Detecting Hidden Attackers in Photovoltaic Systems Using Machine Learning Suman Sourav12 Partha P. Biswas2 Binbin Chen12 and Daisuke Mashima2
2025-04-27
0
0
377.35KB
7 页
10玖币
侵权投诉
Detecting Hidden Attackers in Photovoltaic Systems
Using Machine Learning
Suman Sourav1,2, Partha P. Biswas2, Binbin Chen1,2, and Daisuke Mashima2
1Singapore University of Technology and Design, Singapore; e-mail: [suman sourav, binbin chen]@sutd.edu.sg
2Advanced Digital Sciences Center, Singapore; e-mail: [partha.b, daisuke.m]@adsc-create.edu.sg
Abstract—In modern smart grids, the proliferation of commu-
nication enabled distributed energy resource (DER) systems has
increased the surface of possible cyber-physical attacks. Attacks
originating from the distributed edge devices of DER system,
such as photovoltaic (PV) system, is often difficult to detect.
An attacker may change the control configurations or various
setpoints of the PV inverters to destabilize the power grid,
damage devices, or for the purpose of economic gain. A more
powerful attacker may even manipulate the PV system metering
data transmitted for remote monitoring, so that (s)he can remain
hidden. In this paper, we consider a case where PV systems
operating in different control modes can be simultaneously
attacked and the attacker has the ability to manipulate individual
PV bus measurements to avoid detection. We show that even in
such a scenario, with just the aggregated measurements (that the
attacker cannot manipulate), machine learning (ML) techniques
are able to detect the attack in a fast and accurate manner. We
use a standard radial distribution network, together with real
smart home electricity consumption data and solar power data
in our experimental setup. We test the performance of several
ML algorithms to detect attacks on the PV system. Our detailed
evaluations show that the proposed intrusion detection system
(IDS) is highly effective and efficient in detecting attacks on PV
inverter control modes.
I. INTRODUCTION
The fast depletion of fossil fuels, environmental regula-
tion and imposition of carbon tax in some cases compelled
many countries to quickly adopt alternate and replenishable
sources of energy. Solar energy, a form of renewable energy,
is harnessed by the well-established PV system technology.
Globally, the growth in PV system installed capacity has
been phenomenal in the last couple of decades, and just in
the year 2019, about 109GW PV capacity was installed [1].
Together with the high penetration of renewable energy, mod-
ern grids are accommodating internet-of-things (IoT) devices
for efficient control and management of the grid. Though
sophisticated information technology network facilitates faster
communication and overall performance enhancement of the
grid, it also opens up channels for cyberattackers to intrude
into the power system and perform any offensive manoeuvre
that makes the system behave undesirably.
Grid or transmission system operator usually do not have
visibility of DER plants (e.g., solar plants), and in most
cases the monitoring of the plant is restricted to the local
distribution substation level. Furthermore, renewable sources
are inherently variable. Limited visibility as well as uncertainty
in renewable sources can easily be exploited by an attacker to
launch attacks through the edge devices of the PV systems [2].
The variability in system performance and output would even
make it harder to distinguish between an actual attack and
a regular change in system parameter. Attack on PV system
control characteristics may jeopardise the system voltage. The
impact of the attack would be severe if a majority of the
PVs connected to the system are manipulated (to give reduced
output or fully disconnected) or the attack is launched during
peak-loading scenarios of the network. Such an attack would
have economic consequences as well. Lowering the PV system
active power setpoint would force the consumers to draw more
active power from the thermal generator(s) connected to the
grid, thereby increasing both fuel cost and emission. As an
example, a change of setpoint even by 0.1 MW (lower) would
incur an additional fuel cost of anywhere between $0.175 to
$0.325 per hour depending on the type of fossil fuel used by
the generator [3]. The cost follows quadratic relationship with
the active power, implying even more commercial impact if
the setpoint is lowered further.
In a distribution network, different PVs can operate in differ-
ent control modes, and they can be attacked simultaneously.
Most of the existing studies [2], [4], [5] considered attack
only on single mode of operation, i.e., where all the PV
systems are operating in the same mode. In contrast, here
we consider and aim to highlight the case of a combined
attack on multiple, different modes. We discuss the impact of
such an attack and propose a method to detect it. Moreover,
we consider a sophisticated attacker who tries to stay hidden
by manipulating the PV bus measurements, i.e., by sending
PV bus measurements as if there is no attack. Such hidden
attackers often target to gain information by observing the
system and/or to disrupt the system on a specific planned time.
