Towards Real-Time Distinction of Power System Faults and Cyber Attacks on Digital Substations Using Cyber-Physical Event Correlation

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

Abstract

Cyber actors can target the unsecured IEC 61850 protocols in digital substations to open circuit breakers and affect the power system operation. Thus, system operators must detect cyber-physical anomalies and differentiate in real-time between power system faults and cyber attacks on digital substations for effective incident response. In this work, we propose a novel image encoding method for event correlation using cyber-physical time-series data, i.e., Phasor Measurement Units (PMUs) and Operational Technology (OT) network traffic. More specifically, we propose a dynamic variation of the Gramian Angular Field method, which generates image streams capturing in real-time the spatial-temporal features in PMU measurements and IEC 61850 GOOSE traffic throughput. The proposed method for cyber-physical event correlation uses an image fusion technique. The method is tested using the benchmark IEEE 9-bus system. It successfully distinguishes between three-phase faults and GOOSE cyber attacks, demonstrating its usefulness for power system cyber security analytics.

Original languageEnglish
Title of host publicationProceedings of the 2024 12th Workshop on Modeling and Simulation of Cyber-Physical Energy Systems (MSCPES)
PublisherIEEE
Number of pages6
ISBN (Electronic)979-8-3503-6284-8
ISBN (Print)979-8-3503-6285-5
DOIs
Publication statusPublished - 2024
Event12th Workshop on Modeling and Simulation of Cyber-Physical Energy Systems, MSCPES 2024 - Hong Kong, China
Duration: 13 May 202413 May 2024

Conference

Conference12th Workshop on Modeling and Simulation of Cyber-Physical Energy Systems, MSCPES 2024
Country/TerritoryChina
CityHong Kong
Period13/05/2413/05/24

Bibliographical note

Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care
Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.

Keywords

  • Cyber attacks
  • cyber security
  • cyber-physical power systems
  • event correlation
  • IEC 61850
  • image encoding

Fingerprint

Dive into the research topics of 'Towards Real-Time Distinction of Power System Faults and Cyber Attacks on Digital Substations Using Cyber-Physical Event Correlation'. Together they form a unique fingerprint.

Cite this