Detection of gray hole attacks in synchrophasor network

Abstract

This thesis focuses on gray hole attacks on networks carrying PMU data and develops a simple yet effective mechanism to detect such attacks. Our solution is based on exploiting the patterns and correlation between packet delays and packet losses due to congestion in order to differentiate between naturally occurring packet drops in the Internet from packet drops by gray hole attacks. It does not impose any overheads or require any support from the network infrastructure. Simulation results for a variety of network scenarios are presented to verify the accuracy of the proposed mechanism. It is shown that the detection rate is higher than 99% in most cases.

The application of Phasor Measurement Units (PMUs) for state estimation and real-time control is expected to enhance the operation and efficiency of the next generation of power transmission systems. PMUs provide time-synchronized measurements of voltage and current phasors which help in creating wide-area snapshots of the grid. These measurements which are generated synchronously are also called synchrophasor data. The inclusion of synchrophasor data in the conventional state estimator helps improve its reliability and robustness. These data are also utilized in other power system applications such as adaptive protection, system model fine-tuning etc.. However, the synchrophasor data is usually transferred over public domain networks, such as the Internet, thereby making it susceptible to a number of attacks. Packet dropping or gray hole attacks are a type of cyber attack where an attacker takes control of an intermediate router and selectively drops PMU packets. This may lead to the utilities missing some critical measurement data, and as a result, take some incorrect decisions. Gray hole attacks are difficult to detect and may cause great damage to power systems if not detected early.