Data-driven Online Detection of Replay Attacks on Wide-Area Measurement Systems

“…Power systems, wide-area measurement systems; self-correlation coefficient [113], singular value decomposition [114], stochastic coding [115], frequency-based signature [116], etc. Data injection attack Sensors and controllers; LDS [117], [118], SLS [119]; state estimation [117], MPC [118], statistical anomaly detection technique [120], etc.…”

Cyber–Physical Security of Powertrain Systems in Modern Electric Vehicles: Vulnerabilities, Challenges, and Future Visions

“…Power systems, wide-area measurement systems; self-correlation coefficient [113], singular value decomposition [114], stochastic coding [115], frequency-based signature [116], etc. Data injection attack Sensors and controllers; LDS [117], [118], SLS [119]; state estimation [117], MPC [118], statistical anomaly detection technique [120], etc.…”

Cyber–Physical Security of Powertrain Systems in Modern Electric Vehicles: Vulnerabilities, Challenges, and Future Visions

“…A comparison study with the two methods discussed in [16] is implemented to further bring out the benefits of the proposed scheme. It is important to note that the authors of [16] have considered only a level‐0 attack model using a pre‐recorded disturbance record as replayed data. The level‐1 and level‐2 replay attacks cannot get detected with this approach.…”

“…This is probably true for control centre monitoring applications where human response time is much larger than the delays involved in the replay attacks but they will surely cripple protection or control systems. In [15, 16], the finite time replay such as data repetition, false data injection, and fault resembling attacks on a smaller number of PMUs are discussed. These attacks are comparatively easy to detect since a large variation in data is observed during these attacks.…”

“…A PMU‐based data‐driven pre‐processing block to differentiate between data packets coming from an actual fault or a disturbance and that being replayed by an attacker from a previous fault instant is proposed in [16]. It utilises a singular value decomposition (SVD) and the Pearson correlation coefficient.…”

“…Vis‐a‐vis, prior work like [16, 19–21], the following are the contributions of this study: First, we classify different levels of replay attacks on the basis of the number of compromised substations (CSs). Second, we propose a real‐time, data‐driven approach to detect replay attacks as and when they are introduced in the system so that they do not lead to hidden failure. The approach identifies small‐, medium‐, and wide‐scale continuous replay attacks of short replay duration of about few (e.g.…”

Real‐time data‐assisted replay attack detection in wide‐area protection system

Replay Attack Detection in Overcurrent Relays using Mathematical Morphology and LSTM Autoencoder