See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/339508847

Wide Area Situational Awareness Using Data Analytics for Smart-grids Under
Cyber and Physical Stresses

Thesis · February 2019

DOI: 10.13140/RG.2.2.31902.89923

CITATIONS READS

0 18

1 author:

Md Jakir Hossain
University of South Florida
18 PUBLICATIONS   81 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Renewable Energy View project

Electric Vehicles (EV) View project

All content following this page was uploaded by Md Jakir Hossain on 02 March 2020.

The user has requested enhancement of the downloaded file.

Wide Area Situational Awareness Using
Data Analytics for Smart-grids Under
Cyber and Physical Stresses

For fulfillment of
DOCTORAL QUALIFYING EXAMINATION
In Department of Electrical Engineering
University of South Florida

Student Name: Md Jakir Hossain

Major Advisor: Dr. Mahshid Rahnamy Naeini
Committee Chair: Dr. Yasin Yilmaz
Committee Member: Dr. Ismail Uysal
Abstract
Wide area situational awareness (WASA) comprises on automatic prevention, perception and restorative
actions of any kind of anomalies directed towards smartgrid. Thus, to ensure proper WASA it is customary
to make available the status information of the grid to control center, such that detected anomalies
immediately addressed. Since the smartgrid relies on deep integrated of cyber components which provide
invaluable opportunities for a more secure and reliable operation of smartgrid. But also, the critical
interdependency of power grids on the cyber components, modern power grids exhibit new
vulnerabilities to cyber and physical attacks. For instance, the immense volume of energy data collected
by various sensors, such as Phasor Measurement Units (PMUs), provide new opportunities for detecting,
estimating and predicting various events in the system using data analytics techniques and machine
learning. Understanding the nature of attacks and exploiting the vulnerabilities towards it is very
important to design proper defense against ever increasing cyber and physical stresses on the smartgrid.
The paper presented in this report intended to utilize this immense volume of PMU measurement data
and processing and quizzing out potential information using various advanced data analytics techniques
to design efficient defense mechanism against cyber and physical stresses. Thus ensuring sufficient
situational awareness for the smartgrid.
Table of Contents:

1. Introduction to Situational Awareness.…………………………………………………………………………………………01

1.1. Introduction ……………………………………………………………………………………………………………………………01
1.2. Wide area Situational Awareness (WASA)……………………………………………………………………………….02
1.3. Vulnerability Analysis to Ensure Situational Awareness ………………………………………………………….05
1.4. Conclusion ………………………………………………………………………………………………………………………………05
2. Modeling and Detecting Cyber and Physical Stresses …………….……………………………………………………..06
2.1. Introduction ……………………………………………………………………………………………………………………………06
2.2. Physical Stresses ……………………………………………………………………………………………………………………..07
2.3. Cyber Stresses …………………………………………………………………………………………………………………………10
2.4. Combined Cyber and Physical Stresses …………………………………………………………………………………..12
2.5. Conclusion ………………………………………………………………………………………………………………………………13
3. State Estimation Under Cyber and Physical Stresses…………………….……………………………………………….14
3.1. Introduction…………………………………………………………………………………………………………………………….14
3.2. State Estimation………………………………………………………………………………………………………………………14
3.2.1 Static State Estimation………………………………………………………………………………………………..14
3.2.2 Dynamic State Estimation……………………………………………………………………………………………16
3.3 State Estimation Under Cyber and Physical Stresses……………………………………………………………….18
3.4 Conclusion………………………………………………………………………………………………………………………………22
4 Conclusion and Research Plan…………..………………………………………………………………………………………….23
4.1 Research Work………………………………………………………………………………………………………………………..23
4.1.1 Cyber-Physical Attack Model……………………………………………………………………………………..23
4.1.2 Case Study…………………………………………………………………………………………………………………25
4.2 Research Plan………………………………………………………………………………………………………………………….28
4.3 Conclusion……………………………………………………………………………………………………………………………….28
References…………………………………………………………………………………………………………………………………………….29
 Page |1

Chapter 1: Introduction to Situational

Awareness

1.1 Introduction
The idea of situational awareness (SA) has been extensively utilized in many sectors such as, business
models, and military domains and the aviation, much of the research on the implementation of SA has
been performed in that framework. The idea of situational awareness in power system is newly adapted
because it could be a crucial aspect in conserving power system security, because it allows effective and
sensible decision-taking and responses by the control center to an occurrence.

One of the most popular definition of situational awareness is, “the perception of the elements in an
environment within a volume of time and space, the comprehension of their meaning and the projection
of their status in the near feature” [1,2,4]. Thus, the concept of situational awareness is subdivided into
three major components 1) Perception or Prevention, 2) Comprehension or Response, 3) Projection or
Restoration. Figure 1.1 representing these three major components of situational awareness

Figure 1.1: Situational awareness in decision making process and actions implementation of power
system [2].

Since the idea of situational awareness is still new in the cyber-physical systems like modern power
grids (Smart-grid), much more active research is still needed to achieve adequate level of situational
awareness. Figure 1.2 shows the required information to achieve situational awareness in the power
system. Many active researches have already been going on in this domain, researchers like Panteli et al.
[1] had reviewed the basics of SA and then discussed the core foundations of control centers faults
because of inadequate SA in power systems and how these affects the functioning decision-taking
procedure. They also discuss elements and standards that can help system control center recover their
level of SA. Additionally, they have proposed a generic method for attaining enough SA, which focuses to
lead the strategy of an information system which is both technology- and user-oriented. Another article
from the same author [2] identified plentiful aspects that governs the foundation of SA in the grid control
center. They had also proposed a multi-state scheme constructed on Markov modeling for weighing the
effect of inadequate SA on the likelihood of power system blackouts. The presented framework
contemplates the level of SA and the status of the information infrastructure. The mechanisms of this
framework were also evaluated using the IEEE 24-bus Reliability Test System.
 Page |2

Current weights on SA in the electricity transmission and distribution industry have emphasized the
absence of sufficient situational awareness related research in this field. This lack of research has drawn
attention of numerous administrations, leading to the expansion of new reactive reserve monitoring tools,
visualization systems, and commercial energy management systems designed to backing transmission and
distribution operatives in anticipating, predicting, monitoring, and averting probable glitches that could
induce serious blackouts. The vital component in each of these endeavors is an attentive struggle on
sensing and improving situational awareness in control centers. The electricity transmission and
distribution sector offer several vantage points upon which operator situational awareness may be
enhanced. The electricity transmission and distribution companies continue to seek a solution to its SA
gap. Endsley et. Al. [4] described work in their paper that aids to recognize parts where situational
awareness requirements are lacking within the industry and delivers valued perceptions to notify the
expansion of future technology to provision situational awareness in the electricity transmission and
distribution domain.

Figure 1.2: Required information for enough situational awareness in power system [1,2].

Since modern power grids are becoming a mixture of communication and energy infrastructure and
physical parts of the power grid that were habitually installed in physically remote networks, are currently
integrating Internet Protocol (IP) backed, inter-connected networks to communicate Supervisory Control
and Data Acquisition (SCADA) measurements. SCADA protocols were not intended with measures of
security. Thus, to improve security, and risk minimization, control center requires comprehensive and
precise information about the network topology, status, configuration and integrity of SCADA devices.
Mavridou et al. [5] described a complete system planning that delivers SA for SCADA devices and their
operations in a Smart Grid environment. The proposed SA planning examines and gathers industrial data
and stores appropriate data, evaluates the integrity and the status of field devices and informs detected
incongruities to control center.
 Page |3

1.2 Wide Area Situational Awareness (WASA)

Traditional power grid is not intended to house variable (renewable) Distributed Generations (DGs),
but there exist two smart-grid technologies that can make it conceivable. First, the energy storage, utility-
scale energy storage usually meets one requirements of needed technology – it is long-lasting, and
immediately obtainable. Developments are on progress for storage technologies to mitigate the costs of
energy storage and make it financially viable.

Table 1.1: Data Analytics Based Techniques Used to Improve WASA [6].

References
 Page |4

The second technology that supports integration Distributed Generations into traditional utility grid
contains of sensors and actuators that could discreetly observe and control the power grid at points
ranging from generation through transmission to distribution. These devices are named Phasor
Measurement Units (PMUs), and they collect time-stamped data samples at various nodes throughout
the grid to ensure what the utilities calls “Wide Area Situational Awareness”. That big picture view of the
grid which aids the utility companies to avert brownouts and blackouts.

Wide area situational awareness is comprised of: 1) Automated prevention of the anomalies and
attacks, that means analyzing the vulnerabilities of power systems and increasing the security to prevent
futuristic failures and anomalies. 2) The second response of wide area situational awareness is to quickly
detect the anomalies and failure caused by cyber or physical stresses, estimating the state of the grid two
work on 3) restoration or information recovery or to isolate the infected portion of the grid to prevent
further damage to the system like cascading failure. [6,7].

Figure 1.3: Block diagram of smart-grid vulnerabilities towards cyber and physical attacks. The solid lines
illustrate the network communication channels and the dashed lines illustrate the possible cyber-
attacks. The attacker can (i) manipulate, jam or block the communication channels (A2, A4), (ii) hack a
smart grid component to block or manipulate its operation (A1, A3, A5) [21-22].

The detection and estimation techniques using data-centric and machine learning approaches may be
generally divided into five groups. For example the detection techniques are focused: 1) Data mining-
based, where the techniques straight hinge on a dataset to recognize behavioral pattern sequences; 2)
Information and spectral theory-based focused on the order and meaning of the dataset; 3) Statistical-
based builds on interference tests to validate whether an explicit instance data fits to a statistical model;
4) Knowledge-based which increasingly obtain knowledge about explicit threats; and all those other well-
 Page |5

known 5) Machine learning-based techniques such as Support Vector Machines (SVMs), Bayesian
Networks (BNs), Artificial Neural Networks (ANNs), , Rule-based, Fuzzy Logic, Nearest Neighbor-based
and Genetic Algorithms. Table 1.1 shows a summary of preventive measures suggested by many
researches. In this report we will mostly focus on the cyber and physical stresses detections and
estimation of the system states under cyber and physical stresses.

