1 / 32

Spoofing State Estimation

Spoofing State Estimation. William Niemira. Overview. State Estimation DC Estimator Bad Data Malicious Data Examples Mitigation Strategies. State Estimation. Finite transmission capacity Economic and security aspects must be managed Contingency analysis Pricing Congestion management

cutler
Download Presentation

Spoofing State Estimation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Spoofing State Estimation William Niemira

  2. Overview • State Estimation • DC Estimator • Bad Data • Malicious Data • Examples • Mitigation Strategies

  3. State Estimation Finite transmission capacity Economic and security aspects must be managed Contingency analysis Pricing Congestion management Accurate state information needed

  4. State Estimation • Networks are large • Thousands or tens of thousands of buses • Large geographical area • Many measurements to reconcile • Different types • Redundant • Subject to error

  5. State Estimation • State estimation uses measurement redundancy to improve accuracy • Finds best fit for data • Differences between measures and estimates can indicate errors

  6. DC Estimator • Overdetermined system of linear equations • Solved as weighted-least squares problem • Assumes: • Lossless branches (neglects resistance and shunt impedances) • Flat voltage profile (same magnitude at each bus) • Reduces computational burden

  7. DC Estimator • is the vector of n states • is the vector of m measurements • is the m x n Jacobian matrix • is an m vector of random errors

  8. DC Estimator • Residual vector • Estimated as where • Minimize: • Where is a diagonal matrix of measurement weights

  9. DC Estimator • Differentiate to obtain • Where is the state estimate and is the state estimation gain matrix • Bad data assumed if where is some tolerance

  10. 1-Bus Example PG = PGmeas PL1 = PL1meas – PL1 – PG = PL2meas

  11. 1-Bus Example For variances of 0.004, 0.001, and 0.001 for PGmeas, PL1meas , PL2meas respectively

  12. 1-Bus Example

  13. 3-Bus Example – 50 θ2 – 100 θ3 = P1meas 150 θ2 – 100 θ3 = P2meas – 100 θ2+ 200 θ3= P3meas – 100 θ3 = P13meas

  14. 3-Bus Example

  15. 3-Bus Example

  16. Bad Data • Bad data usually consists of isolated, random errors • These types of errors tend to increase the residual • Measurements with large residuals can be omitted to check for better fit • Works well for non-interacting bad measurements

  17. 1-Bus Example Good Data Bad Data

  18. Malicious Data • Malicious data (data manipulated by an adversary) need not be isolated or random • Adversary may inject multiple coordinated measurement errors • Errors could interact with each other or other measurements • Could change without increasing

  19. Attack Formation • Given: • Attacked measurement vector • Attack vector • Estimated states due to attack • Clever adversary chooses

  20. 1-Bus Example PG = PGmeas PL1 = PL1meas – PL1 – PG = PL2meas

  21. 1-Bus Example Unobservable attack vectors: Any linear combination of

  22. 1-Bus Example Unattacked Attacked

  23. For Real? • In practice, state estimators are more complicated than previous examples • Assumed strong adversary: • Has access to topology information • Has some means to change measurements • Why would someone do this? • Simulate congestion—could affect markets • Reduce awareness of system operator

  24. AC Estimator • AC model accounts for some effects neglected in the DC model • Attacks as generated earlier will affect residual • Attack may not have effect intended by adversary

  25. AC Estimator • is the vector of n states • is the vector of m measurements • is nonlinear vector function relating measurements to states • is an m vector of random errors

  26. AC Estimator • Solved using Gauss Newton method • Gain matrix: • is diagonal matrix of variances • Estimation procedure:

  27. AC Estimator • DC approximation is pretty good • Harder to detect attack than random error • Relatively large attacks may escape detection • Grid state affects quality of DC attack

  28. Detection • Focus on quantities neglected by DC model (VARs) • VARs tend to be localized • AttackLosses changeVAR flow and generation changes

  29. Detection • Alternative approach is to estimate parameters simultaneously with states • Augment state vector with known parameters • Compare known values to parameter estimates to find bad data

  30. Detection • Choose something known to the control center but not an attacker • Example: TCUL xformer tap position, D-FACTS setting • Attacks will perturb parameter estimates

  31. Conclusions • State estimators, even nonlinear estimators, are vulnerable to malicious data • Malicious data is different from conventional bad data • Nonlinearity effects of the attack may be detectable • Parameter estimation can verify data

  32. Questions? Thank you!

More Related