Data Mining-Based Cyber-Physical Attack Detection Tool for Attack-Resilient Adaptive Protective Relays
Abstract
:1. Introduction
2. The Rough Set-Based Rule Learning
2.1. Information Tables
2.2. Indiscernibility Relation and Set Approximation
2.3. Reducts
2.4. Decision Rules
3. Proposed Detection Tool for Digital Relays
3.1. Probabilistic Analysis and System Uncertainties Associated with Fault Calculation
- The bus voltages, which are considered the pre-fault voltages,
- The load currents seen by each relay before the fault occurrence, and
- The fault currents seen by each relay in the network.
3.2. Modeling of Load Demand and DG Injected Power
3.3. Simulation Results
3.4. Proposed Algorithm for Initialization Phase
4. Simulation Setup and Results
4.1. System Description
4.2. System Modeling
4.3. Rough Set and Rule Generation
5. Performance Evaluation
5.1. Attack Template and Model
- 1-
- It is assumed that an attacker can gain access to the information of the protection systems and their communication protocols to manipulate the digital relay setting signal coming from a remote control center.
- 2-
- The measured voltages and currents are local and secure.
- 3-
- Attackers can target one or more relays at the same time.
- 4-
- Attackers know the lines protected by the smart relays.
- 5-
- Attackers cannot trip circuit breakers directly.
- 6-
- Attacker capabilities are limited.
5.2. Classification Results
5.3. Performance Measures
- Accuracy (classification rate) is calculated as the number of all correct predictions divided by the total number of cases in the dataset.
- Error rate (ERR) is calculated as the number of all incorrect predictions divided by the total number of cases in the dataset.
- Sensitivity (probability of detection) measures the proportion of actual positives correctly identified. This measure is crucial for attack detection tools since false positives are better tolerated by the system than false negatives.
5.4. Execution Time
6. Summary and Conclusions
Author Contributions
Funding
Conflicts of Interest
References
- Deng, R.; Zhuang, P.; Liang, H. CCPA: Coordinated Cyber-Physical Attacks and Countermeasures in Smart Grid. IEEE Trans. Smart Grid 2017, 8, 2420–2430. [Google Scholar] [CrossRef]
- Mohamed, N.A.; Salama, M.M.A. A review on the proposed solutions to microgrid protection problems. In Proceedings of the Canadian Conference on Electrical and Computer Engineering, Vancouver, BC, Canada, 15–18 May 2016. [Google Scholar] [CrossRef]
- Oudalov, A.; Fidigatti, A. Adaptive Network Protection in MIcrogrids. ABB Int. J. Distrib. Energy Resour. 2009, 5, 201–226. [Google Scholar]
- Orji, U.; Schantz, C.; Leeb, S.B.; Kirtley, J.L.; Sievenpiper, B.; Gerhard, K.; McCoy, T. Adaptive Zonal Protection for Ring Microgrids. IEEE Trans. Smart Grid 2017, 8, 1843–1851. [Google Scholar] [CrossRef]
- Ustun, T.S.; Khan, R.H.; Hadbah, A.; Kalam, A. An adaptive microgrid protection scheme based on a wide-area smart grid communications network. In Proceedings of the 2013 IEEE Latin-America Conference on Communication, Santiago, Chile, 24–26 November 2013. [Google Scholar] [CrossRef]
