An Online Approach to Covert Attack Detection and Identification in Power Systems

The development of information technology and digital control systems has posed an inevitable trend of interconnectivity and wirelessness of data communications in power systems. As a result, the cybersecurity of power systems has been raising concerns over the past decades. Yet the complexity of power systems and their conventional designs with local and wide area network communications has posed increasing vulnerability to cyberattacks. Among the types of cyberattacks, data integrity attacks can be more harmful to power systems, especially power transmission systems, through malicious manipulation of measurement and control data to cause damage to the physical system. As the sophistication of cyberattacks increases, certain cyberattacks can successfully bypass traditional intrusion detection systems, which calls for better design of detection schemes. On the other hand, in a large-scale network, attack identification for a power system is as important as attack detection. In this paper, we develop an online approach based on the Sparse Group Lasso to detect and identify the location of a typical type of data integrity attack named covert attacks on power transmission systems. We provide the theoretical foundation of the proposed method with a simplified linear system model and extend the method to nonlinear systems. We validate the performance of our method on both linear and nonlinear system settings with a comprehensive numerical study.