Detection, Recognition, and Localization of Multiple Cyber/Physical Attacks through Event Unmixing

Similar documents
Detection, Recognition, and Localization of Multiple Attacks through Event Unmixing

Test Cases Library and Real-life Oscillation Examples

2012 Grid of the Future Symposium. Wide-Area Frequency Monitoring Network (FNET) Architecture and Applications

2006 IEEE TRANSACTIONS ON POWER SYSTEMS, VOL. 28, NO. 2, MAY 2013

Online Wide-Area Voltage Stability Monitoring and Control: RT-VSMAC Tool

Testing and Validation of Synchrophasor Devices and Applications

FNet and PMU Data Overview. Cause Analysis and Data Workshop

Online Oscillation Management at ISO New England

ROSE - Real Time Analysis Tool for Enhanced Situational Awareness

Real-time Monitoring of Power Oscillations and Modal Damping in the European ENTSO-E System

Real-Time Multiple Event Detection and Classification Using Moving Window PCA

Texas Reliability Entity Event Analysis. Event: May 8, 2011 Loss of Multiple Elements Category 1a Event

Noise-robust compressed sensing method for superresolution

Controlled Islanding Followed by Load Shedding Based on Rate of Frequency Decline

SuperOPF and Global-OPF : Design, Development, and Applications

VOLTAGE STABILITY OF THE NORDIC TEST SYSTEM

Advanced Techniques for Mobile Robotics Location-Based Activity Recognition

Measurement-Based Correlation Approach for Power System Dynamic Response Estimation

PRC Disturbance Monitoring and Reporting Requirements

FOUR TOTAL TRANSFER CAPABILITY. 4.1 Total transfer capability CHAPTER

ENHANCING AND EVALUATING SMART POWER DISTRIBUTION SYSTEM RELIABILITY: A DISTRIBUTED SENSOR MONITORING NETWORK APPROACH.

Measurement-based correlation approach for power system dynamic response estimation

FAULT DIAGNOSIS AND PERFORMANCE ASSESSMENT FOR A ROTARY ACTUATOR BASED ON NEURAL NETWORK OBSERVER

Chapter 2 Distributed Consensus Estimation of Wireless Sensor Networks

Electric Grid Monitoring using Synchrophasor Data

Security Enhancement through Direct Non-Disruptive Load Control

Use of Synchronized Phasor Measurements for Model Validation in ERCOT

Reliability Guideline: Generating Unit Operations During Complete Loss of Communications

On-line Event Location Determination and Reporting Using Distribution Level Synchro-Phasor Measurement

Industry Webinar. Reactive Power Planning. NERC System Analysis and Modeling Subcommittee (SAMS) March 2017

Fault Location Using Sparse Wide Area Measurements

Central Hudson Gas & Electric Corporation. Transmission Planning Guidelines

Wide-Area Measurement Application and Power System Dynamics

Testing model data usability Excitation Systems PSS Limiters

Transmission System Phase Backup Protection

Compressed Sensing for Multiple Access

Operationalizing Phasor Technology. Model Validation. Webinar. Ken Martin. March 4, Presented by. Page 0

RECENT developments have seen lot of power system

A GPU-Based Real- Time Event Detection Framework for Power System Frequency Data Streams

Stability Issues of Smart Grid Transmission Line Switching

ESB National Grid Transmission Planning Criteria

Optimal sizing of battery energy storage system in microgrid system considering load shedding scheme

Testing and Implementation of a Source Locating method at ISO New England

NYISO Situational Awareness Dashboard

Reliability Guideline: Generating Unit Operations During Complete Loss of Communications

Open Access Sparse Representation Based Dielectric Loss Angle Measurement

A New Control Theory for Dynamic Data Driven Systems

Optimal PMU Placement on Network Branches for Intentional Islanding to Prevent Blackouts

Smart Grid Panel Presentation

HeadScan: A Wearable System for Radio-based Sensing of Head and Mouth-related Activities

Open Access Research of Dielectric Loss Measurement with Sparse Representation

SONG RETRIEVAL SYSTEM USING HIDDEN MARKOV MODELS

Islanding and Detection of Distributed Generation Islanding using Negative Sequence Component of Current

An Adaptive Algorithm for Speech Source Separation in Overcomplete Cases Using Wavelet Packets

Introduction to micropmu. PSL Australasian Symposium 2017 September 29 Thomas Pua Product Engineer