- Ibrahim, A.M.; El-Khattam, W.; ElMesallamy, M.; Talaat, H.A. Adaptive protection coordination scheme for distribution network with distributed generation using ABC. J. Electr. Syst. Inf. Technol. 2016, 3, 320–332. [Google Scholar] [CrossRef] [Green Version]
- Coffele, F.; Booth, C.; Dyśko, A. An Adaptive Overcurrent Protection Scheme for Distribution Networks. IEEE Trans. Power Deliv. 2014, 30, 561–568. [Google Scholar] [CrossRef] [Green Version]
- Osman, A.H.; Hassan, M.S.; Sulaiman, M. Communication-based adaptive protection for distribution systems penetrated with distributed generators. Electr. Power Compon. Syst. 2015, 43, 556–565. [Google Scholar] [CrossRef]
- Souza, F.C.; Souza, B.A. Adaptive overcurrent adjustment settings: A case study using RTDS®. In Proceedings of the 2013 IEEE PES Conference on Innovative Smart Grid Technologies, Sao Paolo, Brazil, 15–17 April 2013. [Google Scholar] [CrossRef]
- Rockefeller, G.D.; Wagner, C.L.; Linders, J.R.; Hicks, K.L.; Rizy, D.T. Adaptive transmission relaying concepts for improved performance. IEEE Trans. Power Deliv. 1988, 3, 1446–1458. [Google Scholar] [CrossRef]
- Ward, S.; O’Brien, J.; Beresh, B.; Benmouyal, G.; Holstein, D.; Tengdin, J.T.; Fodero, K.; Simon, M.; Carden, M.; Yalla, M.V.V.S.; et al. Cyber Security Issues for Protective Relays; C1 Working Group Members of Power System Relaying Committee. In Proceedings of the 2007 IEEE Power Engineering Society General Meeting, Tampa, FL, USA, 24–28 June 2007. [Google Scholar] [CrossRef]
- Premaratne, U.K.; Samarabandu, J.; Sidhu, T.S.; Beresh, R.; Tan, J.C. An intrusion detection system for IEC61850 automated substations. IEEE Trans. Power Deliv. 2010, 25, 2376–2383. [Google Scholar] [CrossRef]
- Premaratne, U.; Ling, C.; Samarabandu, J.; Sidhu, T. Possibilistic decision trees for intrusion detection in IEC61850 automated substations. In Proceedings of the 2009 International Conference on Industrial and Information Systems, Peradeniya, Sri Lanka, 28–31 December 2009; pp. 204–209. [Google Scholar] [CrossRef]
- Ten, C.W.; Hong, J.; Liu, C.C. Anomaly detection for cybersecurity of the substations. IEEE Trans. Smart Grid 2011, 2, 865–873. [Google Scholar] [CrossRef]
- Khaw, Y.M.; Abiri Jahromi, A.; Arani, M.F.M.; Sanner, S.; Kundur, D.; Kassouf, M. A Deep Learning-Based Cyberattack Detection System for Transmission Protective Relays. IEEE Trans. Smart Grid 2021, 12, 2554–2565. [Google Scholar] [CrossRef]
- Hong, J.; Nuqui, R.F.; Kondabathini, A.; Ishchenko, D.; Martin, A. Cyber Attack Resilient Distance Protection and Circuit Breaker Control for Digital Substations. IEEE Trans. Ind. Inform. 2019, 15, 4332–4341. [Google Scholar] [CrossRef]
- Hariri, M.; Faddel, S.; Mohammed, O. An artificially intelligent physical model-checking approach to detect switching-related attacks on power systems. In Proceedings of the 2017 IEEE 7th International Conference on Power and Energy Systems, Toronto, ON, Canada, 1–3 November 2017; pp. 23–28. [Google Scholar] [CrossRef]
