TY - GEN
T1 - Model-based Detection of Data-Injection Cyber-Attacks on Wind Turbine Controllers
AU - Martín Gómez, Álvaro
AU - Navarro-Hilfiker, Leon
AU - Wisniewski, Rafal
PY - 2024/7/1
Y1 - 2024/7/1
N2 - Given the increase in deployment of large scale renewable energy plants such as offshore wind, there is a growing interest in protecting these assets from targeted cyber-attacks on their SCADA control system. Detecting when a breach has occurred is a priority, as once detected it is possible to reduce the effects of the attack by disconnecting the attacker and reconfiguring the system from a backup. Network intrusion methods are currently in use, but there has not been a comprehensive study of the best methods to detect cyber-attacks using control system data. This paper introduces a benchmark cyber-detection strategy in wind turbine grid-side controllers. It combines a detailed model of the wind turbine's electrical subsystem, control loops equivalent to the ones used in industrial scenarios, and robust model-based detection techniques. The detector consists of an Unscented Kalman Filter (UKF) for residual generation, along with a Generalised Likelihood Ratio (GLR) test and a Cumulative Sum (CUSUM) algorithm for residual evaluation. It was tested in the presence of noise with bias-injection attack profiles. The performed tests show great detection performance on setpoints, controller gains and sensor measurements changes, as they are direct inputs to the observer design. Yet, it still detects larger changes in unobserved variables such as control signals.
AB - Given the increase in deployment of large scale renewable energy plants such as offshore wind, there is a growing interest in protecting these assets from targeted cyber-attacks on their SCADA control system. Detecting when a breach has occurred is a priority, as once detected it is possible to reduce the effects of the attack by disconnecting the attacker and reconfiguring the system from a backup. Network intrusion methods are currently in use, but there has not been a comprehensive study of the best methods to detect cyber-attacks using control system data. This paper introduces a benchmark cyber-detection strategy in wind turbine grid-side controllers. It combines a detailed model of the wind turbine's electrical subsystem, control loops equivalent to the ones used in industrial scenarios, and robust model-based detection techniques. The detector consists of an Unscented Kalman Filter (UKF) for residual generation, along with a Generalised Likelihood Ratio (GLR) test and a Cumulative Sum (CUSUM) algorithm for residual evaluation. It was tested in the presence of noise with bias-injection attack profiles. The performed tests show great detection performance on setpoints, controller gains and sensor measurements changes, as they are direct inputs to the observer design. Yet, it still detects larger changes in unobserved variables such as control signals.
UR - http://www.scopus.com/inward/record.url?scp=85208232278&partnerID=8YFLogxK
U2 - 10.1109/CoDIT62066.2024.10708323
DO - 10.1109/CoDIT62066.2024.10708323
M3 - Article in proceeding
T3 - International Conference on Control, Decision and Information Technologies (CoDIT)
SP - 1780
EP - 1785
BT - 2024 10th International Conference on Control, Decision and Information Technologies (CoDIT)
PB - IEEE (Institute of Electrical and Electronics Engineers)
ER -