0 Voti positivi0 Voti negativi

12 visualizzazioni12 pagineRecent studies have shown that an attacker can compromise some of the power grid measurements to mislead the conventional state estimators (SEs), since the manipulated measurements can pass the SE residue tests. Statistical structure learning-based approaches have been recently introduced as a powerful tool to detect some of the most complicated cyber attacks. However, the expensive computational complexity of the learning process limits the applicability of these approaches for real time cyber attack detection. This paper proposes a fast and decentralized approach for cyber attack detection based on a maximum likelihood (ML) estimation which exploits the near chordal sparsity of power grids to establish an efficient framework to solve the associated ML estimation problem. The proposed detection method is then decomposed to several local ML estimation problems; this would ensure privacy and reduce the complexity of the underlying problem. The simulation studies validate the efficiency of the proposed method in detecting truly complicated stealthy false data injection attacks.

Mar 13, 2017

© © All Rights Reserved

PDF, TXT o leggi online da Scribd

Recent studies have shown that an attacker can compromise some of the power grid measurements to mislead the conventional state estimators (SEs), since the manipulated measurements can pass the SE residue tests. Statistical structure learning-based approaches have been recently introduced as a powerful tool to detect some of the most complicated cyber attacks. However, the expensive computational complexity of the learning process limits the applicability of these approaches for real time cyber attack detection. This paper proposes a fast and decentralized approach for cyber attack detection based on a maximum likelihood (ML) estimation which exploits the near chordal sparsity of power grids to establish an efficient framework to solve the associated ML estimation problem. The proposed detection method is then decomposed to several local ML estimation problems; this would ensure privacy and reduce the complexity of the underlying problem. The simulation studies validate the efficiency of the proposed method in detecting truly complicated stealthy false data injection attacks.

© All Rights Reserved

12 visualizzazioni

Recent studies have shown that an attacker can compromise some of the power grid measurements to mislead the conventional state estimators (SEs), since the manipulated measurements can pass the SE residue tests. Statistical structure learning-based approaches have been recently introduced as a powerful tool to detect some of the most complicated cyber attacks. However, the expensive computational complexity of the learning process limits the applicability of these approaches for real time cyber attack detection. This paper proposes a fast and decentralized approach for cyber attack detection based on a maximum likelihood (ML) estimation which exploits the near chordal sparsity of power grids to establish an efficient framework to solve the associated ML estimation problem. The proposed detection method is then decomposed to several local ML estimation problems; this would ensure privacy and reduce the complexity of the underlying problem. The simulation studies validate the efficiency of the proposed method in detecting truly complicated stealthy false data injection attacks.

© All Rights Reserved

- Java Programs
- Comparative CSR Skyline
- Creating Sparse Finite-Element Matrices in MATLAB » Loren on the Art of MATLAB
- Sparse Matrices
- Adaptive Control
- Back and Forward
- 798f740384a0ffa19a4fb79f98887880f5e2 (1)
- MIT18_06S10_exam3_s10_soln.pdf
- Chernoff 1953 Locally Doptimal Designs
- 07052705.pdf
- 165_4_0
- Linear Algebra
- lauritzen--contingency-tables.pdf
- Cv Chiara Ra Vazzi
- 10.1.1.63.1051
- 8. IJAMSS - Properties of Extended Matrix Algebra
- Mat Det Prob Revision Sheet II
- Analytical Evaluation of Generalized Predictive Control Algorithms Using a Full Vehicle Multi-Body Dynamics Model For Mobility Enhancement
- StatLec21-25
- 1.Multicore Berkeley

Sei sulla pagina 1di 12

fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TSG.2017.2675960, IEEE

Transactions on Smart Grid

IEEE TRANSACTIONS ON SMART GRID, MAY 2016 1

Approach to Detect Cyber Attacks in Smart Grids

Ramin Moslemi, Afshin Mesbahi, Member, IEEE, and Javad Mohammadpour Velni, Member, IEEE

AbstractRecent studies have shown that an attacker can lead to catastrophic consequences such as blackouts in large

compromise some of the power grid measurements to mislead geographic areas. Among different cyber attacks, false data

the conventional state estimators (SEs), since the manipulated injections have attracted significant research interest, since the

measurements can pass the SE residue tests. Statistical structure

learning-based approaches have been recently introduced as a attacker with enough knowledge of the power grid topology

powerful tool to detect some of the most complicated cyber can initiate an attack in a way that it passes residue-based bad

attacks. However, the expensive computational complexity of the data detection tests, commonly used in power systems SE,

learning process limits the applicability of these approaches for thereby remaining undetected [5], [6].

real time cyber attack detection. This paper proposes a fast

and decentralized approach for cyber attack detection based A. Related work

on a maximum likelihood (ML) estimation which exploits the

near chordal sparsity of power grids to establish an efficient Two security indices were proposed in [2] and [8] providing

framework to solve the associated ML estimation problem. The the size of the smallest measurement set that should be

proposed detection method is then decomposed to several local compromised by the attacker in order to launch a successful

ML estimation problems; this would ensure privacy and reduce unobservable false data injection attack. Using the graph the-

the complexity of the underlying problem. The simulation studies

validate the efficiency of the proposed method in detecting truly oretic tools in [2], it was proven that the security index is only

complicated stealthy false data injection attacks. dependent on the power grid configuration. To detect stealthy

attacks, a new algorithm has been proposed in [9] for PMUs

Index TermsSmart grids; False data injection attack; Maxi-

mum likelihood (ML) estimation; Chordal sparsity. placement; however, due to the complexity of the problem, the

proposed method is not practical when the number of attacked

nodes is more than five. Also, the proposed method requires a

I. I NTRODUCTION new hardware installation which is impractical in many cases.

dependent on the cyber infrastructure, such as intelligent

devices and communication networks. Although employing

The ML estimation of Gaussian graphical models has been

examined in power grids [10] to detect possible faults. It

has been proposed that any change in the obtained values of

such devices and technologies results in the optimal usage conditional correlation matrix can be used as an indicator of

of resources and provides reliable tools to control power grids faults occurring and of fault locations in the power grid. How-

under different operating conditions, it makes the grid prone ever, to find the information matrix, a constrained maximum

to the malicious cyber attacks. likelihood optimization problem should be solved. Solving

In a typical power grid, Supervisory Control and Data this convex constrained problem for large scale power grids

Acquisition (SCADA) system is responsible for receiving data is time consuming. Recently, methods based on the structure

from the Remote Terminal Units (RTUs) and sending appro- learning of graphical models have been developed to cope with

priate control commands to the actuators and Transmission stealthy cyber attacks. In [11], [12], conditional covariance test

System Operators (TSO) via communication network [1]. The (CMIT) approach has been implemented to learn the structure

data received by SCADA is used as input for state estimators of the power grids. Then, based on the same argument made

to estimate unknown state variables in the power grid based in [10], the discrepancy between the calculated Markov graph

on the meter measurements. The outputs of SEs are typically and learned structure is used to trigger false data injection

used to control the power grid components. Beside the power alarm. However, the presented approach is non-convex, which

grid operators, attackers can also exploit existing large and makes the detection process complicated especially when the

heterogeneous communication networks and meters to launch power grid is considerably large or relatively dense. Also,

various types of cyber attacks and inject bad data [2][4]. the proposed decentralized approach can result in false alarm

A malicious attack can target SCADA, as information triggering due to neglecting the effects of the other regions.

source of the control center, and distort outcomes of state

estimation which may result in making wrong decisions and B. Summary of Contributions and Organization of the Paper

control commands by control algorithms. As a result, a delay We first demonstrate that solving ML estimation as the

in prompt detection of such attacks and proper actions would anomalies detection tools for large scale power grids is a

make system inefficient or even unstable and may eventually cumbersome and time consuming task due to the large number

of variables and constraints involved. However, since the

R. Moslemi, A. Mesbahi, and J. Mohammadpour Velni are with School of

Electrical & Computer Engineering, College of Engineering, The University Markov graph of the phase angles in a power grid has a

of Georgia, Athens, GA 30602, USA. near chordal sparsity (it can be embedded in a chordal graph

1949-3053 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TSG.2017.2675960, IEEE

Transactions on Smart Grid

IEEE TRANSACTIONS ON SMART GRID, MAY 2016 2

by adding a relatively small number of edges), the original Definition 1. A random vector x = (x1 , x2 , ..., xn )T is a

ML estimation problem could be reformulated in the chordal GMRF with respect to the dependency graph G = (V, E) if x

embedding space in which the number of optimization vari- has a joint Gaussian distribution as

ables and equality constraints reduce significantly. As a result,

1

the obtained optimization problem can be solved efficiently (x) = (2)n/2 |Q|1/2 exp (x )T Q(x ) ,

2

through the use of standard tools.