- Koutsandria, G.; Muthukumar, V.; Parvania, M.; Peisert, S.; McParland, C.; Scaglione, A. A hybrid network IDS for protective digital relays in the power transmission grid. In Proceedings of the 2014 IEEE International Conference on Smart Grid Communications (SmartGridComm), Venice, Italy, 3–6 November 2014; pp. 908–913. [Google Scholar] [CrossRef] [Green Version]
- Yao, Y.; Zhao, Y. Discernibility matrix simplification for constructing attribute reducts. Inf. Sci. 2009, 179, 867–882. [Google Scholar] [CrossRef] [Green Version]
- Saini, P.; Sethi, N.; Scholar, M.T. Decision Support in Data Mining Using Rough Set Theory. IJIRST 2013, 1, 14–21. [Google Scholar]
- Komorowski, J.; Polkowski, L.; Skowron, A. Rough Sets: A Tutorial. In Rough Fuzzy Hybridization: A New Trend in Decision-Making; Pal, S.K., Skowron, A., Eds.; Springer: Singapore, 1999; pp. 3–98. [Google Scholar]
- Skowron, A.; Rauszer, C. The Discernibility Matrices and Functions in Information Systems. In Intelligent Decision Support; Springer: Heidelberg, The Netherlands, 1992; pp. 331–362. [Google Scholar] [CrossRef]
- Grigg, C.; Wong, P. The IEEE reliability test system—1996 a report prepared by the reliability test system task force of the application of probability methods subcommittee. IEEE Trans. Power Syst. 1999, 14, 1010–1020. [Google Scholar] [CrossRef]
- Nassar, M.E.; Salama, M.M.A. A novel probabilistic load model and probabilistic power flow. In Proceedings of the Canadian Conference on Electrical and Computer Engineering, Halifax, NS, Canada, 3–6 May 2015; pp. 881–886. [Google Scholar] [CrossRef]
- Nassar, M. Microgrid Enabling Towards the Implementation of Smart Grids. Ph.D. Thesis, University of Waterloo, Waterloo, ON, Canada, 21 June 2017. [Google Scholar]
- Yue, Q.; Lu, F.; Yu, W.; Wang, J. A novel algorithm to determine minimum break point set for optimum cooperation of directional protection relays in multiloop networks. IEEE Trans. Power Deliv. 2006, 21, 1114–1119. [Google Scholar] [CrossRef]
- Distribution Test Feeders—IEEE Distribution System Analysis Subcommittee. Available online: https://www.ewh.ieee.org/soc/pes/dsacom/testfeeders.html (accessed on 27 June 2021).
- OpenDSS. Available online: https://www.epri.com/pages/sa/opendss. (accessed on 22 January 2021).
- ROSETTA. A Rough Set Toolkit. Available online: http://bioinf.icm.uu.se/rosetta/ (accessed on 5 August 2021).
- Sridhar, S.; Govindarasu, M. Model-based attack detection and mitigation for automatic generation control. IEEE Trans. Smart Grid 2014, 5, 580–591. [Google Scholar] [CrossRef]
- Zhang, J.; Gunter, C.A. Application-Aware Secure Multicast for Power Grid Communications. In Proceedings of the 2010 First IEEE International Conference on Smart Grid Communications, Gaithersburg, MA, USA, 4–6 October 2010; pp. 339–344. [Google Scholar] [CrossRef]
- Feng, Y.; Qian, Y.; Ju, R.Q. Smart Grid Communication Infrastructures: Big Data, Cloud Computing, and Security; John Wiley & Sons: Hoboken, NJ, USA, 2018. [Google Scholar]





| Season Clusters | Model | 
|---|---|
| Summer Weekday | L1 | 
| Summer Weekend | L2 | 
