Anomaly-based Detection Of Cyber Attacks In Power Systems

With the deep integration of technologies such as intelligent sensing and measurement,communication,calculation and control,the power system has gradually turned to a cyberphysical system coordinated with each other through the virtual network of the information space and the physical network of the physical space.The safety and reliability of its cyber layer is a prerequisite for its physical layer to operate in a safer,more reliable and efficient way.In recent years,malicious cyber attacks against power systems have occurred from time to time,which has brought great threats to the operation of power systems.Unlike disturbances from physical layer of power systems,cyber attacks have the characteristics of being more concealed and less costly without losing destructiveness.Modeling and detection of network attacks need to be further studied so far.This dissertation firstly models cyber attacks based on the three elements of information security.Then,from the perspective of anomaly detection,a cyber-attack detection scheme based on fault characteristics and multi-agent systems and a cyber-attack detection scheme based on cumulative deviation and control chart technology are designed.The main tasks completed are as follows:Firstly,it summarizes the importance of exploring the propagation mechanism and impact mode of cyber attacks from two aspects: modeling and detection.According to the three elements of information security,cyber attacks are modeled as three types: integrity attacks,availability attacks,and confidentiality attacks.Anomaly detection are divided into feature-based detection and deviation-based detection according to the identification basis,and their suitable application scenarios are analyzed.Secondly,it proposes a operating-state classification method considering cyber attacks,and uses the definition of different operating states to design corresponding anomaly detection rules to distinguish the normal state,fault state and attacked state.At the same time,based on the perspective of feature detection,a hierarchical detection and mitigation scheme for cyber attacks at the station control layer of the power system based on a multi-agent system is designed.The scheme is designed as a three-level detection structure on the basis of the traditional relay protection scheme,where each level of agent uses the information obtained on the physical layer and the information layer to extract physical-fault characteristics to detect and distinguish between cyber attacks and physical failures.Finally,it excavates the specific physical meaning of cyber-physical coordinated attacks for power system state estimation,and proposed a new type of invisible false data injection attack.The relationship between the false data injection attack and the cyber-physical coordinated attack is analyzed,so that the proposed detection scheme can detect multiple attacks at the same time.Meanwhile,based on the perspective of cumulative deviation,an attack-detection scheme for state estimation of power system is designed based on cumulative and control chart technology.The self-adaptive non-parametric technology is used to adapt to a wide range of attack ranges without adjusting parameter Settings for different attack ranges while maintaining the unique recursive form of the cumulative and control chart.