A cyber rule-based intrusion detection system (IDS) might
not be able to detect such attacks on the edge devices of PV
system. Therefore, we need to leverage physical system data
to analyze and detect. The adoption of machine intelligence
in detecting cyberattacks in smart grid on various aspects is
widespread. Several machine learning (ML) algorithms have
also been tested in the context of PV systems [2], [4]. In a
supervised ML method, the algorithm is trained with system-
wide data for both normal and attack scenarios in the network
considering variable load demand and solar power. Based on
the training imparted, the algorithm is expected to classify a
new set of data in the category of normal or attacked data.
arXiv:2210.05226v1 [cs.CR] 11 Oct 2022
The method is fast and quite accurate. Also, the ML-based
detection algorithm works in a non-invasive manner as it does
not interfere with the normal power system operation. In a
power grid, measurement data from some metering instru-
ments might be missing occasionally due to communication
loss or faulty instruments. A trained ML-model might still be
able to correctly classify a set of measurement data as normal
or malicious even when parts of the dataset are missing. We
leverage such characteristics of the ML method in our IDS
to detect attacks, especially the control mode related attacks
on the PV system. We simulate the PV control modes to run
power flow using the power simulator MATPOWER [6] and
generate exhaustive datsets for our study. We test several ML
algorithms and compare their performance. The contributions
of our work can be summarized as below:
•We give one of the first studies where simultaneous
attacks on PVs operating in different control modes
are considered, under a strong attacker model which
assumes capability of manipulating individual PV bus
measurements to remain hidden.
•For the various configurations, we create several base-
line datasets using a standard test distribution network
with real-world PV generation and load demand data
(where small errors of the energy meter readings are
unavoidable). We make these datasets publicly available
to facilitate further research in this direction.
•We evaluate the performance of many ML algorithms by
conducting extensive experiments including cases where
parts of measurement data are missing. The results show
that the ML-based techniques, specifically multi-layer
perceptron and random forest algorithms are effective and
efficient in detecting attacks on various PV control modes
(accuracy of around 95% even with missing data).
II. LITERATURE REVIEW
Cyberattack scenarios in the broader context of smart grid
have been well studied in the literature. Study on DER
integrated grids has also been popular among the energy
and cybersecurity research communities. Qi et al. [5] sug-
gested a holistic framework for defence against cyberattcks
in a network with high DER penetrations. The resilience
design aspects at cyber, physical device and utility levels
had been broadly discussed. In the same vein, Johnson et
al. [7] proposed engineering design control of the DER
devices and enclaving (i.e., segmentation) of the network with
several DERs to enhance the cyberattack resiliency. In [8], the
authors summarized the current industry practices for DER
cybersecurity and also suggested some strategies to improve
the security postures. Specifically for IDS, signature-based
and behavioural-based solutions were studied in [9] to detect
few types of attacks on PV inverters. For voltage control
manipulation in low voltage distribution grid, [10] gives a
contextual anomaly detection method based on an artificial
neural network. Chavez et al. [11] showed the importance of
physical system features, in addition to the network traffic
features, to identify certain types of attacks in a distribution
network. They collect and use a combination of cyber-security
data and power system and control information to propose a
hybrid IDS for DER systems. Unsupervised [2] ML algorithms
have been tested on a proposed edge-based IDS for PV system
security. In [4], a more conventional approach of supervised
learning ML methods were used to detect attacks, considering
synchronized data from PV systems.
In a different direction, Li et al. [12] use raw electrical
waveform data and a high-dimensional data-driven approach to
detect and identify cyber-physical attacks in distribution power
grids with PVs. Another approach that has been widely studied
in the power system context is the application of physics-based
techniques for attack detection [13], [14]. However, these
solutions rely quite heavily on the availability and accuracy of
all measurement data. For cases with missing measurements
or meter reading errors, the performance and accuracy of such
solutions would be limited.
Overall, most of these works discussed here focus on single
operating mode and the attacker doesn’t particularly focus on
remaining hidden. In contrast, here we consider simultaneous
attacks on PVs operating in different control modes where the
attacker manipulates PV bus measurements to remain hidden.
