Smart PV Inverter Cyberattack Detection Using Hardware-in-the-Loop Test Facility
This paper evaluates residential smart photovoltaic (PV) inverters’ responses to cyberattacks and assesses the performance of an intrusion detection strategy for smart grid devices by comparing time-series power flow results from a simulation application called Faster Than Real-Time (FTRT...
Main Authors: | , , , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
IEEE
2023-01-01
|
Series: | IEEE Access |
Subjects: | |
Online Access: | https://ieeexplore.ieee.org/document/10227258/ |
_version_ | 1797692158098014208 |
---|---|
author | Thunchanok Kaewnukultorn Sergio B. Sepulveda-Mora Robert Broadwater Dan Zhu Nektarios G. Tsoutsos Steven Hegedus |
author_facet | Thunchanok Kaewnukultorn Sergio B. Sepulveda-Mora Robert Broadwater Dan Zhu Nektarios G. Tsoutsos Steven Hegedus |
author_sort | Thunchanok Kaewnukultorn |
collection | DOAJ |
description | This paper evaluates residential smart photovoltaic (PV) inverters’ responses to cyberattacks and assesses the performance of an intrusion detection strategy for smart grid devices by comparing time-series power flow results from a simulation application called Faster Than Real-Time (FTRT) Simulator to measurements from a Power Hardware-in-the-Loop (P-HIL) laboratory as a testbed. Twenty different cyberattacks from three classes - Denial of Service (DoS), Intermittent attack, and Modification - were designed and tested with grid-tied smart inverters in order to study the inverters’ responses to malicious activities. The intrusion detection strategy was developed using a comparison between the predicted PV power output from FTRT and the power flows measured from P-HIL laboratory through the API interface. Real and reactive power thresholds were assigned based on a number of repeated experiments to ensure the applicability of the thresholds. The results showed that inverters from different manufacturers have their own unique responses which could be detected by the power flow measurements. Our detection method could identify over 94% of actual malicious actions and 7.4% of no-attack hours are detected as false positives. Out of 38 under-attack hours, 2 undetected hours are due to the intermittent attacks. Different attacks can be detected based on the targeted components of the complex power that attackers are aiming to cause disturbances. Our findings additionally show that DoS can be noticed immediately after the devices have been sabotaged, and they can be detected from the active power analysis. However, modification attack detection will depend more on the reactive power measurements, while intermittent attacks remain the most challenging for the proposed detection method since the objective of intermittent attacks is to create an oscillation of the complex power components which need a relatively high time resolution for the measurement. |
first_indexed | 2024-03-12T02:24:33Z |
format | Article |
id | doaj.art-e5881f0884344b7abeb0bdd10979ec18 |
institution | Directory Open Access Journal |
issn | 2169-3536 |
language | English |
last_indexed | 2024-03-12T02:24:33Z |
publishDate | 2023-01-01 |
publisher | IEEE |
record_format | Article |
series | IEEE Access |
spelling | doaj.art-e5881f0884344b7abeb0bdd10979ec182023-09-05T23:01:15ZengIEEEIEEE Access2169-35362023-01-0111907669077910.1109/ACCESS.2023.330805210227258Smart PV Inverter Cyberattack Detection Using Hardware-in-the-Loop Test FacilityThunchanok Kaewnukultorn0https://orcid.org/0000-0002-9847-5463Sergio B. Sepulveda-Mora1https://orcid.org/0000-0002-1248-7616Robert Broadwater2https://orcid.org/0000-0001-7862-6423Dan Zhu3Nektarios G. Tsoutsos4https://orcid.org/0000-0002-5769-0124Steven Hegedus5https://orcid.org/0000-0002-0429-6764Institute of Energy Conversion, University of Delaware, Newark, DE, USAInstitute of Energy Conversion, University of Delaware, Newark, DE, USAElectrical Distribution Design (EDD), Blacksburg, VA, USAElectrical Distribution Design (EDD), Blacksburg, VA, USADepartment of Electrical and Computer Engineering, University of Delaware, Newark, DE, USAInstitute of Energy Conversion, University of Delaware, Newark, DE, USAThis paper evaluates residential smart photovoltaic (PV) inverters’ responses to cyberattacks and assesses the performance of an intrusion detection strategy for smart grid devices by comparing time-series power flow results from a simulation application called Faster Than Real-Time (FTRT) Simulator to measurements from a Power Hardware-in-the-Loop (P-HIL) laboratory as a testbed. Twenty different cyberattacks from three classes - Denial of Service (DoS), Intermittent attack, and Modification - were designed and tested with grid-tied smart inverters in order to study the inverters’ responses to malicious activities. The intrusion detection strategy was developed using a comparison between the predicted PV power output from FTRT and the power flows measured from P-HIL laboratory through the API interface. Real and reactive power thresholds were assigned based on a number of repeated experiments to ensure the applicability of the thresholds. The results showed that inverters from different manufacturers have their own unique responses which could be detected by the power flow measurements. Our detection method could identify over 94% of actual malicious actions and 7.4% of no-attack hours are detected as false positives. Out of 38 under-attack hours, 2 undetected hours are due to the intermittent attacks. Different attacks can be detected based on the targeted components of the complex power that attackers are aiming to cause disturbances. Our findings additionally show that DoS can be noticed immediately after the devices have been sabotaged, and they can be detected from the active power analysis. However, modification attack detection will depend more on the reactive power measurements, while intermittent attacks remain the most challenging for the proposed detection method since the objective of intermittent attacks is to create an oscillation of the complex power components which need a relatively high time resolution for the measurement.https://ieeexplore.ieee.org/document/10227258/Smart inverterscyberattackshardware-in-the-loop laboratorygrid supporting functioncyberattack detection |
spellingShingle | Thunchanok Kaewnukultorn Sergio B. Sepulveda-Mora Robert Broadwater Dan Zhu Nektarios G. Tsoutsos Steven Hegedus Smart PV Inverter Cyberattack Detection Using Hardware-in-the-Loop Test Facility IEEE Access Smart inverters cyberattacks hardware-in-the-loop laboratory grid supporting function cyberattack detection |
title | Smart PV Inverter Cyberattack Detection Using Hardware-in-the-Loop Test Facility |
title_full | Smart PV Inverter Cyberattack Detection Using Hardware-in-the-Loop Test Facility |
title_fullStr | Smart PV Inverter Cyberattack Detection Using Hardware-in-the-Loop Test Facility |
title_full_unstemmed | Smart PV Inverter Cyberattack Detection Using Hardware-in-the-Loop Test Facility |
title_short | Smart PV Inverter Cyberattack Detection Using Hardware-in-the-Loop Test Facility |
title_sort | smart pv inverter cyberattack detection using hardware in the loop test facility |
topic | Smart inverters cyberattacks hardware-in-the-loop laboratory grid supporting function cyberattack detection |
url | https://ieeexplore.ieee.org/document/10227258/ |
work_keys_str_mv | AT thunchanokkaewnukultorn smartpvinvertercyberattackdetectionusinghardwareinthelooptestfacility AT sergiobsepulvedamora smartpvinvertercyberattackdetectionusinghardwareinthelooptestfacility AT robertbroadwater smartpvinvertercyberattackdetectionusinghardwareinthelooptestfacility AT danzhu smartpvinvertercyberattackdetectionusinghardwareinthelooptestfacility AT nektariosgtsoutsos smartpvinvertercyberattackdetectionusinghardwareinthelooptestfacility AT stevenhegedus smartpvinvertercyberattackdetectionusinghardwareinthelooptestfacility |