Skip to main content

Physics-aware AI-based Approach for Cyber Intrusion Detection in Substation Automation Systems

Objective
With the integration of information and communications technology and intelligent electric devices, substation automation systems (SAS) greatly boost the efficiency of power system monitoring and control. However, substations also bring new vulnerabilities at the frontier of a bulk power system’s wide-area monitoring and control infrastructure. They are known to be attractive targets for attackers. In this project, we will research, develop, and validate algorithms that defend against cyberattacks that aim to disrupt substation operations by maliciously changing measurements and/or spoofing spurious control commands.

We propose multiple use-inspired AI innovations that crucially leverage concurrent capabilities of SAS to transform the cyber security of power systems, including (i) a framework that synergizes optimization-based attack modelling with inverse reinforcement learning for multi-stage attack detection, (ii) a decision-focused distributed CPS modelling approach, and (iii) a mathematical program with equilibrium constraints framework of adversarial unlearning for spoofing detection.

Background
In the IEC 61850-based Substation Automation System (SAS), integrating computing and communication technologies with Intelligent Electric Devices (IEDs) greatly enhances the efficiency of power system monitoring and control. The fast-growing connectivity via wide area networks (WAN) enables powerful automation functions but also brings cyber vulnerabilities concerning new attack vectors. The substations are known to be attractive targets for attackers since they form the frontier of the wide-area monitoring and control infrastructure of a bulk power system, which consists of a Supervisory Control And Data Acquisition (SCADA) system, an Energy Management System (EMS), and a control centre.

Cyberattacks at SASs may be performed by maliciously changing measurements from IEDs and merging units (MUs) and/or spoofing spurious control commands for one or more switching devices from IEDs. An attack can alter a device’s configuration even if commands and data comply with syntax, protocol, and the targeted device. The vulnerabilities of the modern grid are many, as described in a National Academies Report.

Crossdisciplinary collaboration
Anomaly detection can reduce cyber threats to substations and improve root cause analysis. Traditional anomaly data detection heavily relies on human experts to design rule-based detection mechanisms, which can be time-consuming, inefficient, less adaptive, and labour-intensive. More recently, sophisticated anomaly detection methods have been reported in the literature. Still, they largely ignore the special characteristics of attacks on SAS and practical system-level constraints on communication and computation.

Transformative and disruptive applications of use-inspired AI for SAS anomaly detection are in their infancy. The proposed project is among the first known efforts to develop and demonstrate AI-enabled SAS anomaly data detection that crucially leverages the cross-disciplinary collaboration between substation Information engineering and Communications Technology (especially distributed machine learning) for cyber defence.

The project is a collaboration between the University of California Berkeley, Virginia Tech and KTH Royal Institute of Technology.

Watch the recorded presentation at the Digitalize in Stockholm 2023 event:

 

Contacts

Picture of Carlo Fischione

Carlo Fischione

Professor, Division of Network and Systems Engineering at KTH, Co-PI of research project Decision-making in Critical Societal Infrastructures (DEMOCRITUS), Digital Futures fellow, Digital Futures Faculty

+46 73 632 25 61
carlofi@kth.se
Picture of Ming Jin

Ming Jin

Assistant Professor of Electrical and Computer Engineering, Virginia Tech

jinming@vt.edu
Picture of Chen-Ching Liu

Chen-Ching Liu

American Electric Power Professor, Virginia Tech

ccliu@vt.edu
Picture of Alberto Sangiovanni-Vicentelli

Alberto Sangiovanni-Vincentelli

Professor, University of California, Berkeley

alberto@berkeley.edu