Smart PV Inverter Cyberattack Detection Using Hardware-in-the-Loop Test Facility

This paper evaluates residential smart photovoltaic (PV) inverters’ responses to cyberattacks and assesses the performance of an intrusion detection strategy for smart grid devices by comparing timeseries power flow results from a simulation application called Faster Than Real-Time (FTRT) Simulator...

Full description

Autores:
Kaewnukultorn, Thunchanok
Sepúlveda, Sergio
Broadwater, Robert
Tsoutsos, Nektarios Georgios
Hegedus, Steven
Tipo de recurso:
Article of journal
Fecha de publicación:
2023
Institución:
Universidad Francisco de Paula Santander
Repositorio:
Repositorio Digital UFPS
Idioma:
eng
OAI Identifier:
oai:repositorio.ufps.edu.co:ufps/6809
Acceso en línea:
https://repositorio.ufps.edu.co/handle/ufps/6809
Palabra clave:
Smart inverters
cyberattacks
hardware-in-the-loop laboratory
grid supporting function
cyberattack detection
Rights
openAccess
License
https://creativecommons.org/licenses/by-nc-nd/4.0/
Description
Summary:This paper evaluates residential smart photovoltaic (PV) inverters’ responses to cyberattacks and assesses the performance of an intrusion detection strategy for smart grid devices by comparing timeseries power flow results from a simulation application called Faster Than Real-Time (FTRT) Simulator to measurements from a Power Hardware-in-the-Loop (P-HIL) laboratory as a testbed. Twenty different cyberattacks from three classes - Denial of Service (DoS), Intermittent attack, and Modification - were designed and tested with grid-tied smart inverters in order to study the inverters’ responses to malicious activities. The intrusion detection strategy was developed using a comparison between the predicted PV power output from FTRT and the power flows measured from P-HIL laboratory through the API interface. Real and reactive power thresholds were assigned based on a number of repeated experiments to ensure the applicability of the thresholds. The results showed that inverters from different manufacturers have their own unique responses which could be detected by the power flow measurements. Our detection method could identify over 94% of actual malicious actions and 7.4% of no-attack hours are detected as false positives. Out of 38 under-attack hours, 2 undetected hours are due to the intermittent attacks. Different attacks can be detected based on the targeted components of the complex power that attackers are aiming to cause disturbances. Our findings additionally show that DoS can be noticed immediately after the devices have been sabotaged, and they can be detected from the active power analysis. However, modification attack detection will depend more on the reactive power measurements, while intermittent attacks remain the most challenging for the proposed detection method since the objective of intermittent attacks is to create an oscillation of the complex power components which need a relatively high time resolution for the measurement.