Towards Real-Time Distinction of Power System Faults and Cyber Attacks on Digital Substations Using Cyber-Physical Event Correlation

Ioannis Semertzis, Himanshu Goyel, Vetrivel S. Rajkumar, Alfan Presekal, Alexandru Stefanov, Peter Palensky

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Cyber actors can target the unsecured IEC 61850 protocols in digital substations to open circuit breakers and affect the power system operation. Thus, system operators must detect cyber-physical anomalies and differentiate in real-time between power system faults and cyber attacks on digital substations for effective incident response. In this work, we propose a novel image encoding method for event correlation using cyber-physical time-series data, i.e., Phasor Measurement Units (PMUs) and Operational Technology (OT) network traffic. More specifically, we propose a dynamic variation of the Gramian Angular Field method, which generates image streams capturing in real-time the spatial-temporal features in PMU measurements and IEC 61850 GOOSE traffic throughput. The proposed method for cyber-physical event correlation uses an image fusion technique. The method is tested using the benchmark IEEE 9-bus system. It successfully distinguishes between three-phase faults and GOOSE cyber attacks, demonstrating its usefulness for power system cyber security analytics.

Original languageEnglish
Title of host publication2024 12th Workshop on Modeling and Simulation of Cyber-Physical Energy Systems, MSCPES 2024
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9798350362848
DOIs
Publication statusPublished - 2024
Event12th Workshop on Modeling and Simulation of Cyber-Physical Energy Systems, MSCPES 2024 - Hong Kong, China
Duration: 13 May 2024 → …

Publication series

Name2024 12th Workshop on Modeling and Simulation of Cyber-Physical Energy Systems, MSCPES 2024

Conference

Conference12th Workshop on Modeling and Simulation of Cyber-Physical Energy Systems, MSCPES 2024
Country/TerritoryChina
CityHong Kong
Period13/05/24 → …

Keywords

  • Cyber attacks
  • cyber security
  • cyber-physical power systems
  • event correlation
  • IEC 61850
  • image encoding

Fingerprint

Dive into the research topics of 'Towards Real-Time Distinction of Power System Faults and Cyber Attacks on Digital Substations Using Cyber-Physical Event Correlation'. Together they form a unique fingerprint.

Cite this