In the next step, we elaborate that to construct information Qij 6= 0 {i, j} E, i, j V, i 6= j.

matrix of the phase angles Gaussian Markov random field

(GMRF), utilities require to share their measurements and Graph G is called a Markov graph or the graphical Markov

outputs of their state estimations. Also, due to the size of model associated with the joint Gaussian distribution (x).

ML estimation problem in large scale power systems, a

large number of corrupted measurement samples is needed

to accurately capture the conditional dependencies between B. Structure Learning of GMRF

random variables. To cope with the aforementioned challenges, In the context of GMRF, structure learning or covariance

the detection algorithm proposed in this paper is decentralized selection aims at estimating and of a multivariate normal

by breaking the underlying optimization problem into several variable x N (, ) based on a (sufficient) number of

smaller anomaly detection problems that can be solved locally samples of those random variables. Both convex and non-

and without the need for any communication among the convex, also called greedy, methods have been proposed in

regions. To achieve this, the Kron reduction technique is the literature to learn the structure of graphical models. Due

applied to find the sparsity and properties of GMRF for each to the availability of powerful tools in convex optimization,

regions phase angles with respect to the rest of the power grid the convex methods and specifically maximum likelihood es-

phase angles. Applying the proposed decentralized approach timation approaches are preferred over others. The maximum

reduces the complexity of the problem at hand and, at the likelihood estimation problem for a GMRF can be formulated

same time, ensures privacy among utilities in smart grids. as follows.

II. P RELIMINARIES AND N OTATIONS 1) Maximum Likelihood (ML) Estimation: In this section,

we discuss the ML estimation problem as the best estimate

Throughout this paper, R, x, X, xij , XIJ , and X T denote

of the parameters of a probability distribution based on ob-

the set of real numbers, a real column vector, a matrix, the

servations yi subject to constraints given that any pairs of the

entry in row i and column j of matrix X, the submatrix of X

variables are conditionally independent (xi xj | xV\{i,j} ).

with rows indexed by I and columns indexed by J, and the

Let V be the set of upper triangular positions of informa-

transpose of the matrix X, respectively. Also, Sn , Sn+ , Sn++

tion matrix Q which can be non-zero. Therefore, the above

denote the set of symmetric, symmetric positive semidefinite,

conditional independency between random variables can be

and symmetric positive definite matrices, respectively. The

expressed as

sets of symmetric positive semidefinite and symmetric positive

definite matrices of size n n with sparsity patterns V

Qij = (1 )ij = 0 (i, j) 6 V.

are shown by SnV , SnV + , SnV ++ , respectively. Also, PV (X)

denotes the projection of X Sn on SnV . Given two jointly Up to a constant factor, the log-likelihood function is

distributed random variables x and y, x|y means x given y.

Furthermore, x y denotes that x is independent of y, and

K

x y|z means that x is independent of y given z. Finally, K 1X

L(, ) = log det (yi )T 1 (yi )

the undirected connected graph with node set V = {1, . . . , n} 2 2 i=1 (1)

and edge set E V V is represented by G = (V, E). A\B K 1 T 1

denotes {i : i A, i 6 B} and A0 means V\A. = log det tr( ) ( ) ( ) ,

2

A. Gaussian Markov Random Field (GMRF) ples, respectively, and tr(.) denotes the matrix trace operator.

Let random vector x = (x1 , x2 , ..., xn )T have a joint The (optimal) value of that maximizes the log-likelihood

Gaussian distribution with mean and covariance matrix . function (1) is the sample mean . Therefore, given above

Consider graph G = (V, E) where V = {1, . . . , n} and conditional independence, and by considering a change of

(i, j) 6 E xi xj | xV\{i,j} . variable as Q = 1 , the ML estimation problem takes the

following form

The inverse of the covariance matrix is called the information

matrix, i.e., Q = 1 . The sparsity pattern of the informa- max log det Q tr(Q)

tion matrix Q plays a key role in the pairwise conditional (2)

independence properties of x such that subject to Qij = 0, (i, j) 6 V,

xi xj | xV\{i,j} Qij = 0. with the matrix variable Q S n . Since the objective function

is concave on the set of positive definite matrices, the ML

Given above descriptions, a GMRF is defined below [13]. estimation problem is a convex optimization problem.

1949-3053 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TSG.2017.2675960, IEEE

Transactions on Smart Grid

IEEE TRANSACTIONS ON SMART GRID, MAY 2016 3

C. Measurements and the State Estimation in Power Systems According to [14], due to the loads uncertainties and con-

To ensure the continuous and uninterrupted operation of sidering that generations and loads are balanced, the injected

power systems under different conditions, it is important power can be modeled as a random variable. Furthermore,

to monitor grid components. Meters are usually deployed considering injection power at each node as the sum of many

throughout the grid to read measurements such as active power random variables, and using Lyapunov central limit theory

injections and power flows of buses and branches, respectively, (CLT) [15], it has been shown in [12] that the injected power

and send these measurements to the control center. Then, the can be modeled as a Gaussian distribution. Since Lyapunov

control center uses these measurements to estimate the power condition is met in power grids [16], for each node, the

system state variables, i.e., buses phase angles. injected power pi is modeled as a Gaussian random variable

In this paper, it is assumed that for an N -bus grid, the N 1 that is statistically independent of other injected power random

phase angles x = [x1 , x2 , ..., xN 1 ]T (slack bus phase angle variables. The Gaussian model assumption for injected powers

is excluded) are to be estimated using M installed meters z = in transmission systems is widely accepted and has been

[z1 , z2 , ..., zM ]T that measure buses power injection and lines validated in [27], [28] and used in different power networks

power flows. Given the DC power flow model, the relationship analysis studies such as cyber security [12] and probabilistic

between measurements and state variables is described by optimal power flow analysis [29]. Therefore, considering the

linear relationship in (6), the phasor angles xi can be modeled

z = Hx + e, (3) as Gaussian random variables as well [10][12].

M (N 1)

where H R is the measurement matrix and

e N (0, W ) is the measurement noise vector, where W B. False Data Injection Against State Estimation

is a diagonal matrix whose elements are reciprocals of the

False data injection is a cyber attack made against data in-

variances of meter errors. In this paper, it is assumed that

tegrity in smart grids, in which an adversary injects malicious

M = N + 2L meters are deployed throughout the grid to

measurements in order to mislead system state estimation

measure buses real power injections and lines power flows,

algorithm while circumventing conventional detection methods

where L is the number of transmission lines. According to (3),

such as a bad measurement detector. Let za represent the

the maximum-likelihood estimation of x can be determined by

vector of observed measurements that contains manipulated

[5]

measurements as za = z + a, where a is called attack vector

= Kz,

x K = (H T W H)1 H T W . (4) whose elements ai have nonzero mean values to account for

meters compromised by the adversary.

III. P ROBLEM F ORMULATION The state estimation in the presence of the attack vector a

In this section, the application of covariance selection to is determined by

detect false data injection attacks is described. Based on the a = Kza = x

x + Ka, (8)

DC power flow model of the power grids, it is shown that

the phase angles can be considered as the random variables a is the vector of estimated state variables obtained

where x

of a GMRF. Then, the ML estimation is employed to find the from za .

anomalous behaviors of phase angles.

C. Detection of the False Data Injection by Evaluating

A. GMRF of Phase Angles

Markov Graph Changes

Under the normal steady state operation of power systems,

Based on our earlier discussion of this section, since the

the DC power flow is considered to be a reliable tool to analyze

CLT conditions are satisfied for a typical power system,

and control the power systems. Provided that the phase angle

the power injection at different nodes can be considered as

differences are small, for a transmission line connecting bus i

independent Gaussian random variables. As shown in (5),

to bus j, the active power is given by

the random variables mean values do not appear in the final

pij = bij (xi xj ), (5) formulation of the ML problem, and hence without the loss of

where xi and xj are the phasor angles at bus i and j, generality, it is assumed that the mean value of injected power

respectively, and bij denotes the inverse of line inductive at each node is equal to zero. Therefore, the density function of

T

reactance. The power injected to bus i is equal to the algebraic the power injections can be represented as (p) e1/2p p .

summation of active power flowing away from bus i through Given the linear relationship (6) between phasor angles and

the transmission lines connected to it, and hence injection powers, phasor angles (except for the slack bus) can

be represented as a Gaussian random variable with density

T T

Q = B T B is a function of only power grid parameters. It is

where p = [p1 , p2 , ..., pN ]T , x = [x1 , x2 , ..., xN ]T , N is the shown in [12] that in case of false data injection attack, the

number of the buses, and matrix B is given by Markov graph of compromised data is not consistent with that

of the phase angles during the normal operation.

b if i 6= j

ij

B= (7) As shown in [12], considering Q = B T B leads to addi-

P b if i = j. tional edges in the GMRF of phase angles between the nodes

j6=i ij

1949-3053 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TSG.2017.2675960, IEEE

Transactions on Smart Grid

IEEE TRANSACTIONS ON SMART GRID, MAY 2016 4

Collect updated phase angles

B. However, as shown in [16], additional terms that appear

in Q due to the second electrical neighbors are considerably

smaller than those terms corresponding to the immediate Update the samples covariance matrix

electrical neighbors. Therefore, throughout this paper, for the

sake of simplicity, each neighborhood in Markov graph is

Learn the structure of phase angles GMRF using updated samples

approximated by its immediate electrical neighbors. In other covariance matrix

words, it is assumed that Q has the same sparsity as B does.

