Distributed Quickest Detection of Cyber-Attacks in Smart Grid

In this paper, online detection of false data injection attacks and denial of service attacks in the smart grid is studied. The system is modeled as a discrete-time linear dynamic system and state estimation is performed using the Kalman filter. The generalized cumulative sum algorithm is employed for quickest detection of the cyber-attacks. Detectors are proposed in both centralized and distributed settings. The proposed detectors are robust to time-varying states, attacks, and set of attacked meters. Online estimates of the unknown attack variables are provided, that can be crucial for a quick system recovery. In the distributed setting, due to bandwidth constraints, local centers can only transmit quantized messages to the global center, and a novel event-based sampling scheme called level-crossing sampling with hysteresis is proposed that is shown to exhibit significant advantages compared with the conventional uniform-in-time sampling scheme. Moreover, a distributed dynamic state estimator is proposed based on information filters. Numerical examples illustrate the fast and accurate response of the proposed detectors in detecting both structured and random attacks and their advantages over existing methods.