1.3 Vulnerability analysis to ensure situational awareness

It is very important to diagnose that implementing these advanced grid-control technologies (e.g.
Supervisory Control and Data Acquisition (SCADA), Phasor Measurement Units (PMU), Wide Area
Monitoring System (WAMS), Intrusion Detection System (IDS), Phasor Data Concentrator (PDC), Energy
Management System (EMS), Advance Metering Infrastructure (AMI) etc.) does not just have the latent to
upsurge power grid reliability and resilience, but also provides adversaries with the tools they need to
resourcefully interrupt power delivery. The increased possibility of an attack needs better investment in
cyber-security countermeasures.

According to US Department of Energy (DoE, Sandia National Lab) Successful attacks that exploit these
emerging technologies may interrupt power by 1) triggering automated PMU control schemes through
subversion of synchronized timing systems, 2) executing unauthorized DER connection or operational
settings changes, 3) maliciously using demand-response capabilities, 4) gaining unauthorized access to
cloud-based PMU information to coordinate attack timing, or 5) intentionally misleading operators’
situational awareness, to name but a few. Recognizing these threats and investing in appropriate cyber-
security countermeasures will decrease the likelihood of successful attacks and guarantee that these
technologies are only used to endorse grid reliability rather than abolish it. Figure 1.3 shows an illustration
of the cyber attack’s prone regions in the smart-grid. Fadi Aloul et. Al [8] have briefly highlighted the
complexity of the smart-grid network and discussed the vulnerabilities specific to this huge heterogenous
network. They discussed the challenges that exist in securing the smart-grid network and the current
concluded that the current technologies available are insufficient and needs further research focus. Paul
et. al [9] have addressed vulnerability of smart-grid against simultaneous attacks and proposed new
damage measurements matrix with the loss of generation. Addressing vulnerabilities of cyber-physical
system and security measures have also been briefly discussed in the work [10-11].

1.4 Conclusion
Because of their large size and network complexity as well as the greater number of contingencies that
can occur, operating power systems is an extremely difficult assignment. It extremely important that the
operators are there-fore be provided and informed with the data and the information that they require
to evaluate the present status of the system and be able to forecast its futuristic performance. Since
power systems are getting increasingly interconnected, control centers require to be conscious not only
of the status of their own control area, but also of the status of adjacent control areas. Due to the inclusion
of wide area monitoring systems like SCADA and PMUs, data analytics may be used to improve the safety
security and ensure quick response capability to the grid in every level of wide area situational awareness.
 Page |6

Chapter 2: Modeling and Detecting Cyber

and Physical Stresses

2.1 Introduction
Modern power grids are becoming more and more equipped with cyber elements for sensing,
monitoring, communication, computation, and control, which make them exemplary complex cyber-
physical systems. Due to such increased dependency on cyber components, these systems exhibit new
vulnerabilities to cyber threats. When cyber-attacks occur jointly with physical attacks or failures in the
power grid, they could have even more serious impacts and cause large-scale blackouts with severe
societal and economic consequences.

Figure 2.1: Historical time-line of reported cyber and physical attacks on various infrastructures (energy
infrastructure is indicated by red) [39].
 Page |7

During physical attacks or failures, the stability systems can be upheld if the Supervisory Control and
Data Acquisition (SCADA) obtains exact information about the status of the components and take
appropriate action consequently. If, however, the flow of information is blocked by a cyber-attack, the
status of the components will be unobservable to the SCADA, which prevents the control center from
taking obligatory and appropriate actions in a timely manner. Along with high interdependency among
critical infrastructures of physical and cyber layer, modern smart-grid becoming targets for cyber warfare
and cybercrimes. Figure 2.1 presents the historical timeline of reported cyber-physical attacks, which is a
clear indication of ever-increasing threats and concerns on cyber-physical systems security, such as the
smart-grid security.

On the other hand, cyber components provide invaluable opportunities for a more secure and reliable
operation of smart-grids. For instance, the immense volume of energy data collected by various sensors,
such as Phasor Measurement Units (PMUs), provide new opportunities for detecting, estimating and
predicting various events in the system using big data analytics techniques. Understanding the nature of
attacks and exploiting the vulnerabilities towards it is very important to design proper defense against
ever increasing cyber and physical stresses on the smart-grid. This chapter will review several techniques
illustrated by many researches for modeling and detecting cyber attacks and cyber physical attacks.

2.2 Physical Stresses

Physical stresses may be defined by physical outage of power system components such as transmission
lines, generators, transformers due to any natural or man-made causes. Many conventional techniques
have already been implemented in power system outage detection. But since the deployment of PMU
and remote monitoring systems of power grids, outage detection from measurements data regardless of
physical topology information is demanding new research in this area. In this section focus will be given
to PMU based line outage detection.

Physical topology base methods: The key assumptions that are generally made during line outage
detection is that the fast system dynamics are well-damped and that the system settles down into a quasi-
stable state resulting the line outage and all the buses of the system are observable via PMUs. Resulting
a physical failure, the phasor angle changes at the apparent buses in the system with respect to their pre-
failure values may be calculated. Once the differences in phase angles at each bus has been obtained
∆𝜃𝑜𝑏𝑠𝑒𝑟𝑣𝑒𝑑(𝑘×1) , it is possible to detect failed lines form the angel deference’s by solving 𝐸 ∗ =
𝑎𝑟𝑔 min‖∆𝜃𝑜𝑏𝑠𝑒𝑟𝑣𝑒𝑑 − 𝑓(𝐸)‖ optimization problem. Where, 𝑘 is the number of observed angles 𝜀 is the
𝐸∈𝜀
set of events to be checked for occurrence, and 𝑓(𝐸) is a function which relates a failure 𝐸 to the
difference caused by a failure. For example, Joseph et. Al [12] have depicted an algorithm to find the
tripped lines using following property and solving the DC power flow equation ∆𝜃 = 𝐵−1 ∆𝑃 where, ∆𝑃 is
the changes in the power flow and 𝐵 matrix comes from the known system topology information.
 Page |8

Line outage detection from phasor angle changes [12]

1. Regulate whether an event has happened by checking the changes in the angles greater or
equal to 𝜏
2. Obtain the observed angle changes vector ∆𝜃𝑜𝑏𝑠𝑒𝑟𝑣𝑒𝑑(𝑘×1) .
3. For each line 𝑙,
0
̃
𝑃𝑙 1 → 𝑙𝑡𝑜
a) calculate ∆𝜃𝑐𝑎𝑙𝑐,𝑙 = 𝑃̃𝑙 𝐾𝐵 −1 [ ]
−1 → 𝑙𝑓𝑟𝑜𝑚
0
̃ 𝑐𝑎𝑙𝑐,𝑙
∆𝜃𝑜𝑏𝑠𝑒𝑟𝑣𝑒𝑑 ∙ ∆𝜃
b) calculate 𝑃̃𝑙 = ̃
∗
̃
∆𝜃𝑐𝑎𝑙𝑐,𝑙 ∙ ∆𝜃𝑐𝑎𝑙𝑐,𝑙
∆𝜃𝑜𝑏𝑠𝑒𝑟𝑣𝑒𝑑 ̃𝑜𝑏𝑠𝑒𝑟𝑣𝑒𝑑
∆𝜃
‖∆𝜃𝑜𝑏𝑠𝑒𝑟𝑣𝑒𝑑 ‖
− ̃𝑜𝑏𝑠𝑒𝑟𝑣𝑒𝑑 ‖
‖∆𝜃
c) calculate 𝑁𝐴𝐷𝑙 = { ̃𝑜𝑏𝑠𝑒𝑟𝑣𝑒𝑑
}
∆𝜃𝑜𝑏𝑠𝑒𝑟𝑣𝑒𝑑 ∆𝜃
‖∆𝜃𝑜𝑏𝑠𝑒𝑟𝑣𝑒𝑑 ‖
+ ̃𝑜𝑏𝑠𝑒𝑟𝑣𝑒𝑑 ‖
‖∆𝜃
4. line outage 𝑙 ∗ can be determined by shorting 𝑁𝐴𝐷𝑙 matrix as follows: 𝑙 ∗ = 𝑎𝑟𝑔 min 𝑁𝐴𝐷𝑙
𝑙

