Yao Liu
Peng Ning
Michael K. Reiter
Abstract
A power grid is a complex system connecting electric power generators to consumers through power transmission and distribution networks across a large geographical area. System monitoring is necessary to ensure the reliable operation of power grids, and state estimation is used in system monitoring to best estimate the power grid state through analysis of meter measurements and power system models. Various techniques have been developed to detect and identify bad measurements, including interacting bad measurements introduced by arbitrary, nonrandom causes. At first glance, it seems that these techniques can also defeat malicious measurements injected by attackers.
In this article, we expose an unknown vulnerability of existing bad measurement detection algorithms by presenting and analyzing a new class of attacks, called false data injection attacks, against state estimation in electric power grids. Under the assumption that the attacker can access the current power system configuration information and manipulate the measurements of meters at physically protected locations such as substations, such attacks can introduce arbitrary errors into certain state variables without being detected by existing algorithms. Moreover, we look at two scenarios, where the attacker is either constrained to specific meters or limited in the resources required to compromise meters. We show that the attacker can systematically and efficiently construct attack vectors in both scenarios to change the results of state estimation in arbitrary ways. We also extend these attacks to generalized false data injection attacks, which can further increase the impact by exploiting measurement errors typically tolerated in state estimation. We demonstrate the success of these attacks through simulation using IEEE test systems, and also discuss the practicality of these attacks and the real-world constraints that limit their effectiveness.
- Abur, A. and Expósito, A. G. 2004. Power System State Estimation: Theory and Implementation. Marcel Dekker.Google Scholar
- Amaldi, E. and Kann, V. 1998. On the approximability of minimizing nonzero variables or unsatisfied relations in linear systems. Theor. Comput. Sci. 209, 1-2, 237--260. Google ScholarDigital Library
- Asada, E. N., Garcia, A. V., and Romero, R. 2005. Identifying multiple interacting bad data in power system state estimation. In Proceedings of the IEEE Power Engineering Society General Meeting. IEEE, Los Alamitos, CA, 571--577.Google Scholar
- Blumensath, T. and Davies, M. 2008. Gradient pursuits. IEEE Trans. Signal Process. 56, 6, 2370--2382. Google ScholarDigital Library
- Bobba, R. B., Rogers, K. M., Wang, Q., and Khurana, H. 2010. Detecting false data injection attacks on DC state estimation. In Proceedings of the First Workshop on Secure Control Systems (SCS'10).Google Scholar
- Brockwell, P. J. and Davis, R. A. 1991. Time Series: Theory and Methods 2nd Ed. Springer, Berlin.Google ScholarCross Ref
- Chen, J. and Abur, A. 2005. Improved bad data processing via strategic placement of PMUs. In Proceedings of the IEEE Power Engineering Society General Meeting. IEEE, Los Alamitos, CA, 509--513.Google Scholar
- Chen, J. and Abur, A. 2006. Placement of PMUs to enable bad data detection in state estimation. IEEE Trans. Power Syst. 21, 4, 1608--1615.Google ScholarCross Ref
- Chen, S. S. 1995. Basis pursuit. Ph.D. dissertation, Department of Statistics, Stanford University.Google Scholar
- Christie, R. D. 1999. Power systems test case archive. http://www.ee.washington.edu/research/pstca/.Google Scholar
- Dán, G. and Sandberg, H. 2010. Stealth attacks and protection schemes for state estimators in power systems. In IEEE 2010 SmartGridComm. To appear.Google Scholar
- Garcia, A., Monticelli, A., and Abreu, P. 1979. Fast decoupled state estimation and bad data processing. IEEE Trans. Power Appar. Syst. 98, 5, 1645--1652.Google ScholarCross Ref
