Cyber Inference System for Substation Anomalies Against Alter-and-Hide Attacks

Alarms reported to energy control centers are an indication of abnormal events caused by either weather interruptions, system errors, or possibly intentional anomalies. Although these initiating events are random, e.g., faults on transmission lines struck by lightning, the existence of electronically altered measurements may implicate the process to identify root causes of abnormal events. This paper is concerned with alter-and-hide (AaH) attacks by tampering the actual measurements to normal states with the background of disruptive switching actions that hide the true values of local events from operators at the control center. A cyber inference system framework is proposed to synthesize all sequential, missing, or altered alarms of related substations against AaH attacks. The stochastic nature of such attack events is modeled with probabilities as an integer programming problem with multiple scenarios. The proposed method is utilized to verify alarm scenarios for a conclusion of the potential AaH attacks on the substations.