Distributed Framework for Mitigating Malicious Intrusions in Power Grids

Esther Marion Amullen, Tennessee State University


Malicious Data Injection attacks have been identified as the most detrimental attacks against electric power grids and have been under investigation by the research community for decades. Malicious data injection attacks target remote components of the power network, the control center and the corporate network. Malicious data injected at remote sites targets sensory data in substations used for state estimation in the power grid while injections at the control center often target control supervisory Control and Data Acquisition (SCADA) traffic. Maliciously modifying sensor readings obtained from meters and control signals such as control commands issued by the SCADA to remote substations misleads the control center into issuing incorrect commands and taking ill-advised response action that may be detrimental to the power grid's operation. It has been shown that an attacker with knowledge of the network topology, the syntax and payload of SCADA control commands can craft malicious data injection attacks that will go undetected by detection strategies currently employed within the power grid. This report proposes a distributed multi-agent system that detects malicious control commands and measurements in the electric power grid. The multi-agent system is composed of cooperative agents deployed at substations equipped with local data from IEDs within substations and the capability to exchange this data with agents at neighboring substations. With limited information and communication links available within substations, agents can interactively, 1) extract semantics of control fields from data packets flowing within substations 2) perform local rapid state estimation based on data from individual substations and neighboring substations to detect malicious data within the power network 3) run a consensus based information exchange algorithm to facilitate rapid sharing of simulated state estimation information with neighboring agents and 4) cooperatively detect malicious data injections within the power grid. This report presents algorithms that leverage machine learning and data analysis techniques such as clustering to achieve near-real-time intrusion detection, cooperative control of multi-agent systems to achieve coordinated distributed intrusion detection and finally distributed state estimation and power flow algorithms to secure traditional state estimation and control actions at substations. The proposed framework is evaluated using simulations in MATLAB.

Subject Area

Computer Engineering|Engineering|Electrical engineering

Recommended Citation

Esther Marion Amullen, "Distributed Framework for Mitigating Malicious Intrusions in Power Grids" (2019). ETD Collection for Tennessee State University. Paper AAI13814949.