Enhanced Energy Management System Including Detection Mechanisms and Post-Attack Corrective Actions against Load-Redistribution Attacks

The fast growth of the power system industry and the increase in the usage of computerized management systems introduces more complexities to power systems operations. Although these computerized management systems help system operators manage power systems reliably and efficiently, they introduce the threat of cyber-attacks. In this regard, this dissertation focuses on the load-redistribution (LR) attacks, which cause overflows in power systems. Previous researchers have shown the possibility of launching undetectable LR attacks against power systems, even when protection schemes exist. This fact pushes researchers to develop detection mechanisms. In this thesis, real-time detection mechanisms are developed based on the fundamental knowledge of power systems, operation research, and machine learning. First, power systems domain insight is used to identify an underlying exploitable structure for the core problem of LR attacks. Secondly, a greedy algorithm’s ability to solve the identified structure to optimality is proved, which helps operators quickly find the best attack vector and the most sensitive buses for each target transmission asset. Then, two quantitative security indices are proposed and leveraged to develop a measurement threat analysis (MTA) tool. Finally, a machine learning-based classifier is used to enhance the MTA tool’s functionality in flagging tiny LR attacks and distinguishing them from measurement/forecasting errors. On the other hand, after acknowledging that an adversarial LR attack interferes with the system, establishing a corrective action is imperative to mitigate or remove the potential consequences of the attack. This dissertation proposes two corrective actions; the first one is developed based on the worst-case attack scenario, considering the information provided by the MTA tool. After The MTA tool flags an LR attack in the system, it should determine the primary target and other affected transmission assets, using which the operator can estimate the actual loads in the post-attack stage. This estimation is essential since the corresponding security constraints in the first corrective action model are modeled based on these loads. The second one is a robust optimization that considers various load scenarios. The functionality of this robust model does not depend on the information provided by the MTA tool and is more reliable.