TY - JOUR
T1 - An Intrusion Detection Method for Line Current Differential Relays
AU - Ameli, Amir
AU - Hooshyar, Ali
AU - El-Saadany, Ehab F.
AU - Youssef, Amr M.
N1 - Funding Information:
Manuscript received October 24, 2018; revised March 4, 2019 and May 1, 2019; accepted May 3, 2019. Date of publication May 15, 2019; date of current version September 16, 2019. This work was financially supported by NSERC-DND grant. The associate editor coordinating the review of this manuscript and approving it for publication was Dr. Eduard A. Jorswieck. (Corresponding author: Amir Ameli.) A. Ameli is with the Electrical and Computer Engineering Department, University of Waterloo, Waterloo, ON N2L 3G1, Canada (e-mail: [email protected]).
Publisher Copyright:
© 2005-2012 IEEE.
PY - 2020
Y1 - 2020
N2 - The U.S. Department of Homeland Security (DHS) has recently identified digital relays as targets vulnerable to cyber-attacks. The DHS has also noted that attacks to multiple relays can bring about cascading outages of transmission lines, leading to blackouts. As a result, making protective relays cyber-resilient is a prominent security issue in power networks. Line current differential relays (LCDRs) are among the potentially vulnerable digital relays that are increasingly deployed for protecting critical transmission lines. LCDRs, however, lack the required resiliency against cyber attacks, due to their high dependence on communication systems. This paper unveils that such susceptibilities can result in unwarranted trip signals through false data injection attacks (FDIAs), and so cause instability if several attacks are coordinated. It also presents a solution for detecting FDIAs and distinguishing them from real internal faults. To detect attacks, the proposed method compares the estimated and locally measured voltages at an LCDR's terminal for both the positive sequence (PS) and negative sequence (NS). To estimate the local voltage for each sequence, the proposed technique uses an unknown input observer (UIO), the state-space model of the faulty line, and remote and local measurements, all associated with that sequence. The difference between the measured and estimated local voltages for each sequence remains close to zero during real internal faults because, in this condition, the state-space model based on which the UIO operates correctly represents the line. Nevertheless, the state-space model mismatch during FDIAs leads to a large difference between measured and estimated values in both sequences. The effectiveness of the proposed method is corroborated using simulation results for the IEEE 39-bus network.
AB - The U.S. Department of Homeland Security (DHS) has recently identified digital relays as targets vulnerable to cyber-attacks. The DHS has also noted that attacks to multiple relays can bring about cascading outages of transmission lines, leading to blackouts. As a result, making protective relays cyber-resilient is a prominent security issue in power networks. Line current differential relays (LCDRs) are among the potentially vulnerable digital relays that are increasingly deployed for protecting critical transmission lines. LCDRs, however, lack the required resiliency against cyber attacks, due to their high dependence on communication systems. This paper unveils that such susceptibilities can result in unwarranted trip signals through false data injection attacks (FDIAs), and so cause instability if several attacks are coordinated. It also presents a solution for detecting FDIAs and distinguishing them from real internal faults. To detect attacks, the proposed method compares the estimated and locally measured voltages at an LCDR's terminal for both the positive sequence (PS) and negative sequence (NS). To estimate the local voltage for each sequence, the proposed technique uses an unknown input observer (UIO), the state-space model of the faulty line, and remote and local measurements, all associated with that sequence. The difference between the measured and estimated local voltages for each sequence remains close to zero during real internal faults because, in this condition, the state-space model based on which the UIO operates correctly represents the line. Nevertheless, the state-space model mismatch during FDIAs leads to a large difference between measured and estimated values in both sequences. The effectiveness of the proposed method is corroborated using simulation results for the IEEE 39-bus network.
KW - Cyber-physical systems
KW - cyber-security
KW - line current differential relay
KW - protection system
KW - unknown input observers
UR - http://www.scopus.com/inward/record.url?scp=85077340551&partnerID=8YFLogxK
U2 - 10.1109/TIFS.2019.2916331
DO - 10.1109/TIFS.2019.2916331
M3 - Article
AN - SCOPUS:85077340551
SN - 1556-6013
VL - 15
SP - 329
EP - 344
JO - IEEE Transactions on Information Forensics and Security
JF - IEEE Transactions on Information Forensics and Security
M1 - 8715684
ER -