In the case of a false data injection attack, the adversary

attempts to mislead the power system operator to make a Calculate the anomaly score [25] for all nodes

instability [24] or making profit from the electricity market

[26] can be achieved. Given the stochastic behavior of smart

grids, the attackers could not achieve their goals by inserting

only one wrong sample. Furthermore, as discussed in [12], Is the anomaly score obtained for each node greater than

the threshold?

if the adversary continues to inject a constant attack vector, No

this attack does not make power system operator to react.

Therefore, the covariance matrix of a practical attack vector

Yes

is not zero which results in a discrepancy between Markov

graph of the normal grid and that of the grid under attack. Trigger the anomaly detection alarm

The aforementioned discrepancy can be used to detect even

stealthy false data injection attacks as proven in [12].

Select the nodes with highest anomaly scores as the possible

The attack vector is often not a constant vector. There- compromised nodes for further investigation

fore, regardless of the number of manipulated measurements,

magnitude of the attack vector, or the residue value of the

Fig. 1. The general algorithm to detect false data injection attack using the

bad measurement test, the attack leads to changes in Markov graphical mode

graph of phase angles. Since during the normal operation of

the power grid, Markov graph is constant, this will then be

employed to detect and localize such attacks. Using existing In addition, the privacy of power grids utilities is of

methods to learn the structure of phase angles GMRF, the substantial concern, when the statistical learning methods

general idea to detect such anomalies can be summarized as are used to detect cyber attacks. Since the power utilities

shown in Fig. 1. Firstly, the covariance matrix of sampled data are reluctant to share their data with other participants and

is updated based on the new estimation of phasor angles. Then, even power system operators, it seems essential to minimize

the information matrix Q of phasor angles GMRF is obtained data exchange between utilities to ameliorate their privacy

using statistical learning methods (i.e., ML estimation). More concerns. Some efforts have been recently made to address

details about the anomaly score and selecting threshold values the aforementioned concerns. Authors in [10] suggested a

will be provided in Section IV-C. multi-scale decomposition covariance selection method. A

decentralized version of CMIT was also presented in [12] to

IV. A N E FFICIENT ML E STIMATION A PPROACH TO L EARN address the privacy concerns. Although these methods have

THE S TRUCTURE OF P HASE A NGLES M ARKOV G RAPH proven to be successful to some extent, their implementation

as false data injection attack detector brings about some major

Based on the simulation results and analyses reported in

challenges as discussed in Section I-A.

[10][12], it has been shown that statistical learning based

approaches are reliable tools to detect both faults and false

data injection attacks in power grids. However, the existing A. Accurate Markov Graph of the Phase Angles

methods suffer from some major problems. Firstly, it is In this section, a new statistical learning-based approach

critical to detect the false data injection attacks as quickly as is proposed to detect the false data injection attacks. The

possible to prevent the possible catastrophic consequences [7]. proposed method requires a low number of data measurement

However, for large scale power grids, learning the structure samples and has a low computational complexity. It also makes

of GMRF (i.e., using convex ML estimation represented by the cyber attack detection completely local and hence elimi-

(2)) is not computationally efficient because of the large nates the need for high band communication between utilities.

number of variables and equality constraints imposed by the Since ML estimation leads to a convex problem formulation,

sparse structure of the information matrix of phase angles. it is the preferred choice among few other statistical structure

As demonstrated in [17], increasing the number of random learning methods, because the global optimum can be attained

variables leads to a drastic increase in the computational by applying standard methods. However, as shown in [17],

burden when conventional algorithms, such as Newtons-based due to the sparse structure of the information matrix Q in

or coordinate descent-based methods, are employed to solve most GMRFs, the number of equality constraints in (2) grows

the problem (2). dramatically when the number of random variables increases.

1949-3053 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TSG.2017.2675960, IEEE

Transactions on Smart Grid

IEEE TRANSACTIONS ON SMART GRID, MAY 2016 5

For the case of bulk practical smart grids, it seems almost and every parent in the tree has a lower index than its

impossible to solve the ML estimation problem in real time to children.

detect anomaly in the outcomes of SE. However, since in smart (iii) Define Si and Ui for each node Ci of the clique tree as

grids, the Markov graph of the phase angles is sparse, it can Si = Ci \ (C1 C2 ... Ci1 ),

be chordalized by adding a relatively small number of edges. Ui = Ci (C1 C2 ... Ci1 ).

In this paper, we exploit the aforementioned characteristics of

Markov graph of the phase angles and solve the underlying These definitions for chordal graph can be simplified as

ML estimation problem efficiently by employing the chordal S i = Ci \ CK , U i = Ci CK ,

embedding sparsity of phase angles Markov graph as proposed

in [17]. Throughout this section, we use the algorithms initially where CK is the parent of Ci in the clique tree.

developed in [17] to establish a fast and efficient framework (iv) Renumber the nodes of GVe as S1 = {1, 2, ..., | S1 |} and

for real time detection of false data injection attacks. K1

X K1

X

Let us consider the matrix Q of phase angles GMRF with SK = { |Sj | + 1, ... |Sj | + |SK |} for K > 1,

the sparsity pattern V and a chordal sparsity pattern Ve that j=1 j=1

contains V . Then, Ve is called the chordal embedding of where |SK | is the cardinality of the set SK .

V . For highly sparse graphs, minimal triangulation methods Cholesky factorization: Any symmetric matrix Q Sn++

based on minimal elimination order are efficient to triangulate can be factorized as

the graph by adding a few number of edges. For years,

LEX M algorithm [18] had been considered as the origin Q = RDRT , (10)

of other minimal triangulation algorithms that either used or

enhanced it; however, recently, a more efficient algorithm, where D is a block diagonal matrix and R is a unit upper

called maximum cardinality search (MCS), was introduced triangular matrix with the same size as Q. If Q SnVe ++ ,

in [19] which avoids the extra sorting step. This approach then the Cholesky factorization can be computed efficiently

is employed in this paper to find the minimum triangulation using the clique tree and the defined sets SK and UK . The

of the Markov graph of the phase angles in a reasonable time. following algorithm overwrites nonzero elements of Q with

If the information matrix Q in the ML estimation problem the elements of D and R. At the end of the proposed recursive

(2) is restricted to the sparsity of chordal embedding SnVe , this algorithm, the diagonal blocks of D and nonzero elements of

convex optimization problem can be formulated as R are found as DSK SK = QSK SK and RUK SK = QUK SK ,

min log det Q tr(CQ) respectively, for cliques K = 1, 2, ...l.

(9)

subject to Qij = 0 (i, j) Ve \ V, Algorithm 1 Cholesky factorization with chordal sparsity

pattern [17].

where Q SnVe and C = PV ().