Besides that, M. Ghofrani et. Al [13] have also observed changes in the AC power flow ∆𝑃𝑙 = 𝑃̃𝑙 − 𝑃𝑙 ,
since power flow is the function of voltage magnitude |𝑉̃ | and phase angle 𝜃, they have developed a
regularized least square based on norm minimization method to detect the changes in AC power flow due
to transmission line outage for estimating the position of the outage. Detection becomes faulty when
there are missing samples from several PMU units. For example, Jose et. Al [14] have approached the
problem in graph-based method. The transmission network of the electricity grid can be demonstrated
by a graph 𝐺(𝑁, 𝐸), where 𝑁 are the nodes associated by electrical generator, transformers and other
components and 𝐸 are the transmission lines defined as edges of the graph. An outage of line 𝑙𝑖,𝑗 ∈ 𝐸
denotes the exclusion of of its matching edge from the graph 𝐺(𝑁, 𝐸\{𝑙𝑖,𝑗 }). PMU measures 𝑋𝑖 ∈ 𝑅𝑇
represents the measurements of 𝑖th node at time window 𝑇. The PMU measurements 𝑋 = 𝑈Σ𝑉 𝑇 contains
sufficient information that symbolizes the characteristics and topology of the electricity grid. The vector
𝑈 matching to the lowest singular values in Σ represents the subspace that defines the line status, thus
power grid topology information. If 𝑆 0 represents subspace of the normal operation, similar subspace
𝑆 \𝑙𝑖,𝑗 may be defined for the line outage 𝑋 \𝑙𝑖,𝑗 . This learned subspaces will deliver outage-based
information which may be used to define node-based subspaces [𝑆𝑖∪ = ⋃𝑘∈𝑁𝑖 𝑆 \𝑙𝑖,𝑗 , 𝑆𝑖∩ = ⋂𝑘∈𝑁𝑖 𝑆 \𝑙𝑖,𝑗 ]
for outage detection. They depicted a methodology for learning proper mode-based subspaces as
mentioned above and forming the detection groups [𝐷𝑐 (𝐶) = ⋂𝑘∈𝐶{𝑖 ∈ 𝐶|𝑝𝑘,𝑖 ≈ 1 𝑎𝑛𝑑 𝐷𝑐 (𝐶̅ ) =
⋂𝑘∈𝐶 {𝑖 ∉ 𝐶|𝑝𝑘,𝑖 ≈ 1}}] for outage identification when measurements data from several PMU units are
missing. Where, the detection group denoted by cluster 𝐶 and 𝑝𝑘,𝑖 evaluates the detection capability of
node 𝑘 to identify any failure case linking node 𝑖 based on the available training data. To allow the robust
detection of power line outages, they have proposed learning outage characteristics for each individual
node instead of specific single line outage scenarios. Figure 2.2 summarize the overall process for this
subspace-based failure detection approach.
 Page |9

Figure 2.2: Subspace-based learning approach to detect line outage in power system [14].

Data-driven and machine learning techniques: Which have the ability to automate the
WASA processes of electricity grids. Among diverse implementation, finding the position of failure in
electricity grid, e.g., line outages, is a popular problem that may be straightly solved by using data
analytics-based methods as a multi-class classification problem. As a supervised machine learning
approach, a Deep Neural Network (DNNs) may be trained such a way that the cross-entropy loss function
ℒ(𝑓(𝑋, Θ), 𝑡) is minimum, where X is PMU measurement as mentioned above, is the training set of 𝑁 ∈
𝑅 samples, with 𝑥𝑖 ∈ 𝑅𝑀×1 is the measurement vector comprising 𝑀 ∈ 𝑅 features of sample 𝑖 ∈ {1, . . . ,
𝑁}. Moreover, f symbolizes the function for the output of the DNN, i.e., the estimated classes, and t ∈𝑅𝑁×1
is the actual classes of the matching N samples. The set Θ = {𝑊 (𝑑) |𝑑 = 1, … … , 𝐷} signifies the weights
of the D ∈ N hidden layers, where W(d) ∈ Rrd×rd−1 is the weight matrix of the dth layer, which has 𝑟𝑑
neurons. For example, Halil et. al [15] emphasis on the consequence of the communication network delays
on the fault detection time and suggested a DNN-based training technique for fault detection and
classification which also takes delayed measurements into account.

Classification algorithm like Decision Tree (DT) may also be implemented to classify data with similar
characteristics. Similar to its name, this supervised learning classifier has equivalent construction to a real
tree, such that it has a set of nodes, edges and leaves. An edge may be defined as connection between
two nodes, or a node and a leaf. When the data is classified based on a certain feature, it creates a new
node in the tree. The likely values may contain in a feature is equal to the number of edges connected to
that node. Alternatively, the estimated output class of the input samples are denoted by the leaves. But
DTs are very prone to over-fitting issues. To solve this problem collective methods for example Random
Forest (RF), as in specific bootstrap sampling may also be used. Random forest algorithms are basically a
collection of decision trees which may create more influential and robust learners and address over-
fitting. This algorithm is created based on randomness unlike decision trees, the fragments in RF is based
on the best among a subset of randomly chosen predictions at that node. The main idea behind the
randomness is to decorrelate the trees, such that the resulting ensemble scheme has a low variance. For
example, Rana et. Al [16] in their work, have used simulated data for training and compared the deep
neural network (DNN), decision trees (DT), and random forest (RF) methods for fault detection and
classification.
 P a g e | 10

2.3 Cyber Stresses

The smart progression of traditional electricity grid vastly depends on communication infrastructure
and information technology, that increase a great worry about cyber security of the smart-grid. Smart-
grid systems have advanced to track the IoTs/CPSs movement, which becoming an important societal
infrastructure as it contains vital elements in our day-to-day life. Alternatively, the modern smart-grid
system brings new security challenges. The cyber-attacks on smartgrid is drawing attention of many
researchers for decades. Types of attacks may be classified into two major categories for example 1)
Denial of service 2) Data manipulation attacks which may be further subdivided into two different
categories such as a) data replay attacks and b) false data injection attacks.

Denial-of-Service Attacks: Attacks directing availability, also named denial-of-service (DoS)

attacks, try to interrupt, jam or crooked the communication in the Smartgrid. Which can strictly damage
the communication routine and purposely mislead the functions of IoT devices. Overall, current DoS
attacks can occur at a diversity of communication layers in the Smart Grid, which are shown in Table 2.1.
wireless blocking becomes the main physical-layer attack in smartgrid networks. For example, a recent
work [17] has depicted that blocking attacks can lead to a wide range of damages to the network
performance of power substation systems, from delayed delivery of time-critical messages to complete
denial-of-service. In the MAC layer spoofing is a comparatively damaging threat at the MAC layer because
it marks both availability and integrity. A spoofing invader, may take advantage of the unprotected
address fields in a MAC frame, may deceive as another kind of device and send false information to other
devices in the system. For example, in a power substation network, a spiteful node can broadcast forged
address resolution protocol (ARP) packets to shut down connections of all IEDs to the substation gateway
node, as depicted by Upeka et al. in [18].

Table 2.1: DoS attack smartgrid in various network layer.

Data Manipulation Attacks: Attacks directing data integrity may be thought as less brute-force
yet more sophisticated than DoS attacks. Such attacks efforts to silently change data to crooked critical
information communication in the smartgrid, such as False data injection attacks and data replay attacks.
Many researchers have depicted several methodologies for modeling and detection of cyber-attacks. For
example, Yilmaz et. Al. [19-21] have modeled the power grid, consisting of 𝑁 + 1 nodes and 𝐾 PMUs, as
discrete-time linear dynamic system based on DC model 𝑋𝑡 = 𝐴𝑋𝑡−1 + 𝑉𝑡 , 𝑦𝑡 = 𝐻𝑋𝑡 + 𝑊𝑡 where 𝑋𝑡 =
[𝑥1,𝑡 , 𝑥2,𝑡 , … . 𝑥𝑁,𝑡 ] is the state vector representing the phase angles of 𝑁 buses, 𝐴 ∈ 𝑅𝑁×𝑁 is the state
transition matrix, 𝑉𝑡 = [𝑣1,𝑡 , 𝑣2,𝑡 , … . 𝑣𝑁,𝑡 ]~ℵ(0, 𝜎𝑣2 𝐼𝑁 ) is the process noise vector. And 𝑌𝑡 =
[𝑌1,𝑡 , 𝑌2,𝑡 , … . 𝑌𝑁,𝑡 ] is the vector consisting of PMU measurements, 𝐻 ∈ 𝑅𝑘𝜆×𝑁 is the measurement matrix
𝑊𝑡 = [𝑊1,𝑡 , 𝑊2,𝑡 , … . 𝑊𝑁,𝑡 ]~ℵ(0, 𝜎𝑤2 𝐼𝑘𝜆 ) is the measurement noise vector. Then false data injection
attacks may be modeled as 𝑦𝑡 = 𝐻𝑋𝑡 + 𝑎𝑡 + 𝑤𝑡 , where 𝑎𝑡 = [𝑎1,𝑡 , 𝑎2,𝑡 , … . 𝑎𝑁,𝑡 ] denotes the injected
false data at time 𝑡, have depicted sequential detection of data manipulation attacks in smartgrid using
simplified DC model of cumulative sum detectors. online maximum likelihood estimates (MLEs) of the
 P a g e | 11

attack types, set of attacked meters, and the attack magnitudes are used in attack detection. Additionally,
improved state estimates are calculated relying on the online MLE estimates of the attack variables. Xuan
et. Al [22] have modeled false data injection attacks with incomplete network information.

The inserted false data follows Kirchhoff current law and Kirchhoff voltage law to evade presence and
being spotted by the bad data detection mechanism in the state estimation and the residual in the line
outage detection is increased such that the line failure may not be spotted by PMU data. A bilevel
optimization problem may set up to govern the finest attack vector that can maximize the residual of the
faulted line.

Figure 2.3: Online false data detection mechanism with a deep neural network-based attack detector
[23].

