A Hierarchical Multi-Agent Based Anomaly Detection for Wide-Area Protection in Smart Grid

Future smart grid capabilities provide assurance to expand the advanced information and communication technologies to evolve into densely interconnected cyber physical system. Remedial Action Scheme (RAS), widely used for wide-area protection, relies on the interconnected networks and data sharing devices, which are exposed to the multitude of vulnerabilities. This paper presents our proposed approach to developing multi-agent based RAS scheme against the system-aware stealthy cyber-attacks. Specifically, we propose the two-level hierarchical architecture which consists of distributed local RAS controllers (RAScs) as local agents, operating at different zones/ areas, which are constantly monitored by an overseer, the central agent. The local controllers receive local and randomly changing outside zonal measurements and cyclically forwards to the overseer. The overseer identifies the corrupted controller using the anomaly detection algorithm which processes the measurements coming from the local controllers, compute measurement errors using local and outside zonal measurements, perform validation checks, and finally detect anomalies based on the two-step verification. Next, as a proof of concept, we have implemented and validated the proposed methodology in cyber physical environment at Iowa State’s PowerCyber testbed. We have also implemented the coordinated attack vectors which involve corrupting the local controller and later performing stealthy attacks on the system’s generator. We have evaluated its performance during the online testing in terms of detection rate and Iatency. The experimental results show that it is efficient in detecting different classes of attacks, including ramp and pulse attacks.