Abstract
The digital transformation of power systems has introduced a new challenge for robustness: cyber security threats. Motivated by the feasibility of a potent attack (e.g., the Stuxnet worm attack and the one in the hacker-caused Ukraine blackout) that it can be equipped with extensive system knowledge, vast attack resources to manipulate multiple measurements (multivariate attacks) and also strong capability to keep stealthy from possible detectors, the thesis work has built a framework capable of both vulnerability analysis and attack detection. Security index quantifying attack resources was proposed and the attack scenario was extended to subsume the combined data integrity and availability attacks. Realistic aspects of limited adversarial knowledge or resources were considered in the overall cyber risk assessment. Co-simulation tool specially for cyber security analysis has been developed, capturing the character of a cyber-physical system of intelligent power grids. A diagnosis filter was designed with a scalable and robust feature to detect all the plausible multivariate attacks in an admissible set by exploiting the attack impact on the system dynamics, with non-zero transient or non-zero steady-state residual output. The yielding Nash equilibrium implies that the proposed diagnosis filter is not based on a conservative design in the sense of its long-term behavior. In the end, this thesis also tried to implement the diagnosis filter in a real or simulated power system. A further robustification method was proposed to mitigate the effects from possible model mismatches on the residual output by using the simulation data to extract the model mismatch signatures, which has contributed to a novel data-assisted model-based attack detection approach.
Original language | English |
---|---|
Qualification | Doctor of Philosophy |
Awarding Institution |
|
Supervisors/Advisors |
|
Award date | 12 Mar 2020 |
Print ISBNs | 978-94-028-1975-5 |
DOIs | |
Publication status | Published - 2020 |
Keywords
- combined attacks
- disruptive multivariate intrusions
- vulnerability assessment
- cyber risk analysis
- robust attack detection