The objective of attackers to accomplish false data injection is to misinform the system control center
to reflect a conceded state measurement 𝑋̂𝑎 = 𝑋̂ + 𝐶 as the estimated system state, where C is the
eccentricity of power system state. To attain this, an attaker can alter the received measurements at the
control center to 𝑍𝑎 = 𝑍 + 𝑎, where 𝑎 is the injected attack vector. To avoid bad data detection
mechanism, the attack vector should be constructed as 𝑎 = ℎ(𝑋̂ + 𝐶) − ℎ(𝑋̂). In such cases, the
Euclidean norm of the residual is unchanged ‖𝑟𝑎 ‖ = ‖𝑍𝑎 − ℎ(𝑋̂𝑎 )‖ = ‖𝑍 − 𝑍̂‖ = ‖𝑟‖ and the attack can
bypass the residual-based test for bad data detection. Based on this consideration James et. Al [23] have
proposed false data attack detection mechanism that may efficiently arrest such discrepancy by analyzing
temporally uninterrupted estimated system states using wavelet transform and deep neural network
techniques. Figure 2.3 shows their proposed online false data detection algorithm based on deep neural
network.
 P a g e | 12

2.4 Combined Cyber and Physical Stresses

Because of the deep incorporation of the physical layer (traditional power network infrastructure) with
the cyber layer (information sensing, processing and control) for effective electricity distribution and
transmission, spiteful attacks on a power grid system can lead to an initially undetectable failure and
ultimately result in failure if not addressed immediately. These attacks can be categorized into cyber and
physical attacks. For physical attack [24] projected an attack target choice scheme that allow the
adversaries to physically attack the power system apparatuses (e.g., transmission lines, generators, and
transformers). The adversary’s problem involves of selecting one of the available attack targets, by which
it means every mixture of elements considered possible to attack. Each choice of target constitutes a
(pure) strategy of the attacker. Let 𝑇 be the set of targets and the 𝑀 number of targets. If we consider
only attacks on single elements, then T is the set of all elements and M=N. If instantaneous attacks are
considered on exactly 𝑛 > 1 elements, then 𝑇 is the set of all exclusive combinations of 𝑛 elements,
𝑁!
{𝑖1 , 𝑖2 , … … 𝑖𝑛 }, and 𝑀 = . If 𝑇𝑗 be the set of elements in target 𝑗, and 𝑆 is a subset of 𝑇𝑗 , 𝑦𝑠 be the
𝑛!(𝑁−𝑛)
consequences of disabling the elements in 𝑆, then 𝑃(𝑌𝑗 = 𝑦𝑆 ) = ∏𝑖∈𝑆(1 − 𝑝𝑖 ) ∏𝑖∉𝑆 𝑝𝑖 . Based on this
probability matrix, the adversary may choose randomly or may follow 1) One of the worst-case attacks:
by choosing the target that maximizes the expected negative consequences 𝜇𝑗 = 𝐸(𝑌𝑗 ) of the attack. 2)
Probability-based attack: adversary may try to maximize the probability that the outcome 𝑌𝑗 of an attack
is over a certain magnitude 𝑦𝑚𝑖𝑛 , i.e., (𝑌𝑗 ≥ 𝑦𝑚𝑖𝑛 ). 3) The attacker selects the target randomly, where
each target bears equal probability. Figure 2.4 shows the possible attack target for physical and cyber
attacks in the system block diagram. Data manipulation attacks discussed in previous section may also
take place simultaneously for masking the impact of physical attacks, thus making combine cyber and
physical attack. This type of attacks may lead to a cascade of system failure and cause brownout or
blackout throughout the grid.

Figure 2.4: Possible cyber and physical attack target in smart-grid block diagram [25].

Hwei-Ming et. Al [25] have also suggested a technique using Line Outage Distribution Factor (LODFs) of
DC optimal power flow solutions. The entry in the mth row and nth column of LODFs, 𝐿 ∈ 𝑅𝑛𝑏𝑟 ×𝑛𝑏𝑟 , 𝑙𝑚,𝑛 ,
represents the fraction of the power flow of the nth line will be shifted to the mth line when the nth line
𝑇
fails. An influence factor 𝑓, whose 𝑙 th element 𝑓𝑙 = ((𝐿{:,𝑙} ) 𝑠𝑖𝑔𝑛(ℜ(𝑆))) 𝑃𝑙 , where, 𝐿{:,𝑙} represents
 P a g e | 13

Figure 2.5: An example of combined cyber and physical attack strategy [25].

the 𝑙 th column of 𝐿 and real power ℜ(𝑆), 𝑓𝑙 is the amount of power increment for the whole system if 𝑙 th
element fails, then the real outage line can be found 𝑙𝑜 = 𝑎𝑟𝑔 max{𝑓𝑙 |1, … … . . 𝑛𝑏𝑟 } and associated set
𝑙
of bus will be ℒ. Then the adversary may select some fake outage line from set of bus ℳ such that ℒ ∩
ℳ ≠ ∅ and mask the real one with data manipulation attacks to mislead the control center. Such an
attack strategy is represented in Figure 2.5.

2.5 Conclusion
Physical stresses are comparatively easy to detect but when combined with cyber attacks such as data
manipulation attacks to mask the impact of the physical failure and mislead the control center by
presenting fake attack positions. This could pose serious threat and induced more failures in the main
time while the control center is busy finding the fake locations. This could lead to a cascading failure of
multiple components and escalate quickly throughout the grid. That is why understanding the nature of
attacks, identifying the prone region of attacks and developing efficient defense techniques is the vital
focus of modern power system researchers.
 P a g e | 14

Chapter 3: State Estimation under Cyber

and Physical Stresses

3.1 Introduction
Situational awareness is far more sophisticated than simply observing a cluster of data. Understanding
the meaning or worth of that measurement data in relation to one’s goals is also vital. This progression
includes depicting an inclusive picture of the environment. Sensing, monitoring and visualizing that
portion of the environment that is of concern to the individual. In case of cyber-physical system such as
smartgrid, level 2 situational awareness comprises of detection of accurate system state under cyber and
physical stresses. The focus of this chapter is to review the state-of-the-art state static and dynamic
estimation techniques of power grid under cyber and physical stresses in both conventional and data
driven approaches.

3.2 Power System State Estimation

Power system state estimation is an area of focus of power system researcher for more than four
decades. Now a days, state estimators may be integrated in almost every power system control center.
While there has been plentiful research published on many different aspects of state estimation, ranging
from its mathematical formulation to the implementation and start-up issues at the control centers, state
estimation of power system under cyber and physical stresses is still a major research area. New
techniques based on graph and PMU data analyses, power system security has been extensively studied
using traditional state estimation methods [13-15] in which accurate knowledge of the system model is
required. The work in [13] provides a survey discussing the state of the art in electric power system state
estimation. A review of power system dynamic state estimation techniques using conventional methods
have also discussed in [14,15]. Although many powerful techniques have been developed in state
estimation for power systems, availability of large volume of data and data analytics techniques can
provide new opportunities to help with state estimation in special situations, for example, when the
system model is not available or accurate (such as in the cases of joint cyber-attacks). The presented work
in the current paper, is focused on a data-driven approach for state estimation using PMU data for
transmission line state estimation and fault detection during joint cyber physical attacks.

3.2.1 Static State Estimation

State estimation is an indispensable mean utilized by control center for power system analysis. State
estimation helps control center in decision-taking process during emergency situations. Precise
information of system state is obligatory to evade system letdowns and power outage. State estimation
results from basic inputs to numerous power system operations. The ultimate problem of state estimation
 P a g e | 15

may be defined as an over determined system of nonlinear equations solved as an unconstrained

weighted least squares (WLS) problem. If we consider the meter measurement as 𝑧 = ℎ(𝑥) + 𝑒, where
ℎ(𝑥) is the nonlinear relation among system state parameters and 𝑒 is the measurement error term, then
the 1st order approximation may be written as ∆𝑧 = 𝐻(𝑥 0 ) ∙ ∆𝑥 + 𝑒, where, ∆𝑧 = 𝑧 − ℎ(𝑥 0 ), ∆𝑥 = 𝑥 −
𝑥 0 and 𝐻(𝑥 0 ) = ℎ′(𝑥 0 ). The WLS estimator minimizes the weighted sum of the squares of the residual
vector 𝑟 = ∆𝑧 − 𝐻(𝑥 0 ) ∙ ∆𝑥 , given by 𝐽(𝑥) = ∑𝑚 𝑗=1 𝑊𝑗 |𝑟𝑗 |, where, 𝑊𝑗 is the reciprocal of the error
variance for measurement 𝑗.Then the optimal state estimation can be found from the optimal solution of
𝐽(𝑥) as depicted by Ali Abur et. Al [26].

WLS State Estimation involves the iterative solution of the Normal equation [𝐺(𝑥 𝑘 )]∆𝑥 𝑘+1 =
𝐻 (𝑥 𝑘 )𝑅 −1 [𝑧 − ℎ(𝑥 𝑘 )], ∆𝑥 𝑘+1 = 𝑥 𝑘+1 − 𝑥 𝑘 , Where, 𝑘 is the iteration index, 𝑥 𝑘 is the solution vector at
𝑇

kth iteration, 𝑅 is the error covariance matrix. A primary assumption must be made for the state vector 𝑥 0 .
As in the case of the power flow solution, this assumption typically resembles to the flat voltage profile,
where all the bus voltages are initially assumed to be 1.0 per unit and in phase with each other.

Table 3.1: Major Computational Steps in Different Static State Estimation Methods [28].
 P a g e | 16

In addition to the Weighted Least Square (WLS) algorithm, other state estimation techniques such as
“Least Absolute Value (LAV)” and “decoupled WLS” estimation were also introduced by many researchers,
but still WLS is the foremost in case of real-life applications. References [26-27] discussed many detailed
amounts of adjustments in technique for upgraded numerical computational ease. Several numerical
techniques have been discovered to evade difficulties of ill-conditioning in the gain matrices. A
comparative review of various numerical computation methods like orthogonal transformation, normal
equations and hatchels augmentation have been presented by Holten et al in [28]. Table 3.1 shows a
comparison of major computational steps in different static state estimation techniques.
Conventional State Estimation which takes snap-shots of the system in consideration is static in nature.
Static state estimation in practical sense does not take into consideration of the system dynamics.
Changes occurs in power system are usually caused by loads variations. As system load varies, the
generation tries to cope up with the system change and anticipated to change. Thus, transmission line
flow and bus injection flow also subjected to change. That kind of behavior is which makes the system
dynamic. Moreover, the fast-transient time constants which changes in more frequently than the
conventional SCADA data measurement rate. Hence, to maintain accuracy the static state estimation is to
be evaluated in a very smaller time interval that makes is computationally complex and expensive. Which
also required a large memory that may also be an important limitation. Conventional data acquisition
systems measure steady but unsynchronized information and at low sampling density. That limits the
ability of the dispatching and controlling center to know the dynamic operating states of the system
precisely.

