Abstract

A systematic method for the detection of attacks against sensors of the power grid is developed using Kalman filtering and statistical decision making criteria. The Kalman filter is used as a virtual sensor that emulates the functioning of the grid's sensors in the fault-free mode. The output of the Kalman filter is compared against the output of the real sensors and the resulting differences generate the residuals' sequence. The square of the residuals' vector, weighted by the inverse of the associated covariance matrix is a random variable that follows the χ <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">2</sup> distribution. This variable can serve as a statistical test about the deviation of the sensors functioning from the normal mode. By exploiting the properties of the χ <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">2</sup> distribution and by using the confidence intervals approach, one can define thresholds against which the value of the statistical test is compared. If these thresholds are exceeded by the value of the statistical test, then it can be inferred that the sensors' functioning is abnormal. By applying the statistical test on clusters of sensors, one can find sections of the power grid, which have been exposed to the attack. In addition, by applying the statistical test at each individual sensor, one can isolate the compromised sensors. Finally, by redesigning the Kalman filter as a disturbance observer, it is possible to estimate the additive disturbance inputs that affect the sensors. This information may indicate whether the deviation of the sensors functioning from normal has been the result of an attack to the grid by intruders.