Synchronous Measurement, Control, & Protection of Electric Power Systems. Dr. Edmund O. Schweitzer, III February 29, 2012

Adamantios Marinakis, Scientist, 12 th IEEE SB Power Engineering Symposium, Leuven, Enhancing Power System Operation with WAMS

Implementation of User Defined Models in a Real- Time Cyber Physical Test-Bed

Blind Single-Image Super Resolution Reconstruction with Defocus Blur

Reversible data hiding based on histogram modification using S-type and Hilbert curve scanning

Recovering Lost Sensor Data through Compressed Sensing

Under-Frequency Load Shedding based on PMU Estimates of Frequency and ROCOF

Energy-Based Damping Evaluation for Exciter Control in Power Systems

Interconnection-Wide Oscillation Analysis: Baselining Oscillation Modes in the North American Power System Objective Purpose

Bias Correction in Localization Problem. Yiming (Alex) Ji Research School of Information Sciences and Engineering The Australian National University

High-speed Noise Cancellation with Microphone Array

Real-time Visualization, Monitoring and Controlling of Electrical Distribution System using MATLAB

Oscillation Monitoring System - Damping Monitor -

l1-norm Minimization Based Algorithm for Non-Intrusive Load Monitoring

Application of Linear Spectral unmixing to Enrique reef for classification

GRID RELIABILITY MONITORING

Experiences of Using Synchrophasors at Duke Energy

Digital Image Processing. Lecture # 6 Corner Detection & Color Processing

Modern transformer relays include a comprehensive set of protective elements to protect transformers from faults and abnormal operating conditions

Designing Information Devices and Systems I Spring 2016 Official Lecture Notes Note 18

Linear State Estimation

Effect of Topology Control on System Reliability: TVA Test Case

AUTOMATED MUSIC TRACK GENERATION

Prediction of Missing PMU Measurement using Artificial Neural Network

Controlled Islanding Using Transmission Switching and Load Shedding for Enhancing Power Grid Resilience

Post-Event Analysis of a Compound Event in the ERCOT System Using Synchrophasor Data

IEEE Major Revision of Interconnection Standard

Massive Transient Stability Based Cascading Analysis and On-line Identification of Critical Cascades

Real Time Stability Analysis at Peak Reliability. Slaven Kincic, Hongming Zhang JSIS May 2017, SLC

A Software Tool for Real-Time Prediction of Potential Transient Instabilities using Synchrophasors

Object Recognition System using Template Matching Based on Signature and Principal Component Analysis

Oil metal particles Detection Algorithm Based on Wavelet

Indoor Localization based on Multipath Fingerprinting. Presented by: Evgeny Kupershtein Instructed by: Assoc. Prof. Israel Cohen and Dr.

Smart Grid Where We Are Today?

Dynamic Data-Driven Adaptive Sampling and Monitoring of Big Spatial-Temporal Data Streams for Real-Time Solar Flare Detection

Session 2: 10 Year Vision session (11:00-12:20) - Tuesday. Session 3: Poster Highlights A (14:00-15:00) - Tuesday 20 posters (3minutes per poster)

PROGRESSIVE CHANNEL ESTIMATION FOR ULTRA LOW LATENCY MILLIMETER WAVE COMMUNICATIONS

Multiresolution Analysis of Connectivity

TTC Study for: the PEGS-Ambrosia Lake 230 kv Line and the PEGS-Bluewater 115 kv Line

DISCRIMINANT FUNCTION CHANGE IN ERDAS IMAGINE

Slow Coherency Based Controlled Islanding in Large Power Systems

OFDM Pilot Optimization for the Communication and Localization Trade Off

Real-Time Face Detection and Tracking for High Resolution Smart Camera System

Endorsed Assignments from ERS Framework

Detection and Tracking of Mobile Events with Dynamic Signatures Using Mobile Sensors

Transcription:

Detection, Recognition, and Localization of Multiple Cyber/Physical Attacks through Event Unmixing Wei Wang, Yang Song, Li He, Penn Markham, Hairong Qi, Yilu Liu Electrical Engineering and Computer Science Department University of Tennessee Contact: Hairong Qi, hqi@utk.edu 1-1

