quality control, drug test, ) 2. Non-Bayesian framework: l unknown distribution and no prior l CUSUM (e.g. spectrum sensing, abnormal detection )

11 QD System Model Assuming Bayesian framework with non-stealthy attack –the state variables are random with The binary hypothesis test: The distribution of measurement z under binary hyp: (differ only in mean) We want a detector –False alarm and detection probabilities

12 Detection Model - NonBayesian Non-Bayesian approach –unknown prior probability, attacker statistic model The unknown parameter exists –in the post-change distribution and may changes over the detection process. –You do not know how attacker attacks. Minimizing the worst-case effect via detection delay: We want to detect the intruder as soon as possible while maintaining P D. Actual time of active attack Detection time Detection delay

13 Multi-thread CUSUM Algorithm CUSUM Statistic: where Likelihood ratio term of m measurements: By recursion, CUSUM Statistic S t at time t: Average run length (ARL) for declaring attack with threshold h How about the unknown? Declare the attacker is existing! Otherwise, continuous to the process.

14 Linear Solver for the Unknown Rao test – asymptotically equivalent model of GLRT: The linear unknown solver for m measurements: Recursive CUSUM Statistic w/ linear unknown parameter solve: –Modified CUSUM statistics The unknown is no long involved

15 Simulation: Adaptive CUSUM algorithm 2 different detection tests: FAR: 1% and 0.1% Active attack starts at time 5 Detection of attack at time 7 and 8, for different FARs

16 Markov Chain based Analytical Model Divide statistic space into discrete states between 0 and threshold –Obtain the transition probabilities –Obtain expectation of detection delay, false alarm rate and missing probability

17 Overview Introduction to Smart Grid Power System State Estimation Model Bad Data Injection Defender Mechanism –Quickest Detection Attacker Learning Scheme –Independent Component Analysis Future Work A Few Topics in Smart Grid Communication Conclusions Quick View of Amigo Lab

18 Independent Component Analysis (ICA) Linear Independent Component Analysis –find a linear representation of the data so that components are as statistically independent as possible. –i.e., among the data, find how many independent sources. Question for bad data injection: –Without knowing H, the attacker can be caught. –Could attacker launch stealthy attack to the system even without knowledge about H? –Using ICA, attacker could estimate H and consequently, lunch an undetectable attack.

19 ICA Basics A special case of blind source separation u = G v u = [u i, i = 1, 2, … m]: observable vector G = [g ij, i = 1, 2, … m, j = 1, 2, … n]: mixing matrix (unknown) v = [v i, i = 1, 2, … n]: source vector (unknown) Linear ICA implementation: FastICA from [Hyvärinen]

20 Stealth False Data Injection with ICA Supposing that the noise is small, then we what to do the mapping: u = G v z = H x Problem: state vector x is highly correlated Consider: x = A y, where –A: constant matrix that can be estimated –y: independent random vectors Then we can apply Linear ICA on z = HA y –We cannot know H, but we can know HA –Stealthy attack: Z=Hx+HA  y+e

21 Numerical Simulation Setting Simulation setup –4-Bus test system, IEEE 14-Bus and 30-bus –Matpower

22 Numerical Results MSE of ICA inference (z-Gy) vs. the number of observations (14-bus case).

23 Performance of the Attack The PDF is the same w or w/o attacking. So log likelihood is equal to 1– unable to detect

24 Overview Introduction to Smart Grid Power System State Estimation Model Bad Data Injection Defender Mechanism –Quickest Detection Attacker Learning Scheme –Independent Component Analysis Future Work A Few Topics in Smart Grid Communication Conclusions Quick View of Amigo Lab

25 1. Distributed Smart Grid State Estimation The deregulation has led to the creation of many regional transmission organizations within a large interconnected power system. A distributed estimation and control is need. –Distributed observability analysis –Bad data detection Challenges: –Bottleneck and reliability problems with one coordination center. –Need for wide area monitoring and control –Convergence and optimality

