Physics-aware AI-based Approach for Cyber Intrusion Detection in Substation Automation Systems
About the project
With the integration of information and communications technology and intelligent electric devices, substation automation systems (SAS) greatly boost the efficiency of power system monitoring and control. However, at the frontier of the wide-area monitoring and control infrastructure of a bulk power system, substations also bring new vulnerabilities and are known to be attractive targets for attackers. In this project, we will research, develop, and validate algorithms that defend against cyberattacks that aim to disrupt substation operations by maliciously changing measurements and/or spoofing spurious control commands.
We propose multiple use-inspired AI innovations that crucially leverage concurrent capabilities of SAS to transform cyber security of power systems, including (i) a framework that synergizes optimization-based attack modelling with inverse reinforcement learning for multi-stage attack detection, (ii) a decision-focused distributed CPS modelling approach, and (iii) a mathematical program with equilibrium constraints framework of adversarial unlearning for spoofing detection.
In the IEC 61850-based Substation Automation System (SAS), integrating computing and communication technologies with Intelligent Electric Devices (IEDs) greatly enhances the efficiency of power system monitoring and control. The fast-growing connectivity via wide area networks (WAN) enables powerful automation functions; however, it also brings cyber vulnerabilities concerning new attack vectors. The substations are known to be attractive targets for the attackers since they form the frontier of the wide-area monitoring and control infrastructure of a bulk power system, which consists of a Supervisory Control And Data Acquisition (SCADA) system, an Energy Management System (EMS), and a control centre.
Cyberattacks at SASs may be performed by maliciously changing measurements from IEDs and merging units (MUs) and/or spoofing spurious control commands for one or more switching devices from IEDs. An attack can also alter a device configuration even if commands and data are compliant with respect to syntax, protocol, and the targeted device. The vulnerabilities of the modern grid are many, as described in a National Academies Report.
Anomaly detection can reduce cyber threats to the substations and improve root cause analysis. Traditional anomaly data detection heavily relies on human experts to design rule-based detection mechanisms, which can be time-consuming, inefficient, less adaptive, and labour-intensive. More recently, sophisticated anomaly detection methods have been reported in the literature, but they largely ignore the special characteristics of attacks on SAS and practical system-level constraints on communication and computation.
Transformative and disruptive applications of use-inspired AI for SAS anomaly detection are in their infancy. The proposed project is among the first known efforts to develop and demonstrate AI-enabled SAS anomaly data detection that crucially leverages the cross-disciplinary collaboration between substation Information engineering and Communications Technology (especially distributed machine learning) for cyber defence.
The project is a collaboration between the University of California Berkeley, Virginia Tech and KTH Royal Institute of Technology.
Professor, Division of Network and Systems Engineering at KTH, Co-PI of research project Decision-making in Critical Societal Infrastructures (DEMOCRITUS), Digital Futures fellow, Digital Futures Faculty+46 73 632 25 61