risk-aware vulnerability analysis of electric grids from...
TRANSCRIPT
-
Risk-Aware Vulnerability Analysis of Electric Grids from Attacker’s Perspective By Yihai Zhu, Ph.D. Candidate, URI (Kingston, RI)
Risk-Aware Vulnerability Analysis of Electric Grids from Attacker’s Perspective
Presenter: Yihai ZhuAuthors: Yihai Zhu, Jun Yan Yan Sun, Haibo He
Dept. of Electrical, Computer & Biomedical EngineeringUniversity of Rhode Island
PresenterPresentation NotesGood afternoon, everyone. My name is Yihai Zhu, a graduate student in the department of electrical engineering. I have been here since 2010. Today, I am pretty happy to have a chance to share my research topic with so many talents. My talk is about “”. Let me start my presentation.
-
Risk-Aware Vulnerability Analysis of Electric Grids from Attacker’s Perspective By Yihai Zhu, Ph.D. Candidate, URI (Kingston, RI)
Overview
o Backgroundo Problem Statement o Model and Attacko Experimentso Questions
-
Risk-Aware Vulnerability Analysis of Electric Grids from Attacker’s Perspective By Yihai Zhu, Ph.D. Candidate, URI (Kingston, RI)
Backgroundo The largest blackouts around the world
– 2003 Italy, 2003 Northest, 2005 Java-Bali, 2009 Brazil and Parguay, and 2012 India (670 millions)
• Rare to happen• Cause disasters to modern society
o What is the cascading failure of power grid?– One of major reasons of large blackous– A cascading failure is an initial failure of certain parts, such
as transmission lines, which triggers the successive failure of other parts, and finally disable the whole power grid.
– To understand cascading failure is an important step to solve the problem of blackouts.
PresenterPresentation NotesIn the past decade, there were several famous blackouts, which affected hundreds of millions of people in Europe, south and north American, and Asian. The most serious one was just in the past year, the India case, which made more than six hundreds millions people lose the power. Although large blackouts are rare, they could really cause disasters to modern society. The cascading failure is one of the major reasons of large blackouts. A cascading failure is an initial failure of certain parts, such as transmission lines, which triggers the successive failure of other parts in power grid, and finally disable the power grid. To understand cascading failure is a important step to solve the problem of blackouts.
-
Risk-Aware Vulnerability Analysis of Electric Grids from Attacker’s Perspective By Yihai Zhu, Ph.D. Candidate, URI (Kingston, RI)
Problem Statemento To find stronger attack strategies, aiming to
cause severe cascading failures. o Comparisons schemes
– Load-based approach– Optimal search approach
o Contribution– Understanding vulnerability of power grid systems– Provide insights for future defense solutions
PresenterPresentation NotesTwo slides:
The focus of this paper is to study cascading failures in power grid systems. We all know that cascading failures is one of the major reasons for large scale power outage. In cascading failures, one or a few compoents failures can cause …… Next slideIn this paper, we find ………We will compare the proposed attack methods with …..The contribution of this work is …..
-
Risk-Aware Vulnerability Analysis of Electric Grids from Attacker’s Perspective By Yihai Zhu, Ph.D. Candidate, URI (Kingston, RI)
Model and Attack
Basic Structure of the Power Grid
Fig. 1 Basic structure of power grid
PresenterPresentation NotesThis is a basic structure of power grid. Power is first produced at generating stations, then transmitted in high-voltage transmission lines to load substations, where power is delivered to customers.
-
Risk-Aware Vulnerability Analysis of Electric Grids from Attacker’s Perspective By Yihai Zhu, Ph.D. Candidate, URI (Kingston, RI)
Extended Model Basic concepts
– Directed graph (A): current direction on a link
– Nodes: Generators, load substations, and transmission substations.
– Adopt Power Transfer Distribution Factors (PTDFs) to reflect the power distribution in transmission lines.
– Extended Betweenness (EB) of a node
• Summation of the power in all links connecting to this node.