- Garey, M. R. and Johnson, D. S. 1979. Computer and Intractability: A Guide to the Theory of NP-Completeness. W. H. Freeman. Google ScholarDigital Library
- Gastoni, S., Granelli, G. P., and Montagna, M. 2003. Multiple bad data processing by genetic algorithms. In Proceedings of the IEEE Power Tech Conference. IEEE, Los Alamitos, CA, 1--6.Google Scholar
- Georgiev, P. and Cichoki, A. 2004. Sparse component analysis of overcomplete mixtures by improved basis pursuit method. In Proceedings of the IEEE International Symposium on Circuits and Systems (ISCAS'04). 5:37--40.Google Scholar
- Golub, G. H. and Van Loan, C. F. 1989. Matrix Computation (2nd ed.). The John Hopkins University.Google Scholar
- Handschin, E., Schweppe, F. C., Kohlas, J., and Fiechter, A. 1975. Bad data analysis for power system state estimation. IEEE Trans. Power Appar. Syst. 94, 2, 329--337.Google ScholarCross Ref
- Hertem, D. V., Verboomen, J., Purchala, K., Belmans, R., And Kling, W. L. 2006. Usefulness of DC power flow for active power flow analysis with flow controlling devices. In Proceedings of the 8th IEE International Conference on AC and DC Power Transmission. IEE, 58--62.Google ScholarCross Ref
- Huggins, P. S. and Zucker, S. W. 2007. Greedy basis pursuit. IEEE Trans. Signal Process. 55, 7, 3760--3772. Google ScholarCross Ref
- Kosut, O., Jia, L., Thomas, R. J., and Tong, L. 2010a. Limiting false data attacks on power system state estimation. In Proceedings of Conference on Information Sciences and Systems.Google Scholar
- Kosut, O., Jia, L., Thomas, R. J., and Tong, L. 2010b. Malicious data attacks on smart grid state estimation: Attack strategies and countermeasures. In IEEE 2010 SmartGridComm. To appear.Google Scholar
- Kosut, O., Jia, L., Thomas, R. J., and Tong, L. 2010c. On malicious data attacks on power system state estimation. In Proceedings of the 45th International Universities' Power Engineering Conference (UPEC'10).Google Scholar
- Li, M., Zhao, Q., and Luh, P. B. 2008. DC power flow in systems with dynamic topology. In Proceedings of the Power and Energy Society General Meeting--Conversion and Delivery of Electrical Energy in the 21st Century. 1--8.Google Scholar
- Lin, J. and Pan, H. 2007. A static state estimation approach including bad data detection and identification in power systems. In Proceedings of the IEEE Power Engineering Society General Meeting. IEEE, Los Alamitos, CA, 1--7.Google Scholar
- Liu, Y., Ning, P., and Reiter, M. 2009. False data injection attacks against state estimation in electric power grids. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS'09). ACM, New York, 21--32. Google ScholarDigital Library
- Lovisolo, L., Da Silva, E. A. B., Rodrigues, M. A. M., and Diniz, P. S. R. 2005. Efficient coherent adaptive representations of monitored electric signals in power systems using damped sinusoids. IEEE Trans. Signal Process. 53, 10, 3831--3846. Google ScholarDigital Library
- Meyer, C. 2001. Matrix Analysis and Applied Linear Algebra. SIAM. Google ScholarDigital Library
- Mili, L., Cutsem, T. V., and Pavella, M. R. 1985. Bad data identification methods in power system state estimation, a comparative study. IEEE Trans. Power Appar. Syst. 103, 11, 3037--3049.Google Scholar
- Mili, L., Cutsem, T. V., and Ribbens-Pavella, M. 1984. Hypothesis testing identification: A new method for bad data analysis in power system state estimation. IEEE Trans. Power Appar. Syst. 103, 11, 3239--3252.Google Scholar
- Monticelli, A. 1999. State Estimation in Electric Power Systems, A Generalized Approach. Kluwer, Amsterdam.Google Scholar
- Monticelli, A. and Garcia, A. 1983. Reliable bad data processing for real-time state estimation. IEEE Trans. Power Appar. Syst. 102, 5, 1126--1139.Google ScholarCross Ref
- Monticelli, A., Wu, F. F., and Multiple, M. Y. 1986. Bad data identification for state estimation by combinatorial optimization. IEEE Trans. Power Delivery 1, 3, 361--369.Google ScholarCross Ref
