Sensor Data Analytics for Intrusion Detection in Cyber-Physical Systems
March 30, 2018
Given the complexity of the grid and the variety of of possible attack vectors, security breaches are imminent irrespective of the level of security level put in place. Hence, utilities need to put extra measures to minimize the effect of such attacks. One such measure is intrusion detection.
Utilizing the expert knowledge about the physical laws that determine the operating limits of the grid, we propose a hierarchical intrusion detection mechanism. We achieve this with only a limited number of appropriately deployed phasor measurement units (PMUs). As a case study, at the network edge, we show how measurements from a single PMU can be used to detect a reconnaissance attack that closes a normally-open switch. We achieve this using an online Thevenin parameter estimation technique. We also integrate PMU measurements from different locations with centrally available information about the state of the SCADA system to determine if a detected anomaly is caused by malicious activity or a natural phenomena.