Motivation and Challenge Objective To detect, recognize, and localize (both temporally and spatially) attacks from multiple sources using data collected from the ultra-wide-area monitoring network (e.g., FNET) Motivation Conventional power systems are designed to be robust to accidental failures (e.g., N-1, N-2, or even N-3 contingencies). Nevertheless, under the post 9/11 environment, simultaneous coordinated strikes become a realistic threat, which will lead to N-X operations under emergency. Researchers at the Trustworthy Cyber Infrastructure for the Power Grid (TCIP) Cyber Trust Center also reported [1] that through the usage of a commercially available Power simulator and publicly available power flow data, a small set of breakers was found whose tripping would lead to a blackout almost the scale of the August 2003 blackout. This will put the interconnected power network in a greater danger that the original power system planner had never envisioned. [1] W. H. Sanders, Building cyber-physical resiliency into the grid, IEEE-SA Computer Society Smart Grid Vision Workshop, August 8, 2011. 1-2

Background: Mixture and Unmixing Target detection at the subpixel level in remote sensing Speaker identification - The cocktail party problem Image restoration Heat source analysis from surface temperature evolution pattern in bulk metallic glass (BMG) Hidden weapon detection using terahertz images Upper platen BMG sample Lower platen 2 5 0 2 0 0 1 5 0 1 0 0 5 0 0 Event Unmixing 1-3

Rationale Event Unmixing Events seldom occur in an isolated fashion. Cascading events are more common and realistic which create multiple disturbances. The electromechanical waves generated from multiple disturbances will interfere with each other and the measurements taken at an FDR would more than likely be a mixture. Linear mixture analysis has been widely used due to its effectiveness and simplicity, where the sensor readout at a single location is given by x=as+n x: an l-element column vector, the measured mixture or observation A: an lxc source matrix with each column indicating a root event signature s: a cx1 column vector or abundance vector, indicating the mixing coefficients satisfying certain constraints n: the noise vector If given A, i.e., the signature matrix, s is traditionally estimated using methods such as Unsupervised Fully Constrained Least Squares (UFCLS) or Nonnegatively Constrained Least Squares (NCLS). Event detection can be conducted by identifying the event signature with a non-zero (or comparatively larger) corresponding abundance. The problems in traditional abundance estimation methods include The estimated abundance may have values on each signature not suitable for rare event detection Very computationally intensive 1-4

Initial Trial x=as+n Unsupervised unmixing using minimum volume constraints, J(A) Failed! What are the challenges? The construction of signature matrix, A The dynamics of cascading events What is a good constraint? The sparsity constraint Signature training and learning 1-5

Root Event Signatures Generator trip (gt) Line trip (lt) Load drop (ld) Oscillation 1-6

Algorithm - Sparsity-constrained Unmixing x=as+n Abundance estimation via sparse coding The sparse coding formulation (an NP-hard problem): minimize the number of non-zero elements in s while s is subject to the least-square constraint min s 0 s.t. As - X 2 2 e If s is sufficiently sparse, we can solve for s by instead minimizing the l 1 -norm min s 1 s.t. As - X 2 2 e Feature sign search is used to solve the optimization problem s = argmin s 2 X - As 2 + l s 1 1-7

Sparsity-constrained Unmixing Dictionary Construction Signature dictionary learning Design an overcomplete dictionary that incorporates temporal information Training root event signature (done offline) Generator trip (547 from EI, 415 from WECC, 189 from ERCOT) and load shedding (160 from EI, 346 from WECC) data are retrieved from the FNET database Since FNET doesn t detect line trips yet, we use PSS/E to generate signatures for line trips. A 16,000-bus model of the EI was used for simulation. Approximately 75 buses corresponding to actual FDRs were selected as the measurement points, and lines adjacent to these buses were tripped one at a time (257 training cases) K-mean clustering is used to extract 6 (i.e., k=6) representing root event signatures for each event from all the above training cases 1-8

Signatures Learned 1-9

Dictionary Construction Cont Construction of overcomplete dictionary - Temporal span of root event signature (done online) For each root event signature learned above (6 for each of the three events), time-shift the signature by 0.1t seconds, t =1,...,200, to the right to generate all possible occurrence time of that event. Note that the interval 0.1 second can be changed with higher resolution, e.g., 0.01 second, which means the algorithm can resolve multiple events occurred at a finer scale. 1-10