| Winter Weekday | L3 | 
| Winter Weekend | L4 | 
| Fall/Spring Weekday | L5 | 
| Fall/Spring Weekend | L6 | 
| L1 | L2 | L3 | L4 | L5 | L6 | |
|---|---|---|---|---|---|---|
| 1 | 0.523 | 0.478 | 0.576 | 0.530 | 0.449 | 0.423 | 
| 2 | 0.491 | 0.452 | 0.542 | 0.489 | 0.442 | 0.411 | 
| 3 | 0.474 | 0.426 | 0.516 | 0.462 | 0.428 | 0.389 | 
| 4 | 0.458 | 0.420 | 0.508 | 0.449 | 0.414 | 0.372 | 
| 5 | 0.458 | 0.413 | 0.508 | 0.435 | 0.421 | 0.366 | 
| 6 | 0.474 | 0.401 | 0.516 | 0.442 | 0.464 | 0.366 | 
| 7 | 0.523 | 0.401 | 0.637 | 0.449 | 0.514 | 0.383 | 
| 8 | 0.621 | 0.426 | 0.740 | 0.476 | 0.606 | 0.417 | 
| 9 | 0.711 | 0.523 | 0.817 | 0.544 | 0.678 | 0.468 | 
| 10 | 0.777 | 0.556 | 0.826 | 0.598 | 0.706 | 0.502 | 
| 11 | 0.810 | 0.588 | 0.826 | 0.612 | 0.713 | 0.519 | 
| 12 | 0.818 | 0.601 | 0.817 | 0.618 | 0.706 | 0.530 | 
| 13 | 0.810 | 0.601 | 0.817 | 0.612 | 0.664 | 0.513 | 
| 14 | 0.818 | 0.594 | 0.817 | 0.598 | 0.656 | 0.507 | 
| 15 | 0.818 | 0.588 | 0.800 | 0.591 | 0.642 | 0.507 | 
| 16 | 0.793 | 0.588 | 0.809 | 0.591 | 0.628 | 0.485 | 
| 17 | 0.785 | 0.594 | 0.852 | 0.618 | 0.642 | 0.479 | 
| 18 | 0.785 | 0.607 | 0.860 | 0.680 | 0.656 | 0.496 | 
| 19 | 0.760 | 0.614 | 0.860 | 0.673 | 0.685 | 0.519 | 
| 20 | 0.752 | 0.614 | 0.826 | 0.659 | 0.699 | 0.564 | 
| 21 | 0.752 | 0.646 | 0.783 | 0.639 | 0.685 | 0.547 | 
| 22 | 0.760 | 0.601 | 0.714 | 0.625 | 0.642 | 0.535 | 
| 23 | 0.711 | 0.568 | 0.628 | 0.591 | 0.571 | 0.507 | 
| 24 | 0.589 | 0.517 | 0.542 | 0.550 | 0.499 | 0.479 | 
| Model | αw | βw | Γw | 
|---|---|---|---|
| L1 | 2.4226 | 0.09934 | −0.08812 | 
| L2 | 1.7979 | 0.05353 | −0.04758 | 
| L3 | 5.247 | 0.22676 | −0.20872 | 
| L4 | 5.1698 | 0.16188 | −0.14876 | 
| L5 | 8.2088 | 0.21547 | −0.20307 | 
| L6 | 17.046 | 0.29313 | −0.28402 | 
| Model | Season | Γ | δ | λ | ζ | 
|---|---|---|---|---|---|
| WD1 | Spring | 0.40832 | 0.46673 | 0.97881 | −0.0765 | 
| WD2 | Fall | 0.1866 | 0.49059 | 0.98015 | −0.00616 | 
| WD3 | Summer | 0.48423 | 0.55561 | 0.97956 | −0.00874 | 
| WD4 | Winter | −0.0199 | 0.48906 | 0.95746 | 0.005568 | 
| No. | Relay#1 | Relay#8 | Relay#12 | ||||||
|---|---|---|---|---|---|---|---|---|---|
| V (p.u) | I (A) | TDS | V (p.u) | I (A) | TDS | V (p.u) | I (A) | TDS | |
| C1 | 1.014 | 27.33 | 0.206 | 0.851 | 17.78 | 0.102 | 0.949 | 8.20 | 0.001 | 
| C2 | 0.993 | 45.44 | 0.001 | 1.0173 | 14.19 | 17.857 | 1.008 | 1.23 | 20 | 
| C3 | 1.047 | 33.37 | 0.105 | 0.939 | 21.35 | 0.095 | 0.968 | 7.98 | |
| C4 | 1.031 | 50.77 | 0.208 | 0.996 | 14.53 | 0.001 | 0.898 | 0.82 | |
| C5 | 1.008 | 19.64 | 0.202 | 1.061 | 18.76 | 0.098 | 1.055 | 2.09 | |
| C6 | 1.019 | 23.29 | 0.959 | 15.29 | 1.029 | 8.39 | |||
| C7 | 1.026 | 36.19 | 0.976 | 16.88 | 0.846 | 1.60 | |||
| C8 | 0.985 | 40.06 | 1.039 | 14.87 | 0.988 | 1.39 | |||
| C9 | 1.000 | 56.61 | 0.912 | 19.84 | 0.874 | 1.86 | |||
| C10 | 1.039 | 30.55 | 0.883 | 15.95 | 0.925 | 1.03 | |||
| No. | Rule | Support | Coverage | 
|---|---|---|---|
| R1 | IF Voltage = 4 AND Current = 1 Then TDS = 1 | 103 | 0.0515 | 
| R2 | IF Voltage = 1 AND Current = 3 Then TDS = 4 | 151 | 0.0755 | 
