Abstract
Currently, the architecture of Line Current Differential Relays (LCDRs) is designed to respond to internal faults on the protected line using local and remotely-communicated current measurements. However, this architecture cannot distinguish between real faults and cyber-induced attacks whose goal is to cause false tripping of the line protected by the LCDR. In this paper, we propose an Anomaly-Based Scheme (ABS) for detecting false-tripping attacks against LCDRs, in the form of relay attacks, replay attacks, general false-data-injection attacks, and time-synchronization attacks. The ABS employs the Isolation Forest algorithm, which is trained on features determined from local current measurements to confirm real faults and differentiate them from false-tripping attacks. No trip command will be issued unless the sensed fault is confirmed as a non-attack by the ABS. The performance of the proposed ABS is tested and validated using the IEEE 9-bus benchmark in PSCAD/EMTDC environment. Simulation results show that the proposed ABS: (i) can accurately detect different categories of cyberattacks, (ii) does not negatively impact the accuracy of the fault-detection function, and (iii) is robust to the change in the power system's operating point.
Original language | British English |
---|---|
Pages (from-to) | 4787-4800 |
Number of pages | 14 |
Journal | IEEE Transactions on Smart Grid |
Volume | 13 |
Issue number | 6 |
DOIs | |
State | Published - 1 Nov 2022 |
Keywords
- Anomaly detection
- cyber-physical security
- isolation forest
- line current differential relays
- power systems
- protection
- smart grid