Results Simulated Events The model: A 23-bus model supplied from PSS/E is used. The model represents a small power system with 3,200 MW of load. The system contains several different voltage levels ranging from 13.8 kv at the generator buses to 500 kv at the transmission buses. It represents a variety of generation sources including nuclear, thermal, and hydro. Root event signatures: since this is a small power grid, we simply extracted 5 generator trip signatures (gt), 3 line trip generators (lt), and 5 load drop signatures (ld) to form the root event signature matrix Both single event and multiple event detections are accurate in terms of both detection and temporal localization Single event detection Multiple event detection Single event of gt101 (1 st sec) Two cascading events of gt101 (1 st sec) and gt3011 (15 th sec) Single event of lt152-153 (1 st sec) Two cascading events of gt101 (1 st sec) and lt3004-3005 (15 1-11 th sec) Left: original signal vs. reconstructed signal. Mid: sparse coefficient or abundance. Right: event type detection

Simulation Single Event Single event of gt101 (1 st sec) Single event of lt152-153 (1 st sec) 1-12

Simulation Multiple Events Two cascading events of gt101 (1 st sec) and gt3011 (15 th sec) 1-13 Two cascading events of gt101 (1 st sec) and lt3004-3005 (15 th sec) 1-13

Results Real Case (Single Event) Single Event Detection and Temporal Localization - One single generator trips were successfully detected from 10 out of 10 FDRs. - Each FDR detected the events with different time delay which can be further utilized for event localization purpose. Event detection on FDR 2: one event is detected and temporally localized as the occurring time of the largest coefficient. Plots of 10 raw FDR signals without denoising. Temporally localized on different FDRs! Why different occurring time? The FDRs will receive event wave at different time. The delays are very important for spatial localization! 1-14

Results Real Case (Multiple Events) Multiple Event Detection and Temporal Localization - Two generator trips (event3 and event4) were successfully detected from 16 out of 18 FDRs and two line trips were successfully detected from 17 out of 18 FDRs. - Each FDR detected the events with different time delay which can be further utilized for event spatial localization purpose. Event detection on FDR 14 Plots of 18 raw FDR signals without denoising. (Denoising is necessary before performing event detection algorithm!) Each individual event is temporally localized on different FDRs! 1-15

Event Spatial Localization Traditional Localization Method - Wave-front Arrival Time (detected based on an empirical threshold!) Wave-front Arrival Time! [3] - Geographic and Geometrical Triangulation [3]. Assumption: the time delay is linearly related to the distance between the FDR location and the event location. [3] T. Xia, H. Zhang, R. Gardner, J. Bank, J. Dong, J. Zuo, Y. Liu, L. Beard, P. Hirsch, G. Zhang, and R. Dong, Wide-area frequency based event location estimation, in Power Engineering Society General Meeting, IEEE, 2007, pp. 1 7. 1-16

Event Spatial Localization Limitations of Traditional Localization Method * Only can handle single event, cannot discriminate multiple events involved cascading event! * The wave-front arrival time is not accurate enough for spatial localization! Advantages of the Proposed Event Unmixing Algorithm * Can unmix each individual single event from a mixture signal that multiple events cascadingly involved! * The detected occurring time of each individual event should be more stable! (More robust to noise and more accurate) Triangulation * Use the same triangulation algorithm but with good spatial localization performance. 1-17

Event Spatial Localization Single Event Localization error: 60 miles

Event Spatial Localization Example of a Multiple-Event Individual Event Separation Apply Wave-front arrival detection on each individual event 1-19

Event Spatial Localization Multiple Event Localization error: GT (105 mi), LT (122 mi) 1-20

Challenge of LTB Similarity: Different disturbances may cause the similar reaction on certain buses Ground truth: a line trip between bus 91-93 Ground truth: a load drop on bus 3 Ground truth: a generator trip on bus 92 1-21

New idea Trip a generator on bus 21 Selection/ /Mean Signal on each bus, NPCC grid with 140 buses Cluster Signal on each bus, NPCC grid with 140 buses

New idea Basic idea: Unmixing/sparse coding is based on a group signals instead of a single signal. D D 1-23

Experiment results Comparison: previous strategy and new strategy ( different signal extraction methods and different spares coefficient analysis method) 1-24

A case study (GT+LT) NSEU result CSC result 1-25

A case study (LS+LS+LS) 1-26

Effect of different time span 1-27

Effect of window size real-time response 1-28

Potentials and future works Line trip detection Differentiating line trip from oscillation Deep learning-based recognition? Cross area event identification HTB demonstration 1-29

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback