Modelling and Distinction of Cascade Tripping Attacks in Power System

With the implementation of substation automation protocols and intelligent electronic devices (IEDs), critical process, control, and protection commands are shared across data buses at the device, bay, and sub-station levels. Among these, the critical trip commands published over the substation process bus could become targets for malicious manipulation and falsification. The falsified trip commands to multiple IEDs in a substation or multiple substations could initiate a cascade tripping type attack (CTA) in a power system, where an attacker injects customized trip and block commands to multiple IEDs at different rates causing maximum damage to the targeted asset. This work provides a detailed description of different types of possible CTA attacks, develops a probabilistic Markov chain based attack progression model, and combinatorial optimization based attack optimization model causing angle and voltage instability. In addition, the paper also provides a signal domain model for natural cascade type events and CTAs by relating the Eigen-properties of Markov chain and signal decomposition using sequential principal component analysis. The attack modelling and signal based distinction are performed for a section of IEEE-118 bus in DigSILENT/Powerfactory, where each hypothesis and concept is validated with simulated test cases.