26 Fully-Distributed State Estimation With N substations/nodes –By iteratively exchanging information with neighbors –All local control center can achieve an unbiased consensus of system-wide state estimation. Local observati on matrix Unknown State Local Jacobian matrix Useful information to be detected

27 2. Optimality of Fault Detection Algorithm Detecting the attack as an intermediate step towards obtaining a reliable estimate about the injected false data –Facilitates eliminating the disruptive effects of the false data Joint estimation and detection problem –Define an estimation performance measure –Seek to the optimize it while ensuring satisfactory of the detection performance Performance measurement

28 3. Manipulate Electricity Market Example: Ex Post Market Market that recalculate optimal points for generation and consumption based on real-time data Min : St: [28] Generation Cost Power Balance Generation & Transmission limits

29 4. PMU PMU can measure voltage angle directly –Defender: placement problem, no need to place nearby –Attackers’ new strategy with existence of PMU 1 6 2 5 7 3 4 PMU [29]

30 5. Game Theory Analysis (attacker, defender) N A N(0,0)(b,-b) D(c,-c)(-a,a) a, b, c t How to formulate the game?

31 A Few Topics in Smart Grid Communications Bad data injection Demand side management –Peak to average ratio –Scheduling problem Renewable energy –The renewable energy is unreliable. –Have to use diesel generators during shortage –Not cheap and not green PHEV –routing, scheduling and resource allocation Communication link effect on the smart grid

32 Conclusions Bad data injection problem formulation From defender point of view –detect malicious bad data injection attack as quick as possible –Adaptive CUSUM algorithm From attacker point of view –can estimate both the system topology and power states just by observing the power flow measurements –Independent component analysis algorithm to obtain information –Once the information is at hand, malicious attacks can be launched without triggering the detection system Many possible future work Edited book 2012 by Cambridge with E. Hossain and V. Poor. Possible future collaboration

33 Overview of Wireless Amigo Lab Lab Overview –7 Ph.D. students, 2 joint postdocs (with Rice and Princeton) –supported by 5 NSF,1 DoD, and 1 Qatar grants Current Concentration –Game theoretical approach for wireless networking –Compressive sensing and its application –Smartgrid communication –Bayesian nonparametric learning –Security: trust management, belief network, gossip based Kalman –Physical layer security –Quickest detection –Cognitive radio routing/security –Sniffing: femto cell and cloud computing USRP2 Implementation Testbed

34 Questions Thank you for listening and supporting!

Download ppt "Bad Data Injection in Smart Grid: Attack and Defense Mechanisms Zhu Han University of Houston."

Similar presentations

TARGET DETECTION AND TRACKING IN A WIRELESS SENSOR NETWORK Clement Kam, William Hodgkiss, Dept. of Electrical and Computer Engineering, University of California,

TARGET DETECTION AND TRACKING IN A WIRELESS SENSOR NETWORK Clement Kam, William Hodgkiss, Dept. of Electrical and Computer Engineering, University of California,
Cooperative Transmit Power Estimation under Wireless Fading Murtaza Zafer (IBM US), Bongjun Ko (IBM US), Ivan W. Ho (Imperial College, UK) and Chatschik.

Cooperative Transmit Power Estimation under Wireless Fading Murtaza Zafer (IBM US), Bongjun Ko (IBM US), Ivan W. Ho (Imperial College, UK) and Chatschik.
1 ECE 776 Project Information-theoretic Approaches for Sensor Selection and Placement in Sensor Networks for Target Localization and Tracking Renita Machado.

1 ECE 776 Project Information-theoretic Approaches for Sensor Selection and Placement in Sensor Networks for Target Localization and Tracking Renita Machado.
State Estimation and Kalman Filtering CS B659 Spring 2013 Kris Hauser.

State Estimation and Kalman Filtering CS B659 Spring 2013 Kris Hauser.
A Hierarchical Multiple Target Tracking Algorithm for Sensor Networks Songhwai Oh and Shankar Sastry EECS, Berkeley Nest Retreat, Jan. 2004.

