Smart PV Inverter Cyberattack Detection Using Hardware-in-the-Loop Test Facility
This paper evaluates residential smart photovoltaic (PV) inverters’ responses to cyberattacks and assesses the performance of an intrusion detection strategy for smart grid devices by comparing timeseries power flow results from a simulation application called Faster Than Real-Time (FTRT) Simulator...
- Autores:
-
Kaewnukultorn, Thunchanok
Sepúlveda, Sergio
Broadwater, Robert
Tsoutsos, Nektarios Georgios
Hegedus, Steven
- Tipo de recurso:
- Article of journal
- Fecha de publicación:
- 2023
- Institución:
- Universidad Francisco de Paula Santander
- Repositorio:
- Repositorio Digital UFPS
- Idioma:
- eng
- OAI Identifier:
- oai:repositorio.ufps.edu.co:ufps/6809
- Acceso en línea:
- https://repositorio.ufps.edu.co/handle/ufps/6809
- Palabra clave:
- Smart inverters
cyberattacks
hardware-in-the-loop laboratory
grid supporting function
cyberattack detection
- Rights
- openAccess
- License
- https://creativecommons.org/licenses/by-nc-nd/4.0/
Summary: | This paper evaluates residential smart photovoltaic (PV) inverters’ responses to cyberattacks and assesses the performance of an intrusion detection strategy for smart grid devices by comparing timeseries power flow results from a simulation application called Faster Than Real-Time (FTRT) Simulator to measurements from a Power Hardware-in-the-Loop (P-HIL) laboratory as a testbed. Twenty different cyberattacks from three classes - Denial of Service (DoS), Intermittent attack, and Modification - were designed and tested with grid-tied smart inverters in order to study the inverters’ responses to malicious activities. The intrusion detection strategy was developed using a comparison between the predicted PV power output from FTRT and the power flows measured from P-HIL laboratory through the API interface. Real and reactive power thresholds were assigned based on a number of repeated experiments to ensure the applicability of the thresholds. The results showed that inverters from different manufacturers have their own unique responses which could be detected by the power flow measurements. Our detection method could identify over 94% of actual malicious actions and 7.4% of no-attack hours are detected as false positives. Out of 38 under-attack hours, 2 undetected hours are due to the intermittent attacks. Different attacks can be detected based on the targeted components of the complex power that attackers are aiming to cause disturbances. Our findings additionally show that DoS can be noticed immediately after the devices have been sabotaged, and they can be detected from the active power analysis. However, modification attack detection will depend more on the reactive power measurements, while intermittent attacks remain the most challenging for the proposed detection method since the objective of intermittent attacks is to create an oscillation of the complex power components which need a relatively high time resolution for the measurement. |
---|