| R3 | IF Voltage = 10 AND Current = 6 Then TDS = 1 | 91 | 0.0455 | 
| R4 | IF Voltage = 2 AND Current = 4 Then TDS = 1 OR 4 | 74 | 0.037 | 
| R5 | IF Voltage = 6 AND Current = 10 Then TDS = 4 | 107 | 0.0535 | 
| R6 | IF Voltage = 4 AND Current = 3 Then TDS = 5 | 18 | 0.009 | 
| R7 | IF Voltage = 10 AND Current = 10 Then TDS = 5 | 26 | 0.013 | 
| No. | Rule | Support | Coverage | 
|---|---|---|---|
| R1 | IF Voltage = 8 AND Current = 4 Then TDS = 1 OR 5 | 85 | 0.0425 | 
| R2 | IF Voltage = 4 AND Current = 4 Then TDS = 5 | 183 | 0.0915 | 
| R3 | IF Voltage = 4 AND Current = 2 Then TDS = 1 | 89 | 0.0445 | 
| R4 | IF Voltage = 2 AND Current = 4 Then TDS = 1 OR 5 | 129 | 0.0645 | 
| R5 | IF Voltage = 10 AND Current = 1 Then TDS = 1 OR 3 | 51 | 0.0255 | 
| R6 | IF Voltage = 10 AND Current = 9 Then TDS = 3 | 25 | 0.0125 | 
| No. | Rule | Support | Coverage | 
|---|---|---|---|
| R1 | IF Voltage = 6 AND Current = 4 Then TDS = 1 | 16 | 0.008 | 
| R2 | IF Voltage = 8 AND Current = 2 Then TDS = 1 | 90 | 0.045 | 
| R3 | IF Voltage = 9 AND Current = 9 Then TDS = 1 OR 2 | 13 | 0.0065 | 
| R4 | IF Voltage = 1 AND Current = 1 Then TDS = 1 | 93 | 0.0465 | 
| R5 | IF Voltage = 3 AND Current = 1 Then TDS = 1 | 82 | 0.041 | 
| R6 | IF Voltage = 5 AND Current = 4 Then TDS = 1 | 59 | 0.0295 | 
| Total = 200 | Predicted | ||
|---|---|---|---|
| Yes | No | ||
| Actual | Yes | True Positive (TP) = 97 | False Negative (FN) = 3 | 
| No | False Positive (FP) = 0 | True Negative (TN) = 100 | |
| Total = 200 | Predicted | ||
|---|---|---|---|
| Yes | No | ||
| Actual | Yes | True Positive (TP) = 97 | False Negative (FN) = 3 | 
| No | False Positive (FP) = 1 | True Negative (TN) = 99 | |
| Total = 200 | Predicted | ||
|---|---|---|---|
| Yes | No | ||
| Actual | Yes | True Positive (TP) = 99 | False Negative (FN) = 1 | 
| No | False Positive (FP) = 0 | True Negative (TN) = 100 | |
| Measures | Relay#1 | Relay#8 | Relay#12 | 
|---|---|---|---|
| Accuracy | 98.5% | 98% | 99.5% | 
| ERR | 1.5% | 2% | 0.5% | 
| Sensitivity | 97% | 97% | 99% | 
| Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. | 
© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Mohamed, N.; Salama, M.M.A. Data Mining-Based Cyber-Physical Attack Detection Tool for Attack-Resilient Adaptive Protective Relays. Energies 2022, 15, 4328. https://doi.org/10.3390/en15124328
Mohamed N, Salama MMA. Data Mining-Based Cyber-Physical Attack Detection Tool for Attack-Resilient Adaptive Protective Relays. Energies. 2022; 15(12):4328. https://doi.org/10.3390/en15124328
Chicago/Turabian StyleMohamed, Nancy, and Magdy M. A. Salama. 2022. "Data Mining-Based Cyber-Physical Attack Detection Tool for Attack-Resilient Adaptive Protective Relays" Energies 15, no. 12: 4328. https://doi.org/10.3390/en15124328
APA StyleMohamed, N., & Salama, M. M. A. (2022). Data Mining-Based Cyber-Physical Attack Detection Tool for Attack-Resilient Adaptive Protective Relays. Energies, 15(12), 4328. https://doi.org/10.3390/en15124328
 
         
                                                

 
       