3.2.2 Dynamic State Estimation

Utilizing the time synchronous data acquisition systems (SCADA/PMU) measurements and using the
information about state vector at time instant 𝑘, the Dynamic State Estimation (DSE) techniques may be
able to forecast the state vector of power system at the next time stamp 𝑘 + 1. Because of this ability to
predict, dynamic state estimations are capable of security analysis that may be carried out in beforehand
and hence the control center gets enough time in the brink of crises. Moreover, unlike the conventional
static state estimation methods, dynamic state estimation techniques can also estimate system bus
voltage and phase angle, states that truly depict the dynamics of a system like generator rotor angle,
speed or generator internal voltages are also estimated. Those estimated additional parameters may be
helpful to take preventive actions using generator controls in case of emerging tragedies. The objectives
are to say that the dynamic state estimation of a power system network is obligatory. Thus, it turn out to
be vital that the selected mrthods for such estimation must be robust, precise, effective, less time
consuming, computationally feasible and ensuring the accurate result. Extended Kalman Filter (EKF) is a
well-known and mostly used tools while developing approach for the dynamic state estimation.
According to N. R. Shivkumar et. Al [29], dynamic state estimation techniques may be approximately
categorized into Robust dynamic techniques, Kalman filter-based, Artificial Intelligence-based techniques,
and Square root filter-based. They have tried to classify certain existing techniques as stated directly
above; yet, it inevitably may not add up all the existing techniques. The first step in dynamin state
estimation involves the documentation of accurate mathematical expression for the time synchronized
behavior of the power system. The general mathematical expression used to express a dynamic system
may be expressed as equation 𝑥𝑘+1 = 𝑓(𝑥𝑘 , 𝑢𝑘 , 𝑤𝑘 , 𝑘), ‘u’ is the control-actions, ‘𝑤’ characterizes the
uncertainty in the expression and ‘𝑓’ is the nonlinear function. But such a mathematical expression is very
complex, costly and imperial to process. Hence, several assumptions usually made by mane researchers
 P a g e | 17

to linearize the model. Such as 1) The system is considered a quasi-static system, i.e. its changes are
tremendously slow. 2) Time frames are considered very small to fit the usage of linear models that may
be able to describe the transition of states between consecutive instants of time. 3) The uncertainties are
described using white gaussian noise with zero mean and fixed covariance. Considering these
assumptions, a much simpler linear expression may be possible to approximate for dynamic state
estimation such as equation 𝑥𝑘+1 = 𝐹𝑘 𝑥𝑘 + 𝐺𝑘 + 𝑤𝑘 , Where, 𝐹𝑘 is function representing the state
transition between two instants of time, 𝐺𝑘 is associated with the trend behavior of the state trajectory
and 𝑤𝑘 is the white gaussian noise with zero mean and covariance. The modification from static to
dynamic state estimation consist of writing ℎ(𝑥̅ ) = ℎ(𝜇𝑘 ) + 𝐻(𝑥̅ − 𝜇𝑘 ), where 𝜇𝑘 is the value of state
vector after 𝑘 th iteration. This results in the extended Kalman filter iteration scheme 𝜇𝑘+1 = 𝑥̅ +
𝐾(𝜇𝑘 )[𝑍 − ℎ(𝜇𝑘 ) − 𝐻(𝜇𝑘 )(𝑥̅ − 𝜇𝑘 )]. The iteration starts with 𝜇1 = 𝑥̅ and terminates at |𝜇𝑘 − 𝜇𝑘−1 | < 𝜀
(a specific threshold). Where 𝐾(𝑘) = 𝑃0 (𝑘)𝐻𝑇 (𝑘)ℛ −1 (𝑘), kalman gain at 𝑘 th iteration and ℛ(𝑘) =
[𝐻(𝑘)𝑃0 (𝑘)𝐻𝑇 (𝑘) + 𝑤𝑘−1 (𝑘)], then the final estimated value 𝑥̅ = 𝜇𝑘 as derived by J.K. Mandal [30].
Many popular dynamic state estimation methods are generally derived from Kalman filter technique.
The relative comfort of implementation over other existing techniques is the prime reason for widely use
of variant of Kalman Filter based techniques. Also, Kalman filter based methods usually have ability to
forecast system state for next few instants; in addition to cleaning out the noise from the available
measurements. Kalman filter based models usually assumes Gaussian distribution of noise but practically
the noise distribution may vary randomly over gaussian distribution. In the presence of such outliers, the
performance of Kalman filter based technique may drastically reduce. To address such phenomenon,
certain mthods named “Robust techniques” were introduced. For example, researchers in [31] have
depicted a robust estimation technique to address the issue, using a statistical approach based on M-
estimation technique. Yet “Robust techniques” are computationally very costly and mathematical
formulation is weighty. On the other hand, “Square root filter techniques” are more identical to Kalman
filter based techniques. They are introduced to overcome numerical errors that may arise while computer
implementations of Kalman filter techniques as described in [32]. As the name proposes, this technique
calculate the square roots of covariance matrices instead of using them straight. Square-roots are often
calculated using special decomposition techniques like Cholesky decomposition, etc.

Figure 3.1: PMU measurement-based state estimation scheme [33]

 P a g e | 18

PMU measurements contain frequency and rate of change of frequency in the system. Usually, these
measurements are available in raw form, as time-stamped instantaneous values, or, in the case of voltages
and currents, as computed phasor data at the system fundamental frequency. Dynamic state estimation
techniques may possible to develop that can filter all obtainable data to capture the transient-swings of
the system online. The processed PMU measurements from power equations may be expressed as 𝑧𝑚 =
𝑥 𝑥
𝐻𝑚 [𝑦] + {[𝑥 𝑦]𝑄𝑚 [[𝑦]]} + 𝜑𝑚 , where 𝑥 and 𝑦 are dynamic and algebraic states of system and 𝜑𝑚 is
the measurement error and for linear measurements the matrix 𝑄𝑚 = 0. The objective is estimating the
system states using least square methods by the following optimization minimize 𝐽(𝑥, 𝑦) = 𝜑 𝑇 𝑊𝜑
1
where, 𝜑 = 𝑧 − ℎ(𝑥, 𝑦) and 𝑊 = 𝑑𝑖𝑎𝑔 [ 2 ], then the best estimate of the system state may be solved
𝜎
from Gaussian-Newton iterative method as 𝑥̂ 𝑘+1 = 𝑥̂ 𝑘 + (𝐻𝑇 𝑊𝐻)−1 𝐻𝑇 𝑊(𝑧𝑎 − ℎ(𝑥̂ 𝑘 ) where, 𝑧𝑎 are
raw PMU data as depicted by Evangelos et al [33]. Figure 3.1 shows the PMU-based state estimation
scheme.

3.3 State Estimation Under Cyber and Physical Stresses

Security of the cyber physical systems (CPSs) including smart-grids has been the focus of many
researches. Studying and mitigation the effects of joint cyber and physical attacks in CPSs are categories
of such researches that have gained lots of attention recently. While state estimation is in the field for
several decades now, but state estimation under cyber and physical stresses is still a major concern and
ongoing research in modern power system research. Since the interdependency of physical power grid
with the network backed cyber layer is increasing day by day, attackers are finding new ways disrupt
smart-grid and state estimation under these new cyber and physical stresses becomes new challenges.
Many researches have depicted methods of state estimation under different cyber and physical stresses
in [34]-[36]. Which will be discussed in this section.

State Estimation Under DoS Attack: One type of these cyber-attacks is “Distributed Denial-
of-Service (DDoS)” attack which may block the communication links between components and may be
addressed as communication failure. For example, Chaojun et. Al [34] have depicted a dynamic state
estimation technique using kriging-based bus load forecasting techniques under communication failure.
They have used extended Kalman filter model for state forecasting 𝑥̂𝑘 = 𝐹𝑘−1 𝑥̅𝑘−1 + 𝑔𝑘−1 and 𝑀𝑘 =
′
𝐹𝑘−1 Σ𝑘−1 𝐹𝑘−1 + 𝑄𝑘−1 , where, 𝑥̂𝑘 forecast state vector, 𝑥̅𝑘−1 estimated state vector, 𝐹𝑘−1 state transition
matrix, 𝑔𝑘−1 trend behavior in time series, Σ𝑘−1 estimation error co-variance matrix, 𝑀𝑘 forecast state
error covariance matrix and 𝑄𝑘−1 noise covariance matrix. To forecast the system state for the next time
instant, there are two methods introduced in the article one approach is to use the system state (phase
angles and voltage magnitudes) as the forecasting variable. The other method is to use the bus load
(active/reactive load) as the forecasting variable. The state filtering step is an extended Kalman filter
which computes the optimal system state by joining the forecast state with the measurement data.
 P a g e | 19

Figure 3.2: The time line of load flow under communication failure. Dotted sample delayed, dashed
sample in time [34].

