Detecting False Data Injection Attacks In Smart Grid

The smart grid is an energy-based cyber physical system(CPS)with the integration of information and communications technology(ICT)and cyber components,by which the energy efficiency is improved,but at the same time,the threat of cyber security is also arisen.As a cyber-attack in smart grid,false data injection(FDI)attacks bypass the bad data detection of Supervisory Control and Data Acquisition(SCADA)and cause the state estimation deviation,which misleads SCADA to make decisions that affect the safety of the smart grid.Therefore,it is significant to study the features of FDI attacks,and further stipulate effective countermeasures for ensuring the safe and stable operation of smart grid.The thesis focused on the study of the detection of FDI attacks.The contents of it can be summarized as follow.Extreme learning machine(ELM)-based OCON framework.In the framework,to effectively detect multiple FDI attacks on multiple bus nodes at the same time and identify the bus nodes under attack,each subnet in the state identification layer can exploit one-against-all based ELM model to effectively perform the classification between the normal data and the false data.What's more,according to the results of the state identification layer,the global layer determines the adaptive threshold to perform the task of identifying the attacked buses.Finally,in order to improve the resilience of the system,a prediction recovery strategy is proposed to remedy the detected false data by exploiting the spatial correlation of power data.The proposed FDI attacks detection framework is tested on IEEE 14 bus system using real load data from New York independent system operator.Simulation results demonstrate that the proposed framework not only accurately detects and locates the multiple bus nodes under the FDI attacks,but also efficiently recovers the data injected by false data.A pre-prediction post-classification framework.In the framework,conditional restricted boltzmann machine(CRBM)is firstly used to train the parameters of weight and bias of extreme learning machine.Since the parameters of weight and bias are randomly set in original ELM,the training of CRBM can improve the prediction accuracy of the time series data.Then both the wavelet decomposition and the convolutional layer and the pooling layer of convolution neural network(CNN)have the function of feature extraction.By analysis,it is found that the filtering and down-sampling in wavelet decomposition and the convolution layer and pooling layer of CNN have the same principle respectively.Since the initial convolution kernel of the convolutional layer is randomly set,the high-pass and low-pass filters of the wavelet function are used as the initial value of the convolution kernel to reduce the training complexity and improve the classification accuracy.Thus the Wavelet-based CNN is trained by using the residual of the predicted data and the actual data to detect the FDI attack.Numerical tests on IEEE 14 bus and 118 bus test systems verify the effectiveness and robustness of the proposed pre-prediction post-classification framework,and in the classification phase,the comparison among Wavelet-based CNN and CNN is also conducted.The results show that the Wavelet-based CNN detection method has higher detection accuracy for smaller false data supply,and in the case of noise the Wavelet-based CNN detection has the robustness.