Changing variable space from Sn to SnVe has two advantages. Load SK and UK for cliques in the clique tree CK for K =

Firstly, the number of optimization constraints reduces dramat- 1, 2, ..., l.

ically, and secondly, the Gradient and Hessian of log det Q For K = l, l 1, ..., 2 compute

can be calculated efficiently using Cholesky factorization and QUK SK = QUK SK Q1

SK SK ,

without the need for computation of Q1 . In the next subsec- QUK UK = QSK SK QUK SK QSK SK QTUK SK .

tions, it is shown how the ML estimation problem of phase

angles can be solved efficiently using the chordal embedding To solve the ML estimation problem, the Gradient and

Hessian of f (Q) = log det Q1 have to be calculated at each

sparsity of the phase angles chordal graphs. iteration. The gradient of f (Q) is calculated as

1) Calculating the Gradient and Hessian of log det Q for 5f (Q) = PVe (Q1 ). (11)

Chordal Sparsity Pattern: We assume that the chordal embed-

ding sparsity pattern Ve of phase angles GMRF V has been Since, in general, Q1 is a dense matrix, the task of finding the

found using the MCS approach and the chordal embedding gradient of log det Q1 when the dimension of the problem

graph is denoted by GVe . Before calculating the Gradient and increases is computationally intensive. However, as proven in

Hessian of Q SnVe , following steps should be taken: [17], the gradient of log det Q1 can be computed efficiently

(i) Find the clique graph of the undirected graph GVe defined using Cholesky factorization when the sparsity pattern Ve is

by the sparsity pattern Ve . The clique graph of GVe chordal. The recursive procedure shown in Algorithm 2 writes

is obtained by considering the maximal cliques of GVe the gradient of log det Q1 to the matrix Y .

as the nodes of the clique graph and assigning edges The Hessian of f (Q) applied to a matrix 4Q SnVe is

between any two nodes if their corresponding cliques are calculated as

intersected. 52 f (Q)[4Q] = PVe (Q1 4 Q Q1 ). (12)

(ii) Obtain the clique tree of GVe as a maximum weight

spanning tree of its clique graph obtained in (i) using Again, since Q SnVe ++ , the Hessian matrix can be computed

the efficient approach proposed in [20]. Assuming that efficiently by employing the Cholesky factorization of Q

the clique tree has l cliques C1 , C2 , ..., Cl , the cliques as shown in the procedure of Algorithm 3. At the end of

are renumbered in a way that C1 is the root of the tree Algorithm 3, 4Q is overwritten by PVe (Q1 4 Q Q1 ).

1949-3053 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TSG.2017.2675960, IEEE

Transactions on Smart Grid

IEEE TRANSACTIONS ON SMART GRID, MAY 2016 6

pattern [17]. m

X

Load SK and UK for cliques in clique tree Ci for i = PVe (Q1 4 Q Q1 ) + wk Ak = C PVe (Q1 )

k=1

(14)

1, 2, ..., l.

tr(Ak 4 Q) = 0, k = 1, ..., m,

Calculate Cholesky factorization Q = RDRT using Algo-

rithm 1. where Q SnVe ++ and 4Q SnVe are current iterations value

Initialize Y = 0 and the Newton step, respectively. This set of linear equations

For K = 1, 2, ..., l, compute should be solved with respect to the variables w Rm and

T

YSK UK = RU YUK UK , YUK SK = YSTK UK , Newton step 4Q. Considering 4Q as

K SK

1 T m

YSK SK = DSK SK RU K SK

YUK SK . X

4Q = 4Q0 + wk 4 Qk , (15)

k=1

Algorithm 3 Hessian of log det Q1 using chordal sparsity first equation in (14) can be decomposed into m + 1 linear

pattern [17]. equations as

Load SK and UK for cliques in clique tree Ci for PVe (Q1 4 Q0 Q1 ) = PVe (Q1 ) C

i = 1, 2, ..., l. (16)

PVe (Q1 4 Qk Q1 ) = Ak k = 1, ..., m.

Calculate Cholesky factorization Q = RDRT using

Algorithm 1. These equations can be solved separately for 4Qi s using

Calculate the gradient of log det Q1 using Algorithm 2. algorithms 1-3. By substituting 4Q in the second group of

For K = 1, 2, ..., l, run the recursion equations in (14) and solving this set of equations for wi s, the

Newton step 4Q can be obtained using (15). The complete

4XUK UK 4XUK SK I RUK SK

= algorithm for solving the ML estimation problem using the

4XSK UK 4XSK SK 0 I proposed Newtons-based method using chordal embedding

4XUK UK 4XUK SK I 0 sparsity is shown in Fig. 2. It is noted that finding chordal

. embedding, calculation of the clique tree, and finding Sk , Uk

T

4XSK UK 4XSK SK RU K SK

I

for all cliques are carried out only when the topology of the

For K = 1, 2, ..., l compute power grid changes, and therefore under normal operation,

4QSK SK = DS1

K SK

4 QSK SK DS1

K SK

, these parameters remain unchanged.

4QUK SK = (Q )UK UK 4 QUK SK DS1

1

K SK

.

For K = 1, 2, ..., l run the recursion Input new set of

estimated states

Update sparsity pattern V based on

changes in the grid configuration

4QUK UK 4QUK SK I 0 Find the covariance mtarix of input data

= Find sparsity of minimal chordal

T

4QSK UK 4QSK SK RU K SK

I embedding of V using MCS method

Guess initial value for Q

Find clique tree SK and UK for all cliques

4QUK UK 4QUK SK I RUK SK Construct Cholesky factorization Using

. Algorithm 1

4QSK UK 4QSK SK 0 I

Calculate the Gradient of LogdetQ-1

using Algorithm 2

and using the inverse of Algorithm 3

Newtons method to solve the ML estimation of the

phase angles GMRF: Since the graph associated with a real Find is using the set of equations (11)

and (12)

power grid (i.e., phase angles GMRF) is highly sparse with a

relatively small number of large loops, it can be triangulated Update Q

the ML estimation problem in chordal sparsity space (9) Is Q less than ?

Output data as the ML estimation of

information matrix

decreases the number of variables to the number of nonzero

elements in chordal embedding sparsity space and the number

of the equality constraints to only added edges. Also, the Fig. 2. ML estimation for phase angles GMRF using Newtons method along

with chordal embedding sparsity.

Gradient and Hessian matrices of the objective function can be

calculated efficiently using algorithms 1, 2, and 3. Hence, the

ML problem can be solved computationally efficiently using

Newtons method. In problem (9), the equality constraints can B. Decentralized False Data Injection Using Marginal Prob-

be represented as ability Distribution of Regions

Although the Newtons-based method proposed in the pre-

tr(Aj Q) = bj , j = 1, ..., m, (13) vious section can efficiently reduce the computational com-

plexity of the ML estimation problem, it is still necessary to

where Aj SnV . Given the above reformulation, the following collect a large number of corrupted data points to accurately

equalities have to be satisfied at each iteration of the Newtons capture the structure of the phase angles GMRF for the

1949-3053 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TSG.2017.2675960, IEEE

Transactions on Smart Grid

IEEE TRANSACTIONS ON SMART GRID, MAY 2016 7

attacked system. Furthermore, utilities need to share their state following integral

estimations to construct the information matrix of the whole Z

system, which is not practical given the privacy of utilities. 1

(xRi ) = (xRi , xR0 ) dxR0 exp( xTRi 1

Ri Ri xRi ).

In this section, we address the aforementioned problems, i i 2

(17)

where instead of the Markov graph of the whole system,

the marginal Markov graph of each region is implemented Graph Grd = (Vrd , Erd ) is defined as the Markov graph of

to detect false data injection attack. Hence, the problem of the marginal joint probability distribution of xRi with respect

detecting false data injections is transformed into that of to xR0 , where Vrd = Ri and Erd Ri Ri . Defining Qrdi =

solving the ML estimation of marginal GMRF for each region, i

1

Ri Ri , Qrdi is the adjacency matrix of graph Grd , according

that can be carried out locally. The proposed deployment

to (17). Also, Grd is |xRi | |xRi | dimensional Kron-reduced

allows each region to estimate phase angles of the immediate

graph of G according to the definition of Kron reduction, since

neighbor nodes in other regions. Therefore, each local GMRF

1

Ri Ri is the Schur complement of the block QRi Ri of the

0 0

is considered as local buses plus immediate neighbor buses in

matrix Q such that

the regions. As an illustrative example, the proposed localiza-

tion is illustrated in Fig. 3 for the IEEE 14-bus system divided

into three regions. Qrdi = 1 1

Ri Ri = QRi Ri QRi R0 QR0 R0 QR0 Ri . (18)

i i i i

13

14

between nodes k, m xRi in Grd if and only if there exists a

12

path from k to m in GS = (S, ES ), where GS is a subgraph of

0

G such that S = {k, m}Ri and ES = E (S S). Therefore,

9

6

11

10

the only difference between Grd and corresponding part of G

is only some possible additional edges between the boundary

nodes. Furthermore, since the sparsity of Q is consistent with

4 7

that of the matrix B, the only changes in the grid topology that

3

8

add or remove edges between boundary nodes are the changes

2

1

GMRF1 Region 1

in the transmission lines topology which remove or create

GMRF2

GMRF3

Region 2

Region 3

paths only between boundary nodes k, m that pass through

0

{k, m} Ri .

Fig. 3. The IEEE 14-bus system with three utility regions and their local

GMRFs.