The optimal filtered system state minimizes the combined error in the objective function 𝐽(𝑋) =
−1
[𝑧 − ℎ(𝑥)]′ 𝑅−1 [𝑧 − ℎ(𝑥)] + [𝑥̅ − 𝑥 ]′𝑀 [𝑥̅ − 𝑥 ]. 𝑅 is the “diagonal error variance matrix” of the
measurement The value of which relies on the correctness of the measuring equipment. Then the filtered
state 𝑥̂𝑘 that minimizes 𝐽(𝑋) may be found from 𝑥̂𝑘 = 𝑥̅𝑘 + 𝐾𝑘 (𝑧𝑘 − 𝑧̅𝑘 ) and updated error covariance
−1
Σ𝑘 = [𝐼 − 𝐾𝑘 𝐻𝑘 ]𝑀𝑘 [𝐼 − 𝐾𝑘 𝐻𝑘 ′] + 𝐾𝑘 𝑅𝐾𝑘 ′, where 𝐾𝑘 = 𝑀𝑘 𝐻𝑘′ (𝐻𝑘 𝑀𝑘 𝐻𝑘𝑇 + 𝑅) is the Kalman gain. To
apply kriging for load forecasting in power system, because the lack of physical distance, “empirical
kriging” method is implemented to estimate the weights of load values 𝑃𝐿 using covariance structure
filtered from historical data. Then the forecasted load values define as 𝑃̂𝑘𝐿 (𝑖) = 𝑐0′ 𝐶 −1 𝑃𝐿 where, 𝐶 is the
special variance-covariance matrix and 𝑐0′ 𝐶 −1 is the weight. Then this forecasted load may be converted
into power system state by applying power flow analysis. This dynamic state estimation may be able to
predict the topology change because of its forecasting ability. Figure 3.2 shows the timeline of proposed
flow.

State Estimation Under Data Manipulation Attack: Smartgrid are highly prone to cyber-
attack and data manipulation is most frequently used by the attackers which can lead to the biased
estimation. Thus, state estimation under the influence of cyber attacked such as false data injection
attacks has become popular research domain for many researchers. Liang Hu et. Al [35] have depicted a
state estimation strategy under false data injection attacks. They have proposed the following time
invariant state estimation 𝑥̂(𝑘 + 1) = 𝐴𝑥̂(𝑘) + 𝐾𝑧(𝑘 + 1), 𝑧(𝑘 + 1) = 𝑦(𝑘 + 1) − 𝐶𝐴𝑥̂(𝑥), where
𝑥̂(𝑘 + 1) and 𝑧(𝑘 + 1) are the state estimation and residual at time instant 𝑘 + 1. Then the dynamic state
estimation error defined as 𝑥̅ (𝑘 + 1) = (1 − 𝐾𝐶)(𝐴𝑥̅ (𝑘) + 𝜔(𝑘)) − 𝐾𝜗(𝑘 + 1), where 𝜔(𝑘) process
noise and 𝜗(𝑘) measurement noise respectively. Under the false data injection the measurement
received by the estimator can be modeled as 𝑦 𝑎 (𝑘) = 𝐶𝑥(𝑘) + 𝑎(𝑘) + 𝜗(𝑘) = 𝐶𝑥(𝑘) + 𝐵𝑎 𝑎0 (𝑘) +
𝜗(𝑘) Where, 𝑎(𝑘) represents the false data injected, 𝐵𝑎 is a diagonal injection matrix. With the comprised
measurement 𝑦 𝑎 (𝑘), based on the estimator can be derived as 𝑥̂ 𝑎 (𝑘 + 1) = 𝐴𝑥̂ 𝑎 (𝑘) + 𝐾𝑧 𝑎 (𝑘 + 1) and
𝑧 𝑎 (𝑘 + 1) = 𝑦 𝑎 (𝑘 + 1) − 𝐶𝐴𝑥̂ 𝑎 (k). and the state estimation difference and estimation residual
difference can be defined as ∆𝑧(𝑘 + 1) = −𝐶𝐴𝑥̂(𝑘) + 𝑎(𝑘 + 1), ∆𝑥̂(𝑘 + 1) = 𝐴∆𝑥̂(𝑘) + 𝐾∆𝑧(𝑘 + 1).
These difference equations may be solved using dynamic state estimation techniques and determine
system states under false data injection. Research depicted in [19]-[22] have also discussed state
estimation under FDI attacks.

State Estimation Under Combined Cyber and Physical Attacks: Physical failure masked
by a cyber-attack is one of the worst case of attacks in the smart-grid system. Estimating the system state
in such a scenario is quite difficult, specially making a clear distinction between cyber and physical failures.
 P a g e | 20

But thanks to the modern wide area monitoring systems like SCADA and PMUs, researchers are trying to
figure out to estimate the system state of an unobservable portion of the grid masked by physical failure
from the surrounding observable portion where the measurement is still available. Such as in [36-38]
researchers have considered the power grid as interconnected graphs and subdivided the active power
grid in to several subgraph and applied linear algebra and graph theory on the PMU measurement outside
the attacked zone to estimate the status of the unobservable branches inside the attacked zone. Figure
3.3 shows the general idea of the attack model and estimation approach.

Figure 3.3: Cyber and physical attack targets of power system: physical attacks target the physical
infrastructure (lines, substations, etc.). Cyber-attacks target the SCADA system—an attacker may
manipulate the flow of information from the PMUs within the zone to the control center [36].

Figure 3.4: Graph based representation of power system, where 𝐺 is the power grid graph and 𝐻 is a
subgraph of 𝐺 that denotes the attacked zone. An attacker may attack subgraph 𝐻 by manipulating the
information flow from PMUs to control center and disconnecting some physical connections (red dashed
lines) [37].

They have used the linearized Direct-Current (DC) power flow model, which is a practical realization of
the Alternating-Current (AC) model. They have also used a customized variety of the control network
infrastructure which comprises of Phasor Measurement Units (PMU), Phasor Data Concentrators (PDC),
and a control center (Figure 3.3). The transmission lines are defined as edges and other components like
 P a g e | 21

PMUs, PDCs and Buses are considered system nodes. An adversary may initiate a cyber-physical attack by
disconnecting lines within a zone (physical attack) and manipulating the flow of information from the
PMUs within the zone to the control center (cyber-attack). For example, in figure 3.4 an attacker may
accomplish the cyber-attack by incapacitating the 𝐻 zone’s associated PDC. On the other hand, the
attacker may also disrupt the communication network between the PMUs and the PDC, or between the
PDC and the control center.

Under the influence of attacks, some lines may get separated, and the information such as phase angles
and the status of the lines within the attacked zone 𝐻 = (𝑉𝐻 𝐸𝐻 )[𝐻 ∈ 𝐺 ] become inaccessible (Fig. 3.4).
The key idea is to retrieve that information inside the attacked zone by utilizing the information available
outside the attacked zone and estimate the state of the system in the process. The authors have showed
that if there is a matching between the nodes inside and outside the attacked zone that covers the inside
nodes 𝑉𝐻 then the phase angles of the nodes in the attacked zone are recoverable by solving a set of linear
equations of size |𝑉𝐻 |. They have also showed that if subgraph 𝐻 is acyclic, the disconnected lines inside
subgraph 𝐻 are also measurable by solving a set of linear equations of size |𝐸𝐻 |. Moreover, if 𝐻 is planar
instead of acyclic, under some constraints, the disconnected lines are detectable by solving a Linear
Programming (LP) problem. Based on these assumptions the authors have [36-38] introduced several
algorithms for estimation and information recovery process,

1) the Post-Attack Recovery and Detection (PARD) Algorithm which may be able to recover information
such as the phase angles and detect the failed lines inside the attacked zone 𝐻. Based on the results
provided by DC power flow equations under mentioned assumptions, if a zone H is weakly-attack-resilient,
the PARD Algorithm may recover the phase angles and detect the failed lines after a constrained attack.

2) 3-Acyclic Partition of Planar (3APP) for partitioning the power grid into several interconnected
subgraphs based on the voltage matching on the different nodes.

3) the zone selection algorithm [38] will find the infected zone and select the associated subgraphs.
 P a g e | 22

[38]

Using these three algorithms they have detected the filed lines and portioned the injected region as a
subgraph then recovered the information under the attacked zone. A result from there case study have
been presented in figure 3.5 which shows an example of attack and recovered information in the presence
of measurement noise.

Figure 3.5: Example of a cyber-physical attack and recovered information under the attacked subgraph
with presence of measurement noise. Red dashed lines show the attacked lines. As can be seen 2 out 3
attacked lines successfully detected in this case [37].

3.4 Conclusion
In this chapter, state estimation and estate estimation under combined cyber and physical attack on
smart grids are discussed. Cyber-attacks, which results unobservability of a portion of the grid while
causing transmission lines failures. Traditional state estimation along with data-driven approach to
estimate the state of the unobservable portion of the grid under cyber-attack from the PMU data available
outside the attack area have also been explored. Specifically, a graph theory-based approach was
discussed both research group have used PMU measurements to estimate the state of the grid under the
influence of cyber and physical attacks. The works presented in this chapter work shows the importance
and the power of data and data analytics methods in addressing joint cyber and physical attacks on smart
grids.
 P a g e | 23

Chapter 4: Research Plan and Conclusion

4.1 Introduction
The research work of the author in the field of state estimation under the influence of cyber and
physical stresses and the future research plan have been discussed in this chapter.

