Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
• The meter measurements may include bus voltages, bus real and reactive power
injections, and branch reactive power flows in every subsystem of a power grid
Measurements from Grid
Control Center
Measurements Stored
in SCADA System Electric Power Grid
Estimation
Status Control Parameters are set accordingly
Algorithm to keep the system running efficiently
Security of Conventional SCADA System
• If there are bad measurements injected at meters end, these bad measurements
affect the outcome of state estimation, they can mislead the power grid control
algorithms, possibly resulting in catastrophic consequences.
• However techniques have been developed for these injected bad measurements
can be processed and isolated from the system under the scope of
BAD DATA PROCESSING
• These techniques first detect if there are bad measurements, and then identify
and remove the bad ones if there are any.
• Reason: existing techniques for bad measurement detection rely on the same
assumption that “when bad measurements take place, the squares of differences
between the observed measurements and their corresponding estimates often
become significant ”
• with the knowledge of the power system configuration, the attacker can
systematically generate bad measurements so that the above assumption is
violated, thus bypassing bad measurements detection.
Work in the Paper
• False data injection attack with knowledge of power system configuration
• A linearized DC Power Flow model is considered serving as a foundation to other
generalized models
• false data injection attacks from the attacker’s perspective considering two
realistic scenarios
• Scenario I – Limited Access to Meters
• Scenario II – Limited Resources to Compromise Meters
• Two realistic attack goals
• Validation through Simulation using IEEE test systems i.e. IEEE 9-bus, 14-bus, 30-
bus, 118-bus,and 300-bus systems
Bad Measurement Detection
• normal sensor measurements usually give an estimate of the state variables close
to their actual values, while abnormal ones may “move” the estimated state
variables away from their true values. Thus, there is usually “inconsistency”
among the good and the bad measurements.
• Normalized Residuals:
error term of measurements
• We assume that the attacker knows the matrix H of the target power system. For example, the attacker
can obtain H by intruding into the control center of the target system. The attacker generates malicious
measurements based on the matrix H, and then injects the malicious measurements into the
compromised meters to undermine the state estimation process
Basic principle of false data injection attack
Scenario I – Limited Access to Meters
• dd Let
• If rank of B’ is equal to k then it has a unique solution and no bad data can be
injected into it
• However if rank of B’ is less than k than it has multiple non-zero solutions that
can satisfy the above relations. Hence attacker can formulate vector a.
• Theorem: If the attacker can compromise k specific meters, where k ≥ m − n + 1,
there always exist attack vectors a = Hc such that
Targeted False data Injection Attack
• Obtaining attack vector for constrained case
• Note that every element ci in c is fixed, which is either the
chosen value when or 0 when i /∈ Iv. Thus, the attacker
can substitute c back into the relation a = Hc, and check if ai = 0
for ∀ i /∈ Im. If yes, the attacker succeeds in constructing the
(only) attack vector a. Otherwise, the attack is impossible.
Questions ?