Hello, if you have any need, please feel free to consult us, this is my wechat: wx91due

ACS6016 Cybersecurity for Control Systems
Spring 2025

General Aim

The general aim of this laboratory assignment is to detect and characterize attacks on the state estimator of an IEEE test power system.

Learning Objectives

After completing this laboratory assignment you should be able to:

Generate the observation data produced by the IEEE test system.
Perform state estimation and bad data detection on the IEEE test system.
Detect and characterize unstructured attacks on the state estimator of the IEEE test system.
Detect and characterize false data injection attacks on the state estimator of the IEEE test system.

Assignment Weighting

This laboratory assignment is marked out of 100 and constitutes 25% of final module mark.
Laboratory assignment mark breakdown: 25 marks per exercise.

Assignment Due

The due date is 17:00 BST, April 14, 2025 17:00 BST, April 28, 2025. The submission will be done via the Turnitin assignment link on Blackboard.

Penalties for Late Submission

Late submissions will incur the usual penalties of a 5% reduction in the mark for every working day (or part thereof) that the assignment is late and a mark of zero for submission more than 5 working days late. For more information see http://www.sheffield.ac.uk/media/10390/download

Requirements for Report

Page Limit: 4 pages excluding Matlab code. Any excess pages will not be assessed.
Include an appendix with all Matlab code used for producing the numerical results and comment it. The code included in the report will not count towards the page limit.
It is recommended to submit the report in PDF format.

Figure 1: Diagram of the IEEE 30 bus test system operated by the regional energy company.

Derivation of the Linear Observation Model for the Power System

A power system consists of n ∈ N buses and k ∈ N branches. Figure 1 depicts the IEEE 30 bus test system operated by a regional energy company that hires you as a consultant. The state of bus i with i = 1, . . . , n is determined by the voltage Vi ∈ R and the angle θi ∈ R of the phasor. Voltage and the angle measurements are not available because sensors that measure these physical magnitudes are difficult to implement. Instead, the sensors measure the power injected to each bus and the power that flows through each branch. In particular, the real power flow and the reactive power flow are given by

where Yij = |Yij |∠δij = Gij +jBij is the impedance of the branch connecting bus i and bus j. The power injection equations are given by

where Li denotes the set of indices of the buses connected to bus i.

In this lab we adopt a DC state estimation framework, and therefore, the phase angles of the buses in the system are the state variables to be estimated. The measurements are chosen to be the net real power injections at each bus and the real line flow at each branch. The resulting observation model is given by

where the vector of the measurements is composed of three components, the vector of net power injection at each bus, i.e. Pinj ∈ R, the vector of real line flow at each branch from bus i to bus j, i.e. Plineflow ∈ R, and the vector of real line flow at each branch from bus j to bus i, i.e. −Plineflow.

As a result, for a power system of n buses and k branches, the vector of state variable is of dimension (n − 1) × 1, because the phase angle of the reference bus is set to 0. The vector of the measurements is of dimension n + 2k.

Dataset Description

The state estimation procedure of the power system follows a linearized observation model given by Y m = HXn + Z m, where Y m is the vector of m ∈ N observations acquired by the SCADA system, Xn is the vector of state variables, Z m ∼ N (0, σ2 I) is the observation noise, and H ∈ Rm×n is the Jacobian observation matrix. Notice that following the description above, the realizations of the state variables Xn are the realizations of the the angles of the phasor, i.e. x = θ. The company operates with least squares estimation and residual testing for bad data detection.

Security Analysis Request

The security team of the company has recently reported four anomalous events classed as security inci dents that affect the state estimator of the power system and they have hired you to shed some light on them. Your job is to to analyze the data of each incident, decide whether the state estimator was attacked during those anomalous events, and to characterize the impact of the potential attacks on the state estimator. To provide you with a reference of normal operation conditions, the company has provided you with the data set ‘PS dataset clean.mat’ consisting of 105 SCADA observation realizations under normal operation and the Jacobian of the system contained in ‘H IEEE 30.mat’.

In addition, the operation parameters of state estimator under normal operation are:

The standard deviation of the observation noise introduced by the sensors is σ = 0.7.
The state variables follow a Gaussian distribution Xn ∼ N (0, Σ). The covariance matrix Σ ∈ S++ n is a Toeplitz matrix.
The number of state variables describing the system is n = 29.
The number of sensors in the system is m = 112.
The residual test operates with a threshold value of τ = 80.

Exercise 1 (25 marks)

The observation data corresponding to Incident I is available in data set PS dataset 1.mat. The incident was reported when an employee found a USB stick of unknown origin on the RTU of a substation. Decide if the dataset exhibits any evidence of attack on the state estimator. If the data suggests an attack characterize the impact of the attack on the state estimator. Support your claim by providing quantitative evidence based on the data.

Exercise 2 (25 marks)

The observation data corresponding to Incident II is available in data set PS dataset 2.mat. The incident report was triggered by the unusually poor performance of the state estimator during the period captured in the dataset. The sensing hardware equipment of the power system was checked and did not show any signs of physical tampering or the observation noise was σ = 0.7 throughout the data capture of the data set. Decide if the dataset exhibits any evidence of attack on the state estimator. If the data suggests an attack characterize the impact of the attack on the state estimator. Support your claim by providing quantitative evidence based on the data.

Exercise 3 (25 marks)

The observation data corresponding to Incident III is available in data set PS dataset 3.mat. The state estimator produced an estimate that placed the power system into unsafe operation, and therefore, the functioning of the power system was stopped due to safety concerns. As a result, an incident was logged and the system is halted pending further investigation of the data. Decide if the dataset exhibits any evidence of an attack on the state estimator and if the data suggests an attack presence characterize

the impact of the attack on the state estimator. Identify the state variable estimate(s) that lie outside normal operation bounds. Support your claim by providing quantitative evidence based on the data.

Exercise 4 (25 marks)

The observation data corresponding to Incident IV is available in data set PS dataset 4.mat. The state estimator performance was satisfactory at the beginning of the time period capture in the data set but performance was reported to degrade halfway through the data set. An incident was logged due to the decrease in estimation performance. Decide if the dataset exhibits any evidence of an attack on the state estimator and if the data suggests an attack presence, characterize the impact of the attack on the state estimator. Identify the realizations in the data set that lie outside normal operation bounds. Support your claim by providing quantitative evidence based on the data.

文章

ACS6016 Cybersecurity for Control Systems Spring 2025