Therefore, the false data injection problem can be reformu-

lated as statistical learning of the marginal GMRF of phase

Theorem 1 provides some major properties of the marginal angles in each region. That is, instead of learning (estimating)

distribution function of the phase angles in each region and the information matrix Q, each region uses estimated local

the properties of the local Markov graph associated with each phase angles as the samples to solve the ML estimation

marginal GMRF. problem to learn Qrdi . Since the number of random variables

for each local ML problem p is considerably less than that of

Theorem 1. Let xRi be all |xRi | measurable phase angles

random variables in the original ML estimation problem (i.e.,

for ith region, xRiB xRi phase angles located at boundary

n), the proposed algorithm can be implemented with a small

node of the region and consider all the other phase angles as

number of samples indicating a decrease in detection time.

xR0 . Then, the Markov graph underlying the joint probability

i

distribution xRi : Remark. Due to the mesh topology of real transmission

(i) is obtained by |xRi | |xRi | dimensional Kron-reduced systems, the regions are not the separators of the power

Markov graph of the entire phase angles. system graph, and hence based on the above theorem, all the

(ii) can have some additional edges between its boundary boundary nodes in each region are usually connected to each

nodes compared to the original Markov graph of entire phase other. Furthermore, in practical transmission systems, there

angles. Also, no edge is added (or removed) between the are several paths between any two nodes, and hence, under

boundary nodes k, m under any topology changes in the grid usual single or even double lines outages, some paths between

0

topology except the changes that create (remove) only a path two boundary nodes k, m that pass through S = {k, m} Ri

0

between nodes k and m that passes through S = {k, m} Ri . remain connected. Therefore, the topology of the regional

Markov graphs does not usually change due to the changes in

Proof. Let the Gaussian distribution of phase angles be rep-

resented as topology of other regions.

T It is noted that even if the transmission lines topology

1

1 xRi Ri Ri alters, Ri R0 xRi

which leads to a change in the sparsity of Brdi , the

(xRi , xRi0 ) exp( i ).

2 xR 0 R0 Ri

R0 R0 xRi0 regional information sparsity should be updated. Fortunately,

i i i i

a sub-network connection graph is available online from the

The marginal distribution of xRi with respect to xR0 can protection system at each sub-network and can be readily used

i

be calculated using matrix operations, as the solution of the to construct the network connection graph of the whole system.

1949-3053 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TSG.2017.2675960, IEEE

Transactions on Smart Grid

IEEE TRANSACTIONS ON SMART GRID, MAY 2016 8

tion Approach

As discussed in the previous sections, the GMRF of the

phase angles is constant during a normal operation of the grid. In this section, we describe the steps implemented to detect

Therefore, any significant discrepancy between the normal false data injection attacks using the proposed decentralized

information matrix and the estimated one can be employed approach.

as a criterion for triggering attack alarm. To this purpose, First, we divide the system into several regions based on

we employ the anomaly score metric [25], which quantifies the utilities privacy concerns and assume that each region is

how much each random variable contributes to the difference responsible for detecting the false data injections launched in

between two data sets. Let us consider DR and DO to be the that region. The detection problem could be divided into two

data sets of the (estimates of) phase angles with Ns1 and Ns2 main steps. As discussed in Section IV-C, anomaly detection

observations obtained in the absence of false data injection shows the contribution of each node to the changes between

attacks and during real-time operation of the grid, respectively. phase angles sample set of normal and those in the presence

Computing anomaly scores of each phase angle reveals the of the attack. Therefore, the first step is to construct Qref rdi .

contribution of that phase angle to the difference between DR To achieve this, the Markov graph topology of each region is

and DO data sets. Given the GMRFs of these two data sets, by updated if it is needed (see Theorem 1(ii)). Next, the topology

arranging the information and covariance of matrices of these of Markov graph for each region Qref rdi is obtained using the

two models so that the entries related to xi are located at the Kron reduction technique. Finally, using an uncompromised

last row and column, these matrices could be partitioned with set of phase angles, the reference information matrix for each

respect to the last rows and columns as region Qrefrdi is obtained by solving ML problem using the

chordal embedding approach proposed in IV-A. It should be

noted that the first step is performed only when a major change

LR lR W R w R in the grid configuration, e.g., a line outage, occurs.

QR = , R = Q1 = ,

R

T T In the detection step, by solving the ML problem (2),

lR qR wR R

(19) the information matrix of each region Qrdi is calculated

LO lO W O w O repeatedly based on the updated phase angles sample set.

QO = , O = Q1 = .

T

lO qO

O

wOT

O Then, Qrdi and Qref rdi are used to calculate anomaly scores for

different nodes using (20). Finally, the attack alarm is triggered

if the condition given in (22) is satisfied.

The expected Kullback-Leibler divergence between two

Gaussian distributions R (xi | xV\{i} ) and O (xi | xV\{i} ),

as the measure of the contribution of the variable xi to the E. Performance Analysis of the Proposed Decentralized Attack

difference between data sets DR and DO , is obtained as [25] Detection Approach

Based on theorems 3 and 4 in [21], it can be shown that

1 lT WR lO lT WR lR B

Qrdi (k, m) Q(k, m) 0 for all (k, m) {Ri Ri },

B

dRO

i

T

= wR (LO LR ) + { O R }

2 qO qR (20) Qrdi (k, m) = Q(k, m) for all (k, m) {(Ri Ri )

1 qR (RiB RiB )}.

+ {ln + R (qO qR )}.

2 qO In other words, after applying Kron reduction, the weight

of only those edges located between the boundary nodes or

Noting that dRO

i and dOR

i are not equal, the anomaly score the self loops connected to the boundary nodes increases.

th

for the i variable is calculated as We note that: (a) for reasonable region sizes (not very small

regions), the number of nodes in region i denoted by |xRi | is

Sia = max{dRO OR

i , di }. (21) considerably larger than that of the boundary nodes denoted by

|xRiB |, and (b) the difference between the edges of boundary

Using the obtained anomaly scores, the following threshold nodes in the two approaches, i.e., |Qrdi (m, n) Q(m, n)|, is

criterion is used to trigger attack alarm generally small due to the large reactance of the inter-regional

transmission lines. Therefore, given the above two facts, there

1 if (i, i) V : dref are generally only small differences between few elements of

i

AT = (22) Qrdi and QRi Ri , which then lead to negligible differences in

0 else , the anomaly scores obtained by the centralized and decentral-

ized approaches when phase angles in ith region are under

where is the threshold for the attack alarm triggering, AT false data injection attack. As a result, the performances of

is the Boolean variable that determines the status of the centralized and decentralized detection approaches are almost

attack alarm. Also, dref

i is the ith node anomaly score which similar in real applications as shown in the simulation results

determines the contribution of the ith node to the difference section.

between obtained and reference information matrices. Once Furthermore, even assuming that few elements of Qrdi

the attack alarm is triggered, the nodes with largest anomaly and QRi Ri are significantly different, without the loss of

scores are then selected as the possible compromised nodes performance, the attack alarm threshold could be selected for

for further investigations. each region separately in order to achieve the same detection

1949-3053 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TSG.2017.2675960, IEEE

Transactions on Smart Grid

IEEE TRANSACTIONS ON SMART GRID, MAY 2016 9

performance (i.e., detection rate and false alarm rate) as the TABLE I

centralized approach. Given above discussion, it is expected E LEMENTS OF THE INFORMATION MATRIX OF PHASE ANGLES GMRF

EMPLOYING THE PROPOSED CHORDAL EMBEDDING ML ESTIMATION

that the optimal thresholds (i.e., i s) obtained for the regional

detection problems in the decentralized case are smaller com- Nodes Case 1 Case 2 Nodes Case 1 Case 2

pared to those calculated for the centralized approach. 4-9 9.59 9.60 6-13 -4.22 -10.69

2-4 3.84 4.12 12-13 -17.12 -0.33

V. S IMULATION R ESULTS 5-6 -1.97 -2.13 6-12 -10.18 -0.15

In this section, we evaluate the efficiency of the proposed

false data injection methods through simulation studies. The

results are obtained using MATPOWER simulation package In the second set of simulations, the test system is divided

[22]. Power injections at different buses are considered to be into three regions as shown in Fig. 3. Using the topology of the

independent random variables with mean values equal to their entire grid, each region finds the structure of its reduced graph

nominal values and standard deviations equal to 20% of their by applying the Kron reduction method with respect to the

nominal values. Then, the phase angles of the buses are calcu- rest of the network. To evaluate the efficiency of the proposed

lated for each generated sample using MATPOWER package. decentralized ML estimation approach, the aforementioned

The performance of the proposed detection approaches are false data injection attack against the phase angle estimation at

evaluated through comprehensive simulation studies using the buses 12 and 13 is launched, and the obtained anomaly scores

IEEE 14-bus test system while the IEEE 118-bus system are calculated and shown in Fig. 5. As illustrated in this figure,

[23] is selected as a standard benchmark to demonstrates the third region triggers attack alarm and selects nodes 12 and

computational efficiency of the proposed approaches. 13 as possible compromised nodes while anomaly scores for

In the first step, the proposed chordal embedding ML nodes in other regions are very small and do not exceed the

estimation is implemented on the IEEE 14-bus system. The threshold value. Further, to show the capability of the proposed

triangulated graph of the phase angles Markov graph this decentralized approach to cope with inter-regional attacks, we

system is obtained by only adding six edges. A total of 1,200 simulate an attack in which the attacker is manipulating data

samples is considered for the statistical learning purposes. to compromise the estimate of phase angles at buses 10 and

Two scenarios are studied to demonstrate the capabilities of 11 (located in both second and third regions). The calculated

the proposed approach. In the first case, the grid is assumed anomaly scores shown in Fig. 6 confirm that both regions

to operate normally with no adversary present, while in the detect the launched attack and the compromised nodes are

second scenario, an adversary changes measurements at buses identified successfully since they have highest anomaly scores.

