TY - JOUR
T1 - Unmasking Covert Intrusions
T2 - Detection of Fault-Masking Cyberattacks on Differential Protection Systems
AU - Abdelsamie, Ahmad Mohammad Saber
AU - Youssef, Amr
AU - Svetinovic, Davor
AU - Zeineldin, Hatem
AU - El-Saadany, Ehab F.
N1 - Publisher Copyright:
© 2013 IEEE.
PY - 2024
Y1 - 2024
N2 - Line current differential relays (LCDRs) are high-speed relays progressively used to protect critical transmission lines. However, LCDRs are vulnerable to cyberattacks. Fault-masking attacks (FMAs) are stealthy cyberattacks performed by manipulating the remote measurements of the targeted LCDR to disguise faults on the protected line. Hence, they remain undetected by this LCDR. In this article, we propose a two-module framework to detect FMAs. The first module is a mismatch index (MI) developed from the protected transmission line's equivalent physical model. The MI is triggered only if there is a significant mismatch in the LCDR's local and remote measurements while the LCDR itself is untriggered, which indicates an FMA. After the MI is triggered, the second module, a neural network-based classifier, promptly confirms that the triggering event is a physical fault that lies on the line protected by the LCDR before declaring the occurrence of an FMA. The proposed framework is tested using the IEEE 39-bus benchmark system. Our simulation results confirm that the proposed framework can accurately detect FMAs on LCDRs and is not affected by normal system disturbances, variations, or measurement noise. Our experimental results using OPAL-RT's real-time simulator confirm the proposed solution's real-time performance capability.
AB - Line current differential relays (LCDRs) are high-speed relays progressively used to protect critical transmission lines. However, LCDRs are vulnerable to cyberattacks. Fault-masking attacks (FMAs) are stealthy cyberattacks performed by manipulating the remote measurements of the targeted LCDR to disguise faults on the protected line. Hence, they remain undetected by this LCDR. In this article, we propose a two-module framework to detect FMAs. The first module is a mismatch index (MI) developed from the protected transmission line's equivalent physical model. The MI is triggered only if there is a significant mismatch in the LCDR's local and remote measurements while the LCDR itself is untriggered, which indicates an FMA. After the MI is triggered, the second module, a neural network-based classifier, promptly confirms that the triggering event is a physical fault that lies on the line protected by the LCDR before declaring the occurrence of an FMA. The proposed framework is tested using the IEEE 39-bus benchmark system. Our simulation results confirm that the proposed framework can accurately detect FMAs on LCDRs and is not affected by normal system disturbances, variations, or measurement noise. Our experimental results using OPAL-RT's real-time simulator confirm the proposed solution's real-time performance capability.
KW - Cyber-physical security
KW - false-data injection attacks (FDIAs)
KW - fault masking attacks
KW - line current differential relays (LCDRs)
KW - neural networks
KW - protection
KW - smart grid security
UR - http://www.scopus.com/inward/record.url?scp=85205010879&partnerID=8YFLogxK
U2 - 10.1109/TSMC.2024.3456810
DO - 10.1109/TSMC.2024.3456810
M3 - Article
AN - SCOPUS:85205010879
SN - 2168-2216
VL - 54
SP - 7683
EP - 7696
JO - IEEE Transactions on Systems, Man, and Cybernetics: Systems
JF - IEEE Transactions on Systems, Man, and Cybernetics: Systems
IS - 12
ER -