A Hierarchical Multiple Target Tracking Algorithm for Sensor Networks Songhwai Oh and Shankar Sastry EECS, Berkeley Nest Retreat, Jan
Markov Game Analysis for Attack and Defense of Power Networks Chris Y. T. Ma, David K. Y. Yau, Xin Lou, and Nageswara S. V. Rao.

Markov Game Analysis for Attack and Defense of Power Networks Chris Y. T. Ma, David K. Y. Yau, Xin Lou, and Nageswara S. V. Rao.
Presenter: Raghu Ranganathan ECE / CMR Tennessee Technological University March 22th, 2011 Smart grid seminar series Yao Liu, Peng Ning, and Michael K.

Presenter: Raghu Ranganathan ECE / CMR Tennessee Technological University March 22th, 2011 Smart grid seminar series Yao Liu, Peng Ning, and Michael K.
Presented by: Hao Liang

Presented by: Hao Liang
Quickest Detection and Its Allications Zhu Han Department of Electrical and Computer Engineering University of Houston, Houston, TX, USA.

Quickest Detection and Its Allications Zhu Han Department of Electrical and Computer Engineering University of Houston, Houston, TX, USA.
Smart Grid Projects Andrew Bui.

Smart Grid Projects Andrew Bui.
*Sponsored in part by the DARPA IT-MANET Program, NSF OCE-0520324 Opportunistic Scheduling with Reliability Guarantees in Cognitive Radio Networks Rahul.

*Sponsored in part by the DARPA IT-MANET Program, NSF OCE Opportunistic Scheduling with Reliability Guarantees in Cognitive Radio Networks Rahul.
Location Estimation in Sensor Networks Moshe Mishali.

Location Estimation in Sensor Networks Moshe Mishali.
Chess Review May 11, 2005 Berkeley, CA Tracking Multiple Objects using Sensor Networks and Camera Networks Songhwai Oh EECS, UC Berkeley

Chess Review May 11, 2005 Berkeley, CA Tracking Multiple Objects using Sensor Networks and Camera Networks Songhwai Oh EECS, UC Berkeley
Particle Filters for Mobile Robot Localization 11/24/2006 Aliakbar Gorji Roborics Instructor: Dr. Shiri Amirkabir University of Technology.

Particle Filters for Mobile Robot Localization 11/24/2006 Aliakbar Gorji Roborics Instructor: Dr. Shiri Amirkabir University of Technology.
Comparison Between Communication Infrastructures of Centralized and Decentralized Wide Area Measurement Systems Mohammad Shahraeini, Mohammad Hossein Javidi,

Comparison Between Communication Infrastructures of Centralized and Decentralized Wide Area Measurement Systems Mohammad Shahraeini, Mohammad Hossein Javidi,
Collaborative Signal Processing CS 691 – Wireless Sensor Networks Mohammad Ali Salahuddin 04/22/03.

Collaborative Signal Processing CS 691 – Wireless Sensor Networks Mohammad Ali Salahuddin 04/22/03.
August 8, 2015ECI Confidential. AccessWave Smart Grid Market Trends& Applications Matthias Nass VP Field Marketing EMEA.

August 8, 2015ECI Confidential. AccessWave Smart Grid Market Trends& Applications Matthias Nass VP Field Marketing EMEA.
Multiantenna-Assisted Spectrum Sensing for Cognitive Radio

Multiantenna-Assisted Spectrum Sensing for Cognitive Radio
Optimal Placement and Selection of Camera Network Nodes for Target Localization A. O. Ercan, D. B. Yang, A. El Gamal and L. J. Guibas Stanford University.

Optimal Placement and Selection of Camera Network Nodes for Target Localization A. O. Ercan, D. B. Yang, A. El Gamal and L. J. Guibas Stanford University.
Data Selection In Ad-Hoc Wireless Sensor Networks Olawoye Oyeyele 11/24/2003.

Data Selection In Ad-Hoc Wireless Sensor Networks Olawoye Oyeyele 11/24/2003.

Similar presentations

Ads by Google