4.1 Research Work

The immense volume of energy data collected by various sensors, such as Phasor Measurement Units
(PMUs), provide new opportunities for detecting, estimating and predicting various events in the system
using big data analytics techniques. In this paper, we consider a scenario of joint cyber and physical attack
on the smart grid and discuss how a data-driven method based on PMU data can help in recovering the
status information of the components. Like the work in [36-38], we consider the scenario in which an
attacker conducts a physical attack on the power system by disconnecting few transmission lines and
simultaneously launches a cyberattack on the communication system and prevents the flow of
information from the region around the physically attacked area or other regions of the system to the
control center. This joint cyber-attack leads to unobservability on a portion of the power system, which
has experienced line outages. The goal is to use the PMU data from outside the attacked zone (observable
parts of the system) to estimate the state of the lines in the attacked zone using a data-driven technique.
The availability of large volumes of PMU data in future smart grids and limitations of the traditional power
system state estimation due to dependency on accurate power system models, make the data-driven
approaches more appealing than before as a complement to the traditional state estimation or
individually. In this work, we have specifically used a linear minimum mean square error (MMSE) estimator
for recovering the status information of components in the attacked zone. We have evaluated various
scenarios and observed that recovering the status information of certain power components are more
difficult than others and thus, we have proposed an extension to the linear MMSE estimator by adding
iterative feedback to the estimator, which can improve the estimation performance. We have evaluated
these data-driven estimation methods on various scenarios of joint cyber-physical attacks on the IEEE 118
test bus system including scattered and localized attacks. The results show that the data-driven
approaches can be promising approaches for state estimation, particularly during cyber-physical attacks.

4.1.1 Cyber-Physical Attack Model

We considered joint cyber and physical attacks and thus the attack definition has two parts. Specifically,
to model the cyberattack, we assumed that the attacker randomly selects a subset 𝐴𝑐 of transmission
lines (i.e., 𝐴𝑐 𝜖𝐿) and masks the flow of information from them to the control center. We called the set 𝐴𝑐
the cyber-attack zone or attack zone for short. Further, to model the physical attack, we assumed that a
subset 𝐴𝑝 of lines from the attack zone (i.e., 𝐴𝑝 ∈ 𝐴𝑐 ) experiences physical attack or failure. Further, we
considered two scenarios for the attack zone:
 P a g e | 24

(1) Randomly scattered attacks, where the set 𝐴𝑐 of transmission lines is geographically scattered on the
system. Figure 4.1-a depicts one example of a scattered attack on the IEEE 118 test case topology.

(2) Localized attacks, where the set 𝐴𝑐 of transmission lines are all adjacent to each other (i.e., have
physical connection in the topology of the system). Figure 4.1-b represents an example of a localized
attack scenario on IEEE 118 test case.

Figure 4.1: Example of (a) scattered attack scenario, and (b) a localized attack scenario. The red marked
branches have experienced cyber-attacks and became unobservable and the red dashed lines indicates
branches, which are physically attacked [39].

Figure 4.2: Power flow changes in IEEE 118 branches due to state changes in attack zone shown in Figure
4.1-b. The state changes include failure of different combinations of lines inside the attack zone [39].

An important observation based on our simulations is that when a subset of the grid branches changes
their status (e.g., fail), not all the other lines will be affected equally due to such changes. For example, in
 P a g e | 25

Figure 4.1-b, changes inside the red portion of the grid (e.g., failure in the attack zone) does not equally
affect other branches outside the attack zone. Figure 4.2 shows a heatmap of the real power flow changes
in all transmission lines due to the changes in the status of components inside the attack zone. This result
is obtained based on 250 different scenarios with multiple combinations of failed transmission lines inside
the attack zone. Based on this observation we can conclude that to determine the status of the
unobservable components, one does not need data on all other branches outside this zone. Thus, we can
use a feature selection mechanism based on such analyses, which will allow selecting features with the
most information to ease the computational complexity.

4.1.2 Case Study

We specifically used a linear MMSE estimation model, where the unobservable portion of the grid is
the estimation target and is denoted by Y. The size of vector Y is equal to |𝐴𝑐 |, where |. | represents the
cardinality of the set. The elements 𝑌𝑖𝑆 of Y represent the power flow through the unobservable
transmission lines in the attack zone. In this work, we use the real power flow through the lines to identify
the physically attacked/failed lines. The rest of the information outside the attacked zone provided by the
PMUs are considered as the estimation features X, where the size of vector X is given by (|𝐿| − |𝐴𝑐 |) × 𝑓
and f is the number of feature parameters to be used. Specifically, in this work we consider three possible
feature parameters including real and reactive power flow and the phase angel. We can use a single
feature parameter or a combination of them as well as certain lines or all the lines as a part of our
estimation features. The linear MMSE model suggests that our estimation of Y is related to features
through 𝑌̂ = 𝐴𝑋 + 𝐵, where matrix A and vector B can be characterized based on the data such that
estimation error is minimized. Specifically, the matrix 𝐴 = 𝑅𝑋𝑌 𝑅𝑋−1 , where the matrix RXY and RX are the
cross correlation and auto-correlation matrices and 𝐵 = 𝑌̅ − 𝐴𝑋̅, where 𝑋̅ and 𝑌̅ are the mean of the
variables X and Y. This algorithm combined with the information that is already recovered from the first
attempt, may feedback and used as additional features to estimate other lines easily.

Figure 4.3: Average estimation error using different features a) randomly scattered attacks, b) localized
attacks [39]
 P a g e | 26

To evaluate the performance of our trained estimator under the scattered attack scenarios and
localized attacks, we create randomly scattered attacked zones (where the lines under cyber-attack are
geographically distant) and locally grouped zones (where branches under attacks are geographically same
location). We specifically create attack zones of size one to seven (while larger attack zones are possible,
but we assume that attackers have limited resources and the size of the attack zones are relatively small
compare to the size of the grid.) We represent the attack zones with size i by Fi, representing the
unobservable components under cyber-attack. In each of the randomly generated attack zones, there
might be any number (≤ 𝑖) of physically failed lines.

Figure 4.3: Percentage detection rate for different window size using different features [39]

Figure 4.5: Average estimation error for a) randomly scattered attack (F7), b) localized attack (W7) using
different features. [39]
 P a g e | 27

For each size of attack zone, we have generated 250 random attack zones. The average estimation error
for each size of attack zone is presented in Figure 4.3-a and 4.3-b when different features are used in the
estimation. We observe that the estimation error increases with block size and combined features gives
the best estimate for the power flow status of branches.
To evaluate the performance of the estimator in detecting the failed or physically attacked components
in the attack zone, we have evaluated the average detection rate for both scattered and localized
scenarios, where the failure is identified when the power flow through the line is estimated to be below
certain threshold. The results are shown in Figure 4.3. From the results, we observe that the detection
rate is lower for localized attacks (dashed lines) than the scattered attacks (solid lines). This is because
when a transmission line is affected by a physical attack or failure, usually the adjacent lines will bear the
most impact and thus the most information to help with the estimation.
In the localized attack scenarios, since information from a portion of the locally adjacent lines are
unavailable (due to cyber-attack), estimating the state of components in the attack zone is more difficult.
Note that one of the key observations that we obtained from our estimation results is that the estimation
performance is different for various transmission lines. The results in Figures 4.4 and 4.5 show the average
performance, while Figure 4.5 shows the average performance of estimation for the individual lines in an
attack zone 𝐹𝑖𝑗 & 𝑊𝑖𝑗 (𝑗 is the position of the branch in block/window).

The results in Figure 4.5, suggests that due to the power system attributes and topological location of
the lines, it is easier to recover the lost information on the state of some lines. Identifying such
components using similar studies can help in the iterative estimator with feedback. we have presented
two examples of attack zones with such components that can help improving the estimation on the rest
 P a g e | 28

of the components in the attack zone. Although the results for the iterative estimator with feedback are
very dependent on the attack zone and the pre-existing information on our estimation capability for lines,
these examples show how the approach can help the recovery with such information in an iterative
process. In these examples, we use the estimator to find the status of the lines that we know they can be
estimated with 90% confidence rate. We will then update the attack zone size and use the estimated
states in the previous step as new features for estimation. The iterative process will go on until all
components are estimated with 90% confidence rate or we cannot improve the estimation confidence for
the remaining components. The steps of the process for a scattered and localized attack are presented in
Table 1. In addition, feature selection using maximum variance in the data (as shown in Figure 4.2) is also
applied to eliminate the unnecessary PMU data for the lines that were not impacted by the changes in
the state of the attack zone to ease the computational complexity.

4.3 Research Plan

Since automation and remote monitoring via wide area monitoring systems (PMU, EMS, SCADA, IDS) is
the key feature of the modern power grid, communication infrastructures and energy data management
has ever growing importance on modern smartgrid. The research reviewed in this report also indicating
that measurements data available from various smart monitoring device could help in inclusion detection
and state estimation of the power system. Estimation of the actual system states in real time and fast
detection of cyber or physical stresses may help the control center to evaluate the seriousness of the
situation and take necessary precaution to prevent further damage. Also, to recover the system state after
the successful detection thus ensuring the enough situational awareness. Undoubtedly, advanced data
analytics and machine learning based intrusion detection and state estimation will lit the path to achieve
more attack resilient power grid with improved wide area situational awareness.