12, 13 and lines connected to them to manipulate the estimates Finally, it should be noted that there are some additional edges

of the phase angles with an attack size of 1 (The attack size between boundary nodes of regions that do not appear in the

refers to the expected value of the Euclidean norm of the centralized approach. Ignoring these edges (as in [12]) leads to

attack vector). Given the reference information matrix Qref , an error in the ML estimation that could result in false alarm

the anomaly scores calculated for both cases are shown in Fig. triggering.

4. Obtained scores demonstrate that dref ref

12 and d13 are much

greater than the threshold value = 0.02 and other nodes 1.8

anomaly scores, and hence the attack alarm is triggered and

Region 1

nodes 12 and 13 are selected as compromised nodes. 1.6

Region 2

Region 3

1.4

2 1.2

Anomaly score

Compromised measurement scenario

1.6 0.8

1.4

0.6

1.2

0.4

1

0.2

0.8

0

0.6 2 4 6 8 10 12 14

Bus number

0.4

when the phase angles at nodes 12 and 13 are compromised.

0

2 4 6 8 10 12 14

Fig. 4. Anomaly scores obtained for compromised and un-compromised A. Threshold Design and Performance Analysis

scenarios. To select a practical threshold value is a critical step for

an effective detection algorithm. To determine the false alarm

1949-3053 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TSG.2017.2675960, IEEE

Transactions on Smart Grid

IEEE TRANSACTIONS ON SMART GRID, MAY 2016 10

4.5

matrix. Comparing the results in Fig. 4 and Fig. 5 confirms

4 Region 1

Region 2

that since the anomaly scorers of the compromised nodes in

3.5

Region 3 the decentralized approach are slightly less than those in the

centralized method for the same false data injection attack.

3

However, as discussed before, these changes are negligible

Anomaly score

2.5 and the performances of the two methods are almost the same

2

even for the case where the regions are small. Also, in the case

of significant changes of the boundary nodes under the Kron

1.5

reduction, the threshold values could be tuned for each region

1 separately to achieve the same performance as the centralized

approach.

0.5

In order to evaluate the statistical performance of the

0

2 4 6 8 10 12 14

proposed approach to detect early stage false data injection

Bus number attacks, we perform a set of experiments, in which the adver-

sary starts to manipulate the measurements, and the number

Fig. 6. Anomaly scores obtained by the proposed decentralized approach of corrupted samples in a sample set starts to increase. For

when phase angles at nodes 10 and 11 are compromised.

the IEEE 14-bus network, we assume that the nodes 2-4

are under attack, and we evaluate the detection rate of the

proposed approach when only a portion of the samples is

rate, the information matrix is obtained 10,000 times for corrupted. To make the simulations more realistic, we restrict

different sample sets in the absence of attacks. Due to the the attack size to be less than 1 and the attacked nodes to

convexity of the problem and sufficient number of samples in be connected. Based on the simulation results shown in Fig.

the sample set, the results of the proposed ML estimation are 7, when the adversary starts to manipulate the measurements,

very accurate and lead to very small anomaly scores during the the sample covariance matrix starts to deviate from its normal

normal operation (i.e., when there is no attack). The simulation value. For a very small number of corrupted measurements,

results confirm that the nodes anomaly scores are always less the Markov graph of the power angles still follows the true

than 0.02 when there is no false data injection attack in the information matrix; however, as adversary continues tampering

measurement set. Hence, to prevent a false alarm, we select with the data, the discrepancy between the estimated and

the threshold value to be = 0.02, which results in a false reference information matrices increases, and hence the chance

alarm rate of less than 0.01%. of detecting the launched attack increases. As shown in Fig. 7,

In the next step, we perform comprehensive simulation with more than 140 corrupted samples, the proposed detection

studies to obtain the false data injection attack detection rate. method is almost successful to detect all different cases of

We consider a case, when the nodes 24 are under attack early stage attacks. The obtained results along with the fact

(with two constraints: (i) attacked nodes are connected, and that we have restricted the attack size to 1 (which makes

(ii) attack vector size is less than 1) and generate 10,000 attack the obtained detection rate conservative) concludes that the

scenarios with different attacked nodes, attack vector size and proposed ML estimation approach shows a slight performance

covariance matrix. Based on the simulation results with the improvement compared with the conditional covariance thresh-

threshold of 0.02, the proposed approach is able to detect old test (CMIT) [30] used in [12] to detect early stage attacks.

99.97% of launched attacks. Therefore, our simulation results

with = 0.02 show that the proposed approach has a very

100

high detection rate and at the same time very low false alarm

90

rate. Comparing the obtained threshold value with = 0.3

assigned in [12] confirms that the proposed detection approach 80

Detection rate in %

matrix elements.

50

We repeated the aforedescribed simulations using the pro-

posed decentralized attack detection approach. Using the same 40

attack scenarios. Based on the discussion in Section IV-E,

10

this small decrease in the detection rate is expected because,

0

after applying Kron reduction, the values of the edge weights 0 20 40 60 80 100 120 140 160 180

among the boundary nodes of regional Markov graphs are Number of corrupted samples

Fig. 7. False data injection attack detection rate for the IEEE 14-bus system.

This increase in the values of the information matrix entries

generally makes the anomaly score less sensitive to changes in

1949-3053 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TSG.2017.2675960, IEEE

Transactions on Smart Grid

IEEE TRANSACTIONS ON SMART GRID, MAY 2016 11

Region 1

TABLE II

Region 3

C OMPARISON OF THE COMPUTATIONAL COMPLEXITY BETWEEN

PROPOSED APPROACHES AND STANDARD ML ESTIMATION .

ables straints seconds)

Region 4

Proposed decentralized approach

3 33 1 0.204

6 82 12 1.113

Proposed centralized approach based on Newtons method

- 445 155 42.026

Region 2 Region 5 Standard Newtons method

- 6786 6496 > 4000

Region 6

Fig. 8. IEEE 118-bus systems diagram divided into six utility regions. In this paper, the maximum likelihood (ML) estimation, as

one of the most powerful convex statistical tools, is applied

to detect false data injection attacks in smart grids. In order

to ensure the applicability of the ML estimation method for

B. Computational Complexity real time cyber attack detection in large scale power grids,

the proposed approach exploits the near chordal sparsity of

the power grids to speed up finding the optimal solution of

In this section, the IEEE 118-bus system is selected as a

ML estimation problem using a modified Newtons method.

large standard test system to investigate the computational

The proposed false data injection attack detection problem is

efficiency of the proposed detection approach. It is assumed

then decomposed into several local marginal ML estimation

that utilities are divided into six regions, as shown in Fig.

problems by applying the Kron reduction of the Markov graph

8. The standard, the proposed chordal embedding, and the

of phase angles. The proposed decentralization guarantees the

proposed decentralized marginal ML estimation approaches

utilities privacy by eliminating data sharing among the re-

are implemented to detect any anomalies in the estimated

gions. Also, it reduces ML problem complexity by downsizing

values of the phase angles. The computational complexities

the problem.

for the three aforementioned approaches are shown in Table

II. For the proposed decentralized approach, only regions with

lowest and highest computational complexities are represented. ACKNOWLEDGMENT

As observed from the results, due to the sparse structure The authors would like to thank Professor P. Heggernes, Depart-

of power grids, the standard Newtons method has to solve ment of Informatics, University of Bergen, Norway, for her helpful

a convex optimization problem with 6,786 variables while comments and MATLAB codes on computing minimal triangulation

that greatly improved the simulation results.

handling 6,496 equality constraints imposed by the sparsity

pattern of information matrix. However, using the chordal

embedding sparsity by employing the algorithm shown in Fig. R EFERENCES

2 reduces the number of variables to 445 and the number of [1] H. Sandberg, A. Teixeira, and K. H. Johansson, On security indices for

equality constraints to 115. This comparison indicates that, state estimators in power networks, 1st Workshop Secure Control Syst.