- Natarajan, B. K. 1995. Sparse approximate solutions to linear system. SIAM J. Computing 24, 2, 227--234. Google ScholarDigital Library
- National Security Telecommunications Advisory Committee (NSTAC) -- Information Assurance Task Force (IATF). Electric power risk assessment.Google Scholar
- Pati, Y. C., Rezaiifar, R., and Krishnaprasad, P. S. 1993. Orthogonal matching pursuit: Recursive function approximation with applications to wavelet decomposition. In Proceedings of the 27th Asilomar Conference on Signals, Systems and Computers.Google Scholar
- Quintana, V. H., Simoes-Costa, A., and Mier, M. 1982. Bad data detection and identification techniques using estimation orthogonal methods. IEEE Trans. Power Appar. Syst. 101, 9, 3356--3364.Google ScholarCross Ref
- Sandberg, H., Teixeira, A., and Johansson, K. H. 2010. On security indices for state estimators in power networks. In Proceedings of the 1st Workshop on Secure Control Systems (SCS'10).Google Scholar
- Schweppe, F. C., Wildes, J., and Rom, D. B. 1970. Power system static state estimation. Parts 1, 2, 3. IEEE Trans. Power Appar. Syst. 89, 1, 120--135.Google Scholar
- U.S.-Canada Power System Outage Task Force. 2004. Final Report on the August 14, 2003 Blackout in the UnitedStates and Canada. https://reports.energy.gov/B-F-Web-Part1.pdf.Google Scholar
- Wood, A. and Wollenberg, B. 1996. Power Generation, Operation, and Control (2nd ed.), Wiley, New York.Google Scholar
- Wu, F. F. and Liu, W.-H. 1989. Detection of topology errors by state estimation. IEEE Trans. Power Syst. 4, 1, 176--183.Google ScholarCross Ref
- Xiang, N. and Wang, S. 1981. Estimation and identification of multiple bad data in power system state estimation. In Proceedings of the 7th Power Systems Computation Conference (PSCC). 1061--1065.Google Scholar
- Xiang, N., Wang, S., and Yu, E. 1982. A new approach for detection and identification of multiple bad data in power system state estimation. IEEE Trans. Power Appar. Syst. 103, 2, 225--233.Google Scholar
- Xiang, N., Wang, S., and Yu, E. 1983. An application of estimation-identification approach of multiple bad data in power system state estimation. IEEE Trans. Power Appar. Syst. 103, 2, 225--233.Google Scholar
- Zhao, L. and Abur, A. 2005. Multi area state estimation using synchronized phasor measurements. IEEE Trans. Power Syst. 20, 2, 611--617.Google ScholarCross Ref
- Zhu, J. and Abur, A. 2007. Bad data identification when using phasor measurements. In Proceedings of the IEEE Power Tech Conference. IEEE, Los Alamitos, CA, 1676--1681.Google Scholar
- Zimmerman, R. D. and Murillo-Sanchez, C. E. 2007. MATPOWER, A MATLAB power system simulation package. http://www.pserc.cornell.edu/matpower/manual.pdf.Google Scholar
Index Terms
- False data injection attacks against state estimation in electric power grids
Recommendations
False data injection attacks against state estimation in electric power grids
CCS '09: Proceedings of the 16th ACM conference on Computer and communications securityA power grid is a complex system connecting electric power generators to consumers through power transmission and distribution networks across a large geographical area. System monitoring is necessary to ensure the reliable operation of power grids, and ...
On False Data-Injection Attacks against Power System State Estimation: Modeling and Countermeasures
It is critical for a power system to estimate its operation state based on meter measurements in the field and the configuration of power grid networks. Recent studies show that the adversary can bypass the existing bad data detection schemes, posing ...
Cost-efficient and attack-resilient approaches for state estimation in power grids
SAC '15: Proceedings of the 30th Annual ACM Symposium on Applied ComputingState estimation is a fundamental question in a power grid and it is used to understand the state of power grids based on readings of sensors placed at important power grid components. Current state estimation approaches are highly vulnerable to ...
Comments