A statistical unsupervised method against false data injection attacks: A visualization-based approach

To achieve intelligence in the future grid, a highly accurate state estimation is necessary as it is a prerequisite for many key functionalities in the successful operation of the power grid. Recent studies show that a new type of cyber-attack called False Data Injection (FDI) attack can bypass bad data detection mechanisms in the power system state estimation. Existing countermeasures might not be able to manage topology changes and integration of distributed generations because they are designed for a specific system configuration. To address this issue, an unsupervised method to distinguish between attack and normal patterns is proposed in this paper. This method can detect FDI attacks even after topology changes and integration of renewable energy sources. In this method, we assume that injecting false data into the power systems will lead to a deviation in the probability distribution of the state vector from the normal trend. The main phases of the proposed algorithm are: (1) Normalizing the dataset, (2) Adding several statistical measures as the new features to the dataset to quantify the probability distribution of the state vectors, (3) Employing principal component analysis to reduce the dimensionality of the dataset, (4) Visualizing the reduced data for humans and exploiting their creativity to detect attacks, and (5) Locating the attacks using Fuzzy C-means clustering algorithm. The proposed method is tested on both the IEEE 14-bus and IEEE 9-bus systems using real load data from the New York independent system operator with the following attack scenarios: (1) attacks without any topology change, (2) attacks after a contingency, and (3) attacks after integration of distributed generations. Experimental results show that our proposed method is superior to the state-of-the-art classification algorithms in dealing with changes. In addition, the reduced data which is helpful in distinguishing between attack and normal patterns can be fed into an expert system for further improvement of the security of the power grid. (C) 2017 Elsevier Ltd. All rights reserved.