(CPSWEEK), Stockholm, Sweden, Apr. 2010.

due to the sparse structure of power grids, using the chordal [2] O. Kosut, L. Jia, R. Thomas, and L. Tong, Malicious data attacks on the

embedding space reduces the computational time of anomaly smart grid, IEEE Trans. Smart Grid, vol. 2, pp. 645-658, 2011.

detection problem significantly which is confirmed by the CPU [3] Z. Zhang, S. Gong, A. Dimitrovski, and H. Li, Time synchronization

attack in smart grid: Impact and analysis, IEEE Trans. Smart Grid, vol.

times shown in Table II. 4, no. 1, pp. 87-98, 2013.

Furthermore, employing the proposed decentralized attack [4] Z. Yu and W. Chin, Blind false data injection attack using PCA

approximation method in smart grid, IEEE Trans. Smart Grid, vol. 6,

detection approach results in a more CPU time reduction, even no. 3, pp. 1219-1226, May. 2015.

compared with the proposed centralized approach, because of [5] Y. Liu, M. K. Reiter, and P. Ning, False data injection attacks against

the reduction in the dimension of ML estimation problem, state estimation in electric power grids, Proc. 16th ACM Conf. Comput.

Commun. Security, New York, USA, pp. 21-32, Nov. 2009.

which is carried out to learn the structure of marginal GMRF [6] M. A. Rahman and H. Mohsenian-Rad, False data injection attacks with

in each region. Based on the results shown in Table II, each incomplete information against smart power grids, Proc. IEEE Global

region could solve its marginal ML estimation problem and Telecommun. Conf., Anaheim, USA, pp. 3153-3158, Dec. 2012.

[7] S. Li, Y. Yilmaz, and X. Wang, Quickest detection of false data injection

find the possible existing false data injection in less than 1.5 attack in wide-area smart grids, IEEE Trans. Smart Grid, vol. 6, no. 6,

seconds while solving original ML estimation for IEEE 118- pp. 2725-2735, Nov. 2015.

bus system using standard Newtons method takes more than [8] J. M. Hendrickx, K. H. Johansson, R. M. Jungers, H. Sandberg, and

K. C. Sou, Efficient computations of a security index for false data

one hour, which is not obviously acceptable for online attack attacks in power networks, IEEE Trans. Autom. Control, vol. 59, no. 12,

detection applications. pp. 3194-3208, Dec. 2014.

1949-3053 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TSG.2017.2675960, IEEE

Transactions on Smart Grid

IEEE TRANSACTIONS ON SMART GRID, MAY 2016 12

[9] A. Giani, E. Bitar, M. Garcia, M. McQueen, P. Khargonekar, and Ramin Moslemi received his B.Sc. in electrical en-

K. Poolla Smart grid data integrity attacks, IEEE Trans. Smart Grid, gineering from K. N. Toosi University of Technology

vol. 4, no. 3, pp. 1244-1253, Sep. 2013. in 2008, and M.Sc. in electrical engineering form

[10] M. He and J. Zhang, A dependency graph approach for fault detection Iran University of Science and Technology in 2011.

and localization towards secure smart grid, IEEE Trans. Smart Grid, vol. He is currently working toward the Ph.D. degree

2, no. 2, pp. 342-351, Jun. 2011. with the Department of Electrical Engineering, Uni-

[11] H. Sedghi and E. Jonckheere, Statistical structure learning of smart grid versity of Georgia. His research interests include

for detection of false data injection, in Proc. IEEE Power Energy Soc. control of smart grids, microgrids energy manage-

Gen. Meeting (PES), Vancouver, BC, Canada, 2013, pp. 1-5. ment systems, smart grids data integrity, control and

[12] H. Sedghi and E. Jonckheere, Statistical structure learning to ensure operation of the behind the meter battery storages.

data integrity in smart grid, IEEE Trans. Smart Grid, vol. 6, no. 4, pp.

1924-1933, Jul. 2015.

[13] H. Rue and L. Held, Gaussian Markov random fields: theory and

applications. CRC Press, 2005.

[14] P. Zhang and S. T. Lee, Probabilistic load flow computation using

the method of combined cumulants and Gram-Charlier expansion, IEEE

Trans. Power Syst., vol. 19, no. 1, pp. 676-682, Feb. 2004.

[15] B. De Finetti, Theory of Probability. Wiley, 1975.

[16] H. Sedghi and E. Jonckheere, On conditional mutual information in

Gauss-Markov structured grids, in Information and Control in Networks

(Lecture Notes in Control and Information Sciences), vol. 450, G. Como,

B. Bernhardson, and A. Rantzer, Eds. Berlin, Germany: Springer-Verlag, Afshin Mesbahi received his B.Sc. degree in elec-

2014, pp. 277-297. trical engineering from Semnan University in 2007.

[17] J. Dahl, V. Roychowdhury, and L. Vandenberghe, Covariance selection He received his M.Sc. and Ph.D. degrees in electrical

for nonchordal graphs via chordal embedding, Optim. Methods Softw., engineering from Sharif University of Technology in

vol. 23, no. 4, pp. 501-520, 2008. 2009 and 2014 respectively.

[18] D. J. Rose, R. Tarjan, and G. Lueker, Algorithmic aspects of vertex Dr. Mesbahi is currently working as a Postdoctoral

elimination on graphs, SIAM J. computing, vol. 5, pp. 146-160, 1976. Research Associate with Rohani Lab at University

[19] A. Berry, J. Blair, and P. Heggernes, Maximum cardinality search for of Georgia. Previously, he was a Postdoctoral Re-

computing minimal triangulations, Graph theoretic concepts in computer search Associate with the Complex Systems Con-

science, Springer, Berlin Heidelberg, 2002. trol Laboratory at University of Georgia (November

[20] R. E. Tarjan and M. Yannakakis, Simple linear-time algorithms to test 2014-April 2016) and one of the Visiting Research

chordality of graphs, test acyclicity of hypergraphs, and selectively reduce Scholars with New Mexico State University (March 2013- June 2013 ) and

acyclic hypergraphs, SIAM Journal on Computing, vol. 13, no. 3, pp. University of LAquila in Italy (October 2012-February 2013).

566-579, 1984. His current research interests focus primarily on distributed coordination

[21] F. Dorfler and F. Bullo, Kron reduction of graphs with applications algorithms, matrix decomposition, power grids, stochastic modeling of epi-

to electrical networks, IEEE Trans. Circuits Syst. I, vol. 60, no. 1, pp. demiology, and generally lie in the area of modeling, analysis, and control of

150-163, 2013. large-scale networks.

[22] R. D. Zimmerman, C. E. Murillo-Sanchez, and R. J. Thomas, MAT-

POWER steady state operations, planning and analysis tools for power

systems research and education, IEEE Trans. Power Syst., vol. 26, no.

1, pp. 12-19, Feb. 2011.

[23] [Online] Available: http://www.ee.washington.edu/research/pstca/

[24] K. Jinsub, L. Tong, and R. J. Thomas, Dynamic attacks on power

systems economic dispatch, Proc. 48th Asilomar Conf., 2014, pp. 345-

349.

[25] T. Ide, A. C. Lozano, N. Abe, and Y. Liu, Proximity-based anomaly

detection using sparse structure learning, in Proc. SIAM Int. Conf. Data

Min., Philadelphia, PA, USA, 2009, pp. 97108.

[26] L. Xie, Y. Mo, and B. Sinopoli, Integrity data attacks in power market Javad Mohammadpour Velni received BS and

operations, IEEE Trans. Smart Grid, vol. 2, no. 4, pp. 659-666, 2011. MS degrees in electrical engineering from Sharif

[27] J. Dopazo, O. Klitin, and A. Sasson, Stochastic load flows, IEEE University of Technology and University of Tehran,

Trans. Power App. Syst., vol. PAS-94, pp. 299309, 1975. Iran, respectively, and PhD degree in mechanical

[28] J. Mur-Amada and J. Salln-Arasanz, From turbine to wind farms engineering from University of Houston, TX. He

Technical requirements and spin-off products, in Phase Transitions and joined the University of Georgia as an assistant

Critical Phenomena, vol. 18, G. Krause, Ed. Rijeka, Croatia: In Tech, pp. professor of electrical engineering in Aug. 2012.