Cascading simulator– Load: extende betweenness– Capacity: proportional to the
initial load, e.g. node i
– System tolerance: T– Overloadeing: removed
from power grid network– Load rebalance
• Recalculate EB– Assessment: percent of
failure (PoF)
N and M the number of surviving nodes before and after an attack
NMPoF −=1
)0(* ii LTC =
PresenterPresentation NotesUnder the extended model, power grid is viewed as a directed graph, with substations being as nodes and transmission lines being as links. The direction of a link represents the direction of current in this line. Nodes are divided into three categories, generator, load substations and transmission substations. Under this model, PTDFs are adopted to reflect the power distribution in transmission lines. In addition, the extended betweenness of a node is defined as the summation of the power in all links connecting to this node. In the cascading simulator, EB is adopted as load. Capacity of a node is used to represent the maximum load a substation can carry. The capacity is defined as system tolerance times the initial load of a substation. When a node is overloaded, this node will be removed from power grid network. When a node is removed, the extended betweenness will be recalculated to simulate the load rebalance. Finally, percent of failure (PoF) is used as assessment metric to evaluate different attacks. Its definition is here, where N is the network size. M is the number of surviving nodes after an attack.
-
Risk-Aware Vulnerability Analysis of Electric Grids from Attacker’s Perspective By Yihai Zhu, Ph.D. Candidate, URI (Kingston, RI)
Sub-optimal Search Attacko Motivation
– Exisiting malicious attacks do not stand for the strongest attacks.
– Optimal search is computationally infeasible.• Five-node attack on IEEE 118 bus system needs to search
more than a hundred million node combinations
o Sub-optimal Search Attack– Goals: (1) sharply reduce the computation task, (2)
obtain good attack performance– Primary idea: limit the number of candidate
combinations during the each round search.
PresenterPresentation NotesExisting malicious attacks, e.g. degree-based or load-based, do not represent the strongest attack. In addition, the optimal attack is computationally infeasible. For example, if launch five-node attack on 118 bus system. The optimal search method needs to find its best attack among more than a hundred million node combinations. More than a hundred million cascading simulations is really a big job for any computer. Can we find any other attacks, which can not only sharply reduce the computation task, but also arrive at good attack performance? We propose a sub-optimal search method, which could reach our goals. The primary idea of this method is to reduce the number of candidate combinations in each round of search. Let me show how the sup-optimal attack works.
-
Risk-Aware Vulnerability Analysis of Electric Grids from Attacker’s Perspective By Yihai Zhu, Ph.D. Candidate, URI (Kingston, RI)
The sub-optimal search attack
o Procedure– Step 1: Set the number of target nodes, M, and system
tolerance, T. – Step 2: Run one-node attacks, and select the top P
strongest nodes as first round chosen combinations.– Step 3: Cascading simulator runs M – 1 rounds. In each
round• Combine each candidate node with each chosen combination from
the previous round to get new combinations.• Run attacks for all new combinations.
• Top P strongest attacks as this round chosen combinations.
-
Risk-Aware Vulnerability Analysis of Electric Grids from Attacker’s Perspective By Yihai Zhu, Ph.D. Candidate, URI (Kingston, RI)
o A realization of the sub-optimal search– IEEE 118 bus system– M = 8, T = 1.2, P = 16, all nodes as candidate node
PresenterPresentation NotesWhen all 8 rounds are finished, all chosen combinations are listed in a table, shown here. The first row in this table is the strongest attacks from the sub-optimal search method. The strength of this method is that it could sharply reduce the computation complexity of a search-based method. The worst case of sub-optimal method is N with power of 2. While that of the optimal search is N with power of M. When M is larger than 2, the difference is clear. This method also has its own weakness. It is still a search-based scheme, and still needs to do lots of searches. In addition, this method is sensitive to system tolerance, which means if changing the system tolerance, the node combination in this table will also change.
-
Risk-Aware Vulnerability Analysis of Electric Grids from Attacker’s Perspective By Yihai Zhu, Ph.D. Candidate, URI (Kingston, RI)
Risk-Graph based Attack
PresenterPresentation NotesMy concern here is that the sub-optimal search could obtain good attack performance, but it needs to do lots of search. Can we find an attack, whose performance can compete with that of the search-based ones, but do not need to do any search, just as how the load-based attack does? The answer is yes. Let’s see, those nodes and node combinations often appear in this table. If we show the table in another form, in a figure looking like this one. It seems the combination relationship between candidate nodes are much clear. Obviously, those candidate nodes are strongly related. We call this graph as risk graph. Now, I will discuss how to obtain this risk graph from this table.
-
Risk-Aware Vulnerability Analysis of Electric Grids from Attacker’s Perspective By Yihai Zhu, Ph.D. Candidate, URI (Kingston, RI)
Construction of Risk Graph
o Procedure– Step 1: all the nodes in the table are vertexes in
the risk graph.– Step 2: deal with the combinations one by one.
• A node appears in a combination, its frequency +1.• A combination contains more than one node, e.g. K
nodes.– Add K(K-1)/2 edges into the risk graph.– Add the weight of each edge with 2/[K(K-1)].
PresenterPresentation NotesIn the second step, we deal with the combinations one by one. If a node appears in a combination, its frequency will plus 1. If a combination includes more than one nodes, e.g. K nodes. We add K * (K-1) divided by 2 edges into the risk graph, and each edge will be added with a weight of 2/[K*(K-1)], the reciprocal of the number of edges obtained from the combination. Let me show some examples to help you understand this step.
-
Risk-Aware Vulnerability Analysis of Electric Grids from Attacker’s Perspective By Yihai Zhu, Ph.D. Candidate, URI (Kingston, RI)
Fig. 2 An single risk graph of IEEE 118 bus system
-
Risk-Aware Vulnerability Analysis of Electric Grids from Attacker’s Perspective By Yihai Zhu, Ph.D. Candidate, URI (Kingston, RI)
Risk-graph Based Attacko Integrated Risk Graph (IRG)
– Set T from 1.05 to 2 with an interval 0.05, and obtain 20 single risk graphs.
– Add those 20 single risk graphs as a IRG.o Risk-graph based attack based IRG
– M == 1, choose the node with largest frequency.– M >=2, choose the M nodes. First, there must
exist an edge between each pair of vertexes. Second, the summation of the weight on all those edges is maximum.
PresenterPresentation NotesThe risk graph is a good way to show the combination relationship between candidate nodes. But it is sensitive to system tolerance. We set the system tolerance from 1.05 to 2 with an interval 0.05, and obtain 20 single risk graphs. Add them together to generate the integrated risk graph. Based on this integrated risk graph, we propose a riskgraph-based attack. This method works as this. When choose one TN, choose the node with the largest frequency in the integrated risk graph. When choose more TNs, the TNs are from the IRG subject to two constrains. First, there must exist an edge between each pair of vertexes. Second, the summation of the weight on those edges is maximum. This risk-graph based attack is shown to have good attack performance, without any search. And its complexity is similar to that of load-based attack.
-
Risk-Aware Vulnerability Analysis of Electric Grids from Attacker’s Perspective By Yihai Zhu, Ph.D. Candidate, URI (Kingston, RI)
Experimentso Test benchmarks
– IEEE 57 bus system and IEEE 118 bus systemo Comparisons
– Sub-optimal vs optimal – Load-based, riskgraph-based, sub-optimal
PresenterPresentation NotesThe IEEE 57 and 118 bus systems are used as test benchmarks. We do two kinds of comparisons. The first one is to compare the sub-optimal attack with optimal attack to check the attack performance of the sub-optimal method. The second comparison was done among load-based, riskgraph-based and sub-optimal methods to check the performance of risk-graph based method.
-
Risk-Aware Vulnerability Analysis of Electric Grids from Attacker’s Perspective By Yihai Zhu, Ph.D. Candidate, URI (Kingston, RI)
1 2 3 4 5 6 7 855
60
65
70
75
80
85
The number of target node
Per
cent
-of-f
ailu
re
NASoptNASsubopt
Conclusion: the attack performance of the sub-optimal approach is close that of the optimal search.
Fig. 3 Comparison between sub-optimal and optimal methods on IEEE 57 bus system
PresenterPresentation NotesThe sub-optimal and optimal search methods are tested on 57 bus system. The figure shows the result. In this figure, the horizontal axis represents the number of target nodes. While the vertical axis represents the PoF. The larger the PoF is, the stronger the attack is. The blue curve represents the attack performance for the optimal search method. Due its computation complexity, the attack results at high M values are hard to be obtained. Thus, the maximum number of TN for optimal search is set to be 5. The red curve represents the attack performance for the sub-optimal attack. From this figure, we know that the attack performance of the sub-optimal method is close to that of the optimal search.
