Realtime Detection of PMU Bad Data and Sequential Bad Data Classifications in Cyber-Physical Testbed

Modern Smart Grids incorporate physical power grids and cyber systems, creating a cyberphysical system. Phasor measurement units (PMUs) transmit time synchronized measurement data from physical grid to the cyber system. The System Operator (SO) in the cyber layer analyzes the data in both online and offline format and ensures the reliability and security of the grid by sending necessary command back to the PMUs. However, various physical events such as line to ground faults, frequency events, transformer events as well as cyberattacks can cause deviation in measurements received by the SO, which can be termed as ‘‘bad data’’. These bad data in turn can cause the SO to take a wrong restorative/ mitigating strategy. Therefore accurate detection of bad data and identification of correct bad data type is necessary to ensure grid’s safety and optimal performance. In this work we proposed a realtime sequential bad data detection and bad data classification strategy. At first, we have exploited the low rank property of Hankel-matrix to detect the occurrence of bad data in realtime. Secondly, we classify the bad data into two categories: physical events and cyberattacks. The algorithm utilizes the difference in low rank approximation error of multi-channel Hankel-matrix before and after random column permutations during physical events. If the cause of bad data is identified as cyberattack, our proposed algorithm proceeds to identify the cause of cyberattack. We have considered two possible cyberattack types: false data injection attack (FDIA) and GPS-spoofing attack (GSA). The proposed algorithm observes rank-1 approximation error of single-channel Hankel matrix containing unwrapped phase angle data to distinguish FDIA from GSA. Finally, the proposed algorithm is implemented in a realtime cyber-physical testbed containing PMU simulator and openECA. Results from the testbed using IEEE 13 node test feeder show that by choosing optimum parameters of Hankel-matrix, the bad data can be detected as well as the type of bad data can be correctly identified within less than 1 sec. of the occurrence of physical event or cyberattack. The bad data detection shows 100% accuracy for Hankel-matrix data-window greater than 140. Bad data can be classified as either cyberattack or physical event with perfect accuracy for data-window length greater than 73 for the threshold 0.1. A data-window length between 80 to 120 can distinguish GSA from FDIA, while GSA is implemented with varying phase angle shift of 0.1⁰ to 0.5⁰. The realtime sequential model is also verified with IEEE 118 bus system simulated with SIEMENS PSS/E. Due to more complicated grid structure, IEEE 118 system requires more computational time to identify the bad data type, however that is still less than 2 sec, and can perform detection and classification with data-window length as small as 40.