101132, 2011. Prior to that, he was with the University of Michigan,

[29] A. Schellenberg, W. Rosehart, and J. Aguado, Cumulant-based proba- where he worked in the naval architecture & marine

bilistic optimal power flow (P-OPF) with Gaussian and Gamma distribu- engineering dept. from Oct. 2011 to Jul. 2012. He

tions, IEEE Trans. Power Syst., vol. 20, no. 2, pp. 773-781, 2005. was also a Research Assistant Professor of mechan-

[30] A. Anandkumar, V. Tan, F. Huang, and A. Willsky, High-dimensional ical engineering at University of Houston from Oct. 2008 to Sep. 2011 and

Gaussian graphical model selection: Walk summability and local sepa- a Research Associate at the same institution from Jan. 2008 to Sep. 2008.

ration criterion, J. Mach. Learn. Res., vol. 13, no. 1, pp. 22932337, He has published over 100 articles in international journals and conference

Aug. 2012 proceedings, served in the editorial boards of ASME and IEEE conferences

on control systems and edited two books on control of large-scale systems

(published in 2010) and LPV systems modeling, control and applications

(published in 2012). His current research interests are in secure control of

cyber physical systems (and in particular, smart grids), coverage control of

heterogeneous multi-agent systems, and data-driven approaches for model

learning and control of complex distributed systems.

1949-3053 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

- Java ProgramsCaricato daManoj Mahajan
- Comparative CSR SkylineCaricato daDhia Slama
- Creating Sparse Finite-Element Matrices in MATLAB » Loren on the Art of MATLABCaricato dakkkraja
- Sparse MatricesCaricato dagannoju423
- Adaptive ControlCaricato daPrateek Mathur
- Back and ForwardCaricato daFanny Ojeda
- 798f740384a0ffa19a4fb79f98887880f5e2 (1)Caricato daFagner Sutel
- MIT18_06S10_exam3_s10_soln.pdfCaricato daahmed
- Chernoff 1953 Locally Doptimal DesignsCaricato daAndré Luís Alberton
- 07052705.pdfCaricato dasanket
- 165_4_0Caricato datomdarel
- Linear AlgebraCaricato darajesh.shirwal382
- lauritzen--contingency-tables.pdfCaricato datteravai
- Cv Chiara Ra VazziCaricato daadeblar
- 10.1.1.63.1051Caricato daMuhammad Enam ul Haq
- 8. IJAMSS - Properties of Extended Matrix AlgebraCaricato daiaset123
- Mat Det Prob Revision Sheet IICaricato daMayank Shrivastava
- Analytical Evaluation of Generalized Predictive Control Algorithms Using a Full Vehicle Multi-Body Dynamics Model For Mobility EnhancementCaricato dainventy
- StatLec21-25Caricato dasticker592
- 1.Multicore BerkeleyCaricato daDima Litvinov
- Q02Caricato dasaheb_ju
- MIT2_086S12_matlab_ex4.pdfCaricato daJoyce George
- Matlab Training Basic for Control Systems May2016 (1)Caricato daTuhi Hashim
- Lecture 2Caricato daJavier Pedrosa
- JEE SyllabusCaricato daSamandeep Singh
- AlgebraCaricato daAnonymous E7JynRcI5N
- Syllabus B.tech. ECECaricato daEr Rouf UlAlam Bhat
- Accelerometer Array CCaricato daApoorva Panchal
- lecture21.pdfCaricato daLuis Alejandro Gonzalez
- On the --Conjecture for Graphs With Minimum Degree -G- - 4Caricato daSri Harjan

- GridCaricato daSouvik Dolui
- IEEE VISION FOR SMART GRID CONTROLS: 2030 AND BEYONDCaricato daHgoglez
- A Survey on the Reliability of Protective Systems for Power TransformersCaricato daHgoglez
- P1662/D8.0, March 2016 - IEEE Draft Recommended Practice for Design and Application of Power Electronics in Electrical Power SystemsCaricato daHgoglez
- Prediction of latvian electrical power system for reliability evaluation including wind energyCaricato daHgoglez
- Modelling and simulation of power system of battery, solar and fuel cell powered Hybrid Electric vehicleCaricato daHgoglez
- Model Predictive Control for Smart Grids With Multiple Electric-Vehicle Charging StationsCaricato daHgoglez
- Integration of IoT and Smart Grid to Reduce Line LossesCaricato daHgoglez
- Smart Grid Congestion Caused by Plug-in Electric Vehicle ChargingCaricato daHgoglez
- Life Assessment of Electric Arc Furnace TransformersCaricato daHgoglez
- NDNWiFi: Named Data Networking Enabled WiFi in Challenged Communication EnvironmentsCaricato daHgoglez
- Big Data Acquisition under Failures in FiWi Enhanced Smart GridCaricato daHgoglez
- Minimizing energy consumption of smart grid data centers using cloud computingCaricato daHgoglez
- A credibility measurement method of smart grid dataCaricato daHgoglez
- Distributed Optimal Control of Smart Electricity Grids With Congestion ManagementCaricato daHgoglez
- A Cognitive Control Method for Cost-Efficient CBTC Systems With Smart GridsCaricato daHgoglez
- A Consensus-Based Distributed Computational Intelligence Technique for Real-Time Optimal Control in Smart Distribution GridsCaricato daHgoglez
- Efficient and cooperative failure control in smart gridCaricato daHgoglez
- Second-Order Continuous-Time Algorithms for Economic Power Dispatch in Smart GridsCaricato daHgoglez
- Efficient Privacy-Preserving Cube-Data Aggregation Scheme for Smart GridsCaricato daHgoglez
- Efficient 5G Small Cell Planning with eMBMS for Optimal Demand Response in Smart GridsCaricato daHgoglez
- Demand forecasting in residential distribution feeders in the context of smart gridsCaricato daHgoglez
- Secure and Private Data Aggregation for Energy Consumption Scheduling in Smart GridCaricato daHgoglez
- examples.pdfCaricato daHgoglez
- Power System Modeling-Mo-Shing ChenCaricato daOscar ßg
- Mathematical Models of Electric MachinesCaricato daamelchor
- Grainger - Stevenson SolverCaricato daHgoglez

- Window Films BrochureCaricato daBranislav Brans Nikić
- Iec Cec Guide[1]Caricato daKeith Contreras
- 13.IJASRJUN201813Caricato daTJPRC Publications
- Kosmetika Untuk Kesehatan Dan KecantikanCaricato daRoni Xidd
- Automatic Welding of Storage Tanks With All Position Variable Speed Carriages Using the MIG ProcessCaricato daJimmy Rodrigues
- Sentence links_Reference words.pdfCaricato daMirela Suciu
- DC DesignCaricato daMayank Chaudhary
- Cases Auditing 1Caricato daChevalier Chevalier
- Ibanez PT909 schematicCaricato dafrederikd_01
- Compare RESTful vs SOAP Web Services _ JavalobbyCaricato dajittudavid
- Overtime Qa Qc 20181112 SignedCaricato daMarla Khilda
- PWM (Pulse Width Modulation)Caricato dahaaen
- Plasma EngineCaricato daMarijan Radman
- Delta Ia-cnc Nc Series Om Mm en 20161108 (1)Caricato daLuis Eduardo Arellano Hernandez
- Catalog yCaricato daPablo Cesar Acuña Gomez
- AdministratorGuide_Integration_Component.pdfCaricato daKleberson Lima
- HCCBPLCaricato daShipra Jinsi
- Sep2017MORB1Caricato daHadassahFay
- RM-FinalCaricato daNuman Rox
- Dynagraph Card AnalysisCaricato daCedric Kimloaz
- Memorandum of Agreement (1) CopyCaricato dathatcatwoman
- WBCS Preliminary Exam-2001 (Eng Ver) _ BengalstudentsCaricato daAktar Hossain
- TechRefGuide EDI Demand 100700Caricato dakhunchay Leela
- The Advantages and Disadvantages of Data ModelCaricato daVijay Kumar
- Project NOAHCaricato daGMA News Online
- Signals, Spectra and Signal Processing_Lecture NotesCaricato daAkiHiro San Carcedo
- niir-handbook-on-printing-technology-offset-gravure-flexo-screen-2nd-edition.pdfCaricato da107751101137
- Kim 2003Caricato damahsanio
- SMU BBA Semester 2 Summer 2012 drive Solved AssignmentsCaricato daRajdeep Kumar
- 20474sugg Ans Ipcc Grp1 May10 1Caricato daghsjgj

## Molto più che documenti.

Scopri tutto ciò che Scribd ha da offrire, inclusi libri e audiolibri dei maggiori editori.

Annulla in qualsiasi momento.