Inference of compromised synchrophasor units within substation control networks

Document Type


Publication Date



© 2010-2012 IEEE. Networked instrumentation, such as synchrophasor units, has been integrated as part of the substation automation for improving wide-area monitoring and control. The telemetered measurements within a substation network, however, can be prone to manipulative attacks such as false data injection. Each compromised network can be propagated through a malware agent at a larger scale, which will automate intrusion process as well as to search for relevant synchrophasor information. Consequently, the falsified measurements sent to control centers may impair operators' decision making. This paper proposes an inference framework for an early detection of potentially compromised synchrophasor units using inference information from the existing cyber systems. A Markovian decision process is formulated in this framework to develop a 'what-if' sequential response. This follows by an investigation that would thwart malware propagation within a wide-area network. Each belief step, which is a recursive optimization, is updated regularly using backward induction. The reduction method on space search is implemented in the proposed model. This is then validated using two test systems for feasibility study.

Publication Title

IEEE Transactions on Smart Grid