PMU Spoof Detection via Image Classification Methodology against Repeated Value Attacks by using Deep Learning

Abstract

Various devices and monitoring systems have been developed and deployed in order to monitor the power grid. Indeed, several real-world cyberattacks on power grid systems have been publicly reported. For the transmission and distribution, Phasor Measurement Units (PMUs) constitute the main sensing equipment of the overall wide area monitoring and situational awareness systems by collecting high-resolution data and sending them to Phasor Data Concentrators (PDCs). In this paper, we consider data spoofing attacks against PMU networks. The data between PMUs and PDC(s) are sent through the legacy networks, which are subject to many attack scenarios under with no, or inadequate, countermeasures in protocols, such as IEEE 37.118-2. We consider one potential attack, where an adversary may simply keep injecting a repeated measurement through a compromised PMU to disrupt the monitoring system. This attack is referred to as a Repeated Last Value (RLV) attack. We develop and evaluate countermeasures against RLV attacks using a 2D Convolutional Neural Network (CNN)-based approach, which operates in frames for each second mimicking images, in order to avoid the computational overhead of the classical sample-based classification algorithms, such as SVM. Further, we take this frame-based approach and use it with Support Vector Machine (SVM) for performance evaluation. Our preliminary results show that frame-based CNN as well as SVM provide promising results for RLV attacks while the efficacy of CNN over SVM frame becomes more pronounced as the attack intensity increases.