-
Risk-Aware Vulnerability Analysis of Electric Grids from Attacker’s Perspective By Yihai Zhu, Ph.D. Candidate, URI (Kingston, RI)
1 2 3 4 5 6 7 8
10
20
30
40
50
60
70
80
90
100
The number of target node
PoF
NASsuboptNASriskgraphNASload
Fig. 4 Comparison among load-based, riskgraph-based and sub-optimal methods on IEEE 57 bus system
PresenterPresentation NotesThe comparison among load-based, riskgraph-based and sub-optimal methods is shown in this figure. The horizontal and vertical axis have the same means as previous figure. In this figure, the magenta curve represents the load-based attack. The green and red ones represent the riskgraph-based and sub-optimal attacks, respectively. It is clear to see that the green curve is close to the red one, and higher than the magenta one. This shows that the riskgraph-based attack is stronger than the load-based one. But a little weaker than the sub-optimal search.
-
Risk-Aware Vulnerability Analysis of Electric Grids from Attacker’s Perspective By Yihai Zhu, Ph.D. Candidate, URI (Kingston, RI)
1 2 3 4 5 6 7 8
10
20
30
40
50
60
70
80
The number of target node
PoF
NASsuboptNASriskgraphNASload
Conclusion: the attack performance of the riskgraph-based approach is much better than that of the load-based one.
Fig. 5 Comparison among load-based, riskgraph-based and sub-optimal methods on IEEE 118 bus system
PresenterPresentation NotesSimilar results are observed on 118 bus system. We could conclude that the riskgraph-based method has better attack performance than that of the load-based one.
-
Risk-Aware Vulnerability Analysis of Electric Grids from Attacker’s Perspective By Yihai Zhu, Ph.D. Candidate, URI (Kingston, RI)
Summary of Different Attacks
PresenterPresentation NotesThe comparisons are made in detail in this table. From the computation complexity perspective, load-based and riskgraph-based methods do not need to do any search. While the sub-optimal and the optimal methods need to do lots of search to get their best attacks. From the perspective of the attack performance, load-based attack is the weakest one. The other three are similar. From system tolerance perspective, load-based and riskgraph-based methods do not depend on system tolerance. While the other two are sensitive to system tolerance. In summation, the riskgraph-based attack is an amazing approach for launching attacks to power grids.
-
Risk-Aware Vulnerability Analysis of Electric Grids from Attacker’s Perspective By Yihai Zhu, Ph.D. Candidate, URI (Kingston, RI)
Acknowledgement
• We gratefully acknowledge the support from National Science Foundation (NSF) under Grant # CNS 1117314
• For more information, please contact Prof. Haibo He at [email protected]
-
Risk-Aware Vulnerability Analysis of Electric Grids from Attacker’s Perspective By Yihai Zhu, Ph.D. Candidate, URI (Kingston, RI)
References U.S.-Canada Power System Outage Task Force, “Final report on theaugust 14, 2003 blackout
in the united states and canada: Causes and recommendations,” April 2004. M. Vaiman, K. Bell, Y. Chen, B. Chowdhury, I. Dobson, P. Hines,M. Papic, S. Miller, and P.
Zhang, “Risk assessment of cascading outages: Methodologies and challenges,”IEEE Transactions on Power Systems, vol. 27, no. 2, 2012.
W. Wang, Q. Cai, Y. Sun, and H. He, “Risk-aware attacks and catastrophic cascading failures in u.s. power grid,” in IEEE Global Telecommunications Conference, 2011, pp. 1–6.
S. Arianos, E. Bompard, A. Carbone, and F. Xue, “Powergrid vulnerabil-ity: a complex network approach,” EChaos: An Interdisciplinary Journal of Nonlinear Science, vol. 19, 2009.
E. Bompard, R. Napoli, and F. Xue, “Extended topological approach for the assessment of structural vulnerability in transmission networks,” IET Generation, Transmission and Distribution, vol. 4, pp. 716–724, 2010.
PresenterPresentation NotesSome references are list here.
-
Risk-Aware Vulnerability Analysis of Electric Grids from Attacker’s Perspective By Yihai Zhu, Ph.D. Candidate, URI (Kingston, RI)
oComments & Questions?Thanks!
Risk-Aware Vulnerability Analysis of Electric Grids from Attacker’s PerspectiveOverviewBackgroundProblem StatementModel and AttackExtended ModelSub-optimal Search AttackThe sub-optimal search attackSlide Number 9Risk-Graph based AttackConstruction of Risk GraphSlide Number 12Risk-graph Based AttackExperimentsSlide Number 15Slide Number 16Slide Number 17Summary of Different AttacksAcknowledgementReferencesSlide Number 21