III. THREAT MODEL AND ATTACK MODES
Before we discuss in detail the possible threats on PV unit
operations, we briefly describe the various possible operating
modes of a PV unit. Once the attacker gets control, it actively
tries to stay hidden by manipulating the measurement data of
the bus associated with the DER by sending data as if the
DER were not attacked. As such, an analysis of individual PV
bus measurements wouldn’t reveal any attack.
A. PV Operating Modes
We consider three PV operating modes, namely, limit active
power mode (Max P), Constant power factor (PF) mode, and
voltage-reactive power mode (volt-var). Due to variability in
solar irradiance, the active power output from the PV unit
changes and it is limited by the capacity of PV unit and
associated inverters.
In limit active power mode (Max P), a DER is set to deliver
a defined maximum amount of active power. In constant power
factor (PF) mode, the active power output is proportional to
the reactive power output. Lastly, the voltage-reactive power
mode (volt-var mode) of operation is an important regulation
mode where the DER reactive power output is a function of the
voltage at the point of common coupling (PCC) or the DER
terminal for a standalone unit. PV inverter can be set to operate
at any characteristics between the most and least aggressive
curves defined as per UL 1741, and depicted in Fig. 1. Our
default setting (blue line in Fig. 1) is as per the interconnection
Rule 21 of California Public Utilities Commission, and also
per the PV inverter application guide [15].
B. PV Attack Modes
As the penetration of DERs including PVs into the grid is
becoming high, any maloperation in the PV control modes
摘要:
展开>>
收起<<
DetectingHiddenAttackersinPhotovoltaicSystemsUsingMachineLearningSumanSourav1,2,ParthaP.Biswas2,BinbinChen1,2,andDaisukeMashima21SingaporeUniversityofTechnologyandDesign,Singapore;e-mail:[sumansourav,binbinchen]@sutd.edu.sg2AdvancedDigitalSciencesCenter,Singapore;e-mail:[partha.b,daisuke.m]@adsc-cre...
声明:本站为文档C2C交易模式,即用户上传的文档直接被用户下载,本站只是中间服务平台,本站所有文档下载所得的收益归上传人(含作者)所有。玖贝云文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。若文档所含内容侵犯了您的版权或隐私,请立即通知玖贝云文库,我们立即给予删除!
相关推荐
-
【词汇变形总汇】2025高考词汇变形总汇 - 教师版VIP免费
2024-12-06 3 -
【超简37页】新课标高考英语考纲3500词汇VIP免费
2024-12-06 4 -
《高考英语3500词详解》(WORD版)VIP免费
2024-12-06 13 -
《高考英语3500词详解》VIP免费
2024-12-06 11 -
高中英语-[教师版]80天通关高考3500词汇VIP免费
2024-12-06 12 -
高中人教选修7课文逐句翻译VIP免费
2024-12-06 7 -
高中人教选修7课文原文及翻译VIP免费
2024-12-06 13 -
高中人教必修4课文逐句翻译VIP免费
2024-12-06 7 -
高中人教必修4课文原文及翻译VIP免费
2024-12-06 13 -
高考英语核心高频688词汇VIP免费
2024-12-06 10
分类:图书资源
价格:10玖币
属性:7 页
大小:377.35KB
格式:PDF
时间:2025-04-27
作者详情
相关内容
-
3-专题三 牛顿运动定律 2-教师专用试题
分类:中学教育
时间:2025-04-07
标签:无
格式:DOCX
价格:5.9 玖币
-
2-专题二 相互作用 2-教师专用试题
分类:中学教育
时间:2025-04-07
标签:无
格式:DOCX
价格:5.9 玖币
-
6-专题六 机械能 2-教师专用试题
分类:中学教育
时间:2025-04-07
标签:无
格式:DOCX
价格:5.9 玖币
-
4-专题四 曲线运动 2-教师专用试题
分类:中学教育
时间:2025-04-08
标签:无
格式:DOCX
价格:5.9 玖币
-
5-专题五 万有引力与航天 2-教师专用试题
分类:中学教育
时间:2025-04-08
标签:无
格式:DOCX
价格:5.9 玖币
渝公网安备50010702506394
