TY - JOUR
T1 - A Learning-Based Framework for Detecting Cyber-Attacks against Line Current Differential Relays
AU - Ameli, Amir
AU - Ayad, Abdelrahman
AU - El-Saadany, Ehab F.
AU - Salama, Magdy
AU - Youssef, Amr
N1 - Funding Information:
Manuscript received March 22, 2020; revised June 20, 2020; accepted August 13, 2020. Date of publication August 18, 2020; date of current version July 23, 2021. This work was supported by the Advanced Power and Energy Center, APEC, Khalifa University, Abu Dhabi, UAE, under Grant RCII-006-2018. Paper no. TPWRD-00427-2020. (Corresponding author: Amir Ameli.) Amir Ameli is with Electrical Engineering Department, Lakehead University, Thunder Bay, ON P7B 5E1, Canada (e-mail: [email protected]).
Publisher Copyright:
© 1986-2012 IEEE.
PY - 2021/8
Y1 - 2021/8
N2 - Technical developments in communication technology and measurement synchronization have facilitated the design of advanced protection schemes, such as Line Current Differential Relays (LCDRs). However, the superior performance of LCDRs is achieved at the expense of exposing them to cyber-threats, since cyber-induced intrusions against protective relays - which take advantage of the direct control of relays over circuit-breakers - can cause protection system mis-operations. To address this problem, this paper presents a Learning-based Framework (LBF) for detecting False Data Injection Attacks (FDIAs) and Time Synchronization Attacks (TSAs) against LCDRs, and for differentiating them from faults. In the proposed LBF, a Multi-Layer Perceptron (MLP) model is trained based on differential and super-imposed features, which are selected using the Recursive Feature Elimination method. After implementing the proposed LBF in LCDRs, when an LCDR picks up, it initially extracts the features and sends them to the trained MLP model. The LCDR trips the line if the proposed LBF confirms a fault. The performance of the proposed LBF is corroborated using the IEEE 39-bus test system. Evaluation results show that the proposed LBF (i) works independently of a system's operating point and configuration, (ii) is not considerably affected by instrumentation errors, and (iii) can accurately detect FDIAs and TSAs.
AB - Technical developments in communication technology and measurement synchronization have facilitated the design of advanced protection schemes, such as Line Current Differential Relays (LCDRs). However, the superior performance of LCDRs is achieved at the expense of exposing them to cyber-threats, since cyber-induced intrusions against protective relays - which take advantage of the direct control of relays over circuit-breakers - can cause protection system mis-operations. To address this problem, this paper presents a Learning-based Framework (LBF) for detecting False Data Injection Attacks (FDIAs) and Time Synchronization Attacks (TSAs) against LCDRs, and for differentiating them from faults. In the proposed LBF, a Multi-Layer Perceptron (MLP) model is trained based on differential and super-imposed features, which are selected using the Recursive Feature Elimination method. After implementing the proposed LBF in LCDRs, when an LCDR picks up, it initially extracts the features and sends them to the trained MLP model. The LCDR trips the line if the proposed LBF confirms a fault. The performance of the proposed LBF is corroborated using the IEEE 39-bus test system. Evaluation results show that the proposed LBF (i) works independently of a system's operating point and configuration, (ii) is not considerably affected by instrumentation errors, and (iii) can accurately detect FDIAs and TSAs.
KW - Cyber-security
KW - line current differential relays
KW - multi-layer perceptron
KW - protection systems
UR - https://www.scopus.com/pages/publications/85111629141
U2 - 10.1109/TPWRD.2020.3017433
DO - 10.1109/TPWRD.2020.3017433
M3 - Article
AN - SCOPUS:85111629141
SN - 0885-8977
VL - 36
SP - 2274
EP - 2286
JO - IEEE Transactions on Power Delivery
JF - IEEE Transactions on Power Delivery
IS - 4
M1 - 9170889
ER -