TY - JOUR
T1 - An Intrusion Detection Method for Line Current Differential Relays in Medium-Voltage DC Microgrids
AU - Ameli, Amir
AU - Saleh, Khaled A.
AU - Kirakosyan, Aram
AU - El-Saadany, Ehab F.
AU - Salama, Magdy M.A.
N1 - Funding Information:
Manuscript received September 24, 2019; revised March 2, 2020 and April 17, 2020; accepted April 17, 2020. Date of publication May 6, 2020; date of current version July 6, 2020. This work was supported by the Advanced Power and Energy Center, APEC, Khalifa University, Abu Dhabi, United Arab Emirates, RCII-006-2018. The work of Khaled A. Saleh was supported by the Program of Energy Research and Development at Natural Resources Canada. The associate editor coordinating the review of this manuscript and approving it for publication was Prof. Kai Zeng. (Corresponding author: Amir Ameli.) Amir Ameli, Aram Kirakosyan, and Magdy M. A. Salama are with the Electrical and Computer Engineering Department, University of Waterloo, Waterloo, ON N2L 3G1, Canada (e-mail: [email protected]; [email protected]; [email protected]).
Publisher Copyright:
© 2005-2012 IEEE.
PY - 2020
Y1 - 2020
N2 - Line current differential relays (LCDRs) detect faults accurately and promptly, by comparing all currents flowing into the line. This type of relay has been identified in the literature as a reliable protection for lines in DC microgrids (MGs). LCDRs, however, lack the required resiliency against cyber intrusions, such as false data injection attacks (FDIAs) and time synchronization attacks (TSAs), due to their high dependence on communication infrastructure and/or the Global Positioning System (GPS). This paper first introduces coordinated attacks - i.e., several almost-simultaneous FDIAs or TSAs that are carried out independently to achieve a specific objective - as potential threats for MGs. Then, through a case study, it shows how coordinated FDIAs and TSAs can initiate a sequence of events that result in instability of an entire MG. Afterwards, an approach is presented to detect FDIAs and TSAs, and to distinguish them from real faults. The proposed method is comprised of passive oscillator circuits (POCs) installed in series with each converter. During faults, the resultant RLC circuit causes the POCs to resonate and generate a damped sinusoidal component with a specific frequency, i.e., f_{d}. However, f_{d} is not generated during FDIAs and TSAs, since unlike faults, which are physical events that trigger the natural frequencies of a system, cyber-attacks happen in the cyber layer without provoking natural frequencies of the physical layer. Thus, an LCDR pickup without detecting f_{d} denotes an FDIA or a TSA. Since f_{d} is locally measured and analyzed by each LCDR, the proposed detection approach cannot be targeted by cyber-attacks. The proposed method is evaluated on a simulated ±2.5 kV DC MG. Numerical analysis confirms that the proposed method (i) is system-independent; (ii) detects FDIAs and TSAs in less than 1 ms; (iii) is sensitive to high-resistance faults; (iv) can determine fault types, and (v) reduces faults' peak currents.
AB - Line current differential relays (LCDRs) detect faults accurately and promptly, by comparing all currents flowing into the line. This type of relay has been identified in the literature as a reliable protection for lines in DC microgrids (MGs). LCDRs, however, lack the required resiliency against cyber intrusions, such as false data injection attacks (FDIAs) and time synchronization attacks (TSAs), due to their high dependence on communication infrastructure and/or the Global Positioning System (GPS). This paper first introduces coordinated attacks - i.e., several almost-simultaneous FDIAs or TSAs that are carried out independently to achieve a specific objective - as potential threats for MGs. Then, through a case study, it shows how coordinated FDIAs and TSAs can initiate a sequence of events that result in instability of an entire MG. Afterwards, an approach is presented to detect FDIAs and TSAs, and to distinguish them from real faults. The proposed method is comprised of passive oscillator circuits (POCs) installed in series with each converter. During faults, the resultant RLC circuit causes the POCs to resonate and generate a damped sinusoidal component with a specific frequency, i.e., f_{d}. However, f_{d} is not generated during FDIAs and TSAs, since unlike faults, which are physical events that trigger the natural frequencies of a system, cyber-attacks happen in the cyber layer without provoking natural frequencies of the physical layer. Thus, an LCDR pickup without detecting f_{d} denotes an FDIA or a TSA. Since f_{d} is locally measured and analyzed by each LCDR, the proposed detection approach cannot be targeted by cyber-attacks. The proposed method is evaluated on a simulated ±2.5 kV DC MG. Numerical analysis confirms that the proposed method (i) is system-independent; (ii) detects FDIAs and TSAs in less than 1 ms; (iii) is sensitive to high-resistance faults; (iv) can determine fault types, and (v) reduces faults' peak currents.
KW - Cyber-physical systems
KW - cyber-security
KW - DC microgrid
KW - line current differential relay
KW - passive circuit
KW - protection
UR - http://www.scopus.com/inward/record.url?scp=85088299159&partnerID=8YFLogxK
U2 - 10.1109/TIFS.2020.2991892
DO - 10.1109/TIFS.2020.2991892
M3 - Article
AN - SCOPUS:85088299159
SN - 1556-6013
VL - 15
SP - 3580
EP - 3594
JO - IEEE Transactions on Information Forensics and Security
JF - IEEE Transactions on Information Forensics and Security
M1 - 9083955
ER -