Research described in the previous section indicates that it is possible to estimate and locate the cyber
and physical attacks in the grid from measurements data available from various monitoring devices. Also
figure 4.2 shows that that every component of the power grid affected by a failure in the certain region.
So, it is possible to estimate the state of the power system also locate the physical failure regardless of
complete topology information, using historical failure data and time synchronized measurements data
from PMU. Our goal is to utilize this data, perform stochastic, probabilistic, complex network theory-
based analysis and develop efficient defense mechanism against cyber-physical attacks that could utilize
historical failure data with time synchronous measurements from PMU using data analytics and different
efficient machine learning based approaches such as DNN, DT, RT, BN etc. That could also provide dynamic
state estimation along with cyber-physical attack detection even with incomplete topology or without
knowledge of topology information.
 P a g e | 29

Reference
1. M. Panteli, D. S. Kirschen, “Situation awareness in power systems: Theory, challenges and
applications”, Electric Power Systems Research, Volume 122, 2015, Pages 140-151.
2. M. Panteli, P. A. Crossley, D. S. Kirschen and D. J. Sobajic, "Assessing the Impact of Insufficient
Situation Awareness on Power System Operation," in IEEE Transactions on Power Systems, vol.
28, no. 3, pp. 2967-2977.
3. C. Alcaraz, J. Lopez, “WASAM: A dynamic wide-area situational awareness model for critical
domains in Smart Grids”, Future Generation Computer Systems, Volume 30, 2014, Pages 146-154.
4. M. R. Endsley and E. S. Connors, "Situation awareness: State of the art," 2008 IEEE Power and
Energy Society General Meeting - Conversion and Delivery of Electrical Energy in the 21st Century,
Pittsburgh, PA, 2008, pp. 1-4.
5. Mavridou A., Papa M. (2012) A Situational Awareness Architecture for the Smart Grid. In:
Georgiadis C.K., Jahankhani H., Pimenidis E., Bashroush R., Al-Nemrat A. (eds) Global Security,
Safety and Sustainability & e-Democracy. e-Democracy 2011, ICGS3 2011. Lecture Notes of the
Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 99.
Springer, Berlin, Heidelberg
6. C. Alcaraz, L. Cazorla, J. Lopez, Chapter 20 - Cyber-Physical Systems for Wide-Area Situational
Awareness, Editor(s): Houbing Song, Danda B. Rawat, Sabina Jeschke, Christian Brecher, In
Intelligent Data-Centric Systems, Cyber-Physical Systems, Academic Press, 2017, Pages 305-317.
7. N. Dahal, O. Abuomar, R. King, V. Madani, Event stream processing for improved situational
awareness in the smart grid, Expert Systems with Applications, Volume 42, Issue 20, 2015, Pages
6853-6863.
8. Aloul, Fadi & Al-Ali, A.R. & Al-Dalky, Rami & Al-Mardini, Mamoun & El-Hajj, Wassim, “Smart Grid
Security: Threats, Vulnerabilities and Solutions.” International Journal of Smart Grid and Clean
Energy. 1. 1-6, 2012.
9. S. Paul and Z. Ni, "Vulnerability analysis for simultaneous attack in smart grid security," 2017 IEEE
Power & Energy Society Innovative Smart Grid Technologies Conference (ISGT), Washington, DC,
2017, pp. 1-5.
10. A. Humayed, J. Lin, F. Li and B. Luo, "Cyber-Physical Systems Security—A Survey," in IEEE Internet
of Things Journal, vol. 4, no. 6, pp. 1802-1831, Dec. 2017.
11. Y. Yang, T. Littler, S. Sezer, K. McLaughlin and H. F. Wang, "Impact of cyber-security issues on
Smart Grid," 2011 2nd IEEE PES International Conference and Exhibition on Innovative Smart Grid
Technologies, Manchester, 2011, pp. 1-7.
12. J. E. Tate and T. J. Overbye, "Line Outage Detection Using Phasor Angle Measurements," in IEEE
Transactions on Power Systems, vol. 23, no. 4, pp. 1644-1652, Nov. 2008.
13. M. Ghofrani, S. Talaei, P. Nguyen, A. Suherli and A. Arabali, "A novel AC model for multiple-line
outage detection," 2017 IEEE Power and Energy Conference at Illinois (PECI), Champaign, IL, 2017,
pp. 1-6.
14. J. Cordova-Garcia and X. Wang, "Robust Power Line Outage Detection with Unreliable Phasor
Measurements," 2017 IEEE 33rd International Conference on Data Engineering (ICDE), San Diego,
CA, 2017, pp. 1309-1319.
 P a g e | 30

15. H. A. Tokel, R. Alhalaseh, G. Alirezaei, and R. Mathar, “A new approach for machine learning-based
fault detection and classification in power systems,” in 2018 IEEE Power Energy Society Innovative
Smart Grid Technologies Conference (ISGT), Washington DC, USA, 2018.
16. Alhalaseh, Rana & Tokel, Alper & Chakraborty, Subhodeep & Alirezaei, Gholamreza & Mathar,
Rudolf,”Feature-Selection based PMU Placement for Detection of Faults in Power Grids.” 28th
International Telecommunication Networks and Applications Conference (ITNAC), p 1-6, 2018.
17. Sudha, Pelluri and Kamalambal Durairaj. “From Jammer to Gambler: Modeling and Detection of
Jamming Attacks against Time Critical Traffic.” (2015).
18. U. K. Premaratne, J. Samarabandu, T. S. Sidhu, R. Beresh and J. Tan, "An Intrusion Detection
System for IEC61850 Automated Substations," in IEEE Transactions on Power Delivery, vol. 25, no.
4, pp. 2376-2383, Oct. 2010.
19. Kurt, Mehmet Necip, Yasin Yılmaz and Xiaodong Wang. “Real-Time Detection of Hybrid and
Stealthy CyberAttacks in Smart Grid.” IEEE TRANSACTIONS ON INFORMATION FORENSICS AND
SECURITY, VOL. 14, NO. 2, FEBRUARY 2019.
20. M. N. Kurt, Y. Yılmaz and X. Wang, "Distributed Quickest Detection of Cyber-Attacks in Smart
Grid," in IEEE Transactions on Information Forensics and Security, vol. 13, no. 8, pp. 2015-2030,
Aug. 2018.
21. S. Li, Y. Yilmaz and X. Wang, "Sequential cyber-attack detection in the large-scale smart grid
system," 2015 IEEE International Conference on Smart Grid Communications (SmartGridComm),
Miami, FL, 2015, pp. 127-132.
22. X. Liu, Z. Li, X. Liu and Z. Li, "Masking Transmission Line Outages via False Data Injection Attacks,"
in IEEE Transactions on Information Forensics and Security, vol. 11, no. 7, pp. 1592-1602, July
2016.
23. J. J. Q. Yu, Y. Hou and V. O. K. Li, "Online False Data Injection Attack Detection with Wavelet
Transform and Deep Neural Networks," in IEEE Transactions on Industrial Informatics, vol. 14, no.
7, pp. 3271-3280, July 2018.
24. A. J. Holmgren, E. Jenelius and J. Westin, "Evaluating Strategies for Defending Electric Power
Networks Against Antagonistic Attacks," in IEEE Transactions on Power Systems, vol. 22, no. 1, pp.
76-84, Feb. 2007.
25. H. Chung, W. Li, C. Yuen, W. Chung, Y. Zhang and C. Wen, "Local Cyber-Physical Attack for Masking
Line Outage and Topology Attack in Smart Grid," in IEEE Transactions on Smart Grid. Pages 1-1,
2018.
26. A. Abur, M. K. Celik, "A fast algorithm for the weighted least absolute value state estimation [for
power systems]", IEEE Transactions on Power Systems, vol. 6, no. 1, pp. 1, 1991.
27. F. Schweppe, E. Handschin, "Static state estimation in electric power systems", Proceedings of the
IEEE, vol. 62, no. 7, pp. 972-982, 1974.
28. L. Holten, A. Gjelsvik, S. Aam, F. F. Wu, W. H. E. Liu, "Comparison of different methods for state
estimation", IEEE Trans. Power Syst., vol. 3, no. 4, pp. 1798-1806, Nov. 1988.
29. N. R. Shivkumar, Jain Amit, "A Review of Power System Dynamic State Estimation
Techniques", Power System Technology and IEEE Power India Conference POWERCON, October
2008.
30. J. K. Mandal, A. K. Sinha and L. Roy, "Incorporating nonlinearities of measurement function in
power system dynamic state estimation," in IEE Proceedings - Generation, Transmission and
Distribution, vol. 142, no. 3, pp. 289-296, May 1995.
 P a g e | 31

31. G. Durgaprasad, S. S. Thakur, "Robust Dynamic State Estimation of Power Systems Based On M-
Estimation and Realistic Modeling of System Dynamic", IEEE transactions on Power Apparatus and
Systems, vol. 13, no. 4, November 1998.
32. M. F Isabel, F. P. Macel Barbosa, "Square Root Filter Algorithm for Dynamic State Estimation of
Electric Power Systems", Proceedings Electro technical Conference 7th Mediterranean, vol. 3, pp.
877-880, April 1994.
33. E. Farantatos, G. K. Stefopoulos, G. J. Cokkinides and A. P. Meliopoulos, "PMU-based dynamic
state estimation for electric power systems," 2009 IEEE Power & Energy Society General Meeting,
Calgary, AB, 2009, pp. 1-8.
34. C. Gu and P. Jirutitijaroen, "Dynamic State Estimation Under Communication Failure Using Kriging
Based Bus Load Forecasting," in IEEE Transactions on Power Systems, vol. 30, no. 6, pp. 2831-2840,
Nov. 2015.
35. Liang Hu, Zidong Wang, Qing-Long Han, Xiaohui Liu, “State estimation under false data injection
attacks: Security analysis and system protection”, Automatica, Volume 87, 2018, Pages 176-183.
36. S. Soltan and G. Zussman,” Power grid state estimation after a cyberphysical attack under the AC
power flow model,” 2017 IEEE Power and Energy Society General Meeting, Chicago, IL, 2017, pp.
1-5.
37. S. Soltan, M. Yannakakis and G. Zussman,” Power Grid State Estimation Following a Joint Cyber
and Physical Attack,” in IEEE2 Transactions on Control of Network Systems, vol. 5, no. 1, pp. 499-
512, March 2018.
38. S. Soltan, A. Loh and G. Zussman, ”Analyzing and Quantifying the Effect of k-line Failures in Power
Grids,” in IEEE Transactions on Control of Network Systems, vol. 5, no. 3, pp. 1424-1433, June
2017.
39. Md Jakir Hossain and Mahshid Rahnamy-Naeini, ’’ Line Failure Detection from PMU Data after a
Joint Cyber-Physical Attack,’’ IEEE Power and Energy Society General Meeting 2019, Georgia, USA.

View publication stats