Risk-Aware Vulnerability Analysis of Electric Grids from ...yhzhu/docs/ConfTalk/ISGT13_RiskGraph.pdfRisk-Aware Vulnerability Analysis of Electric Grids from Attacker’s Perspective

Risk-Aware Vulnerability Analysis of Electric Grids from Attacker’s Perspective By Yihai Zhu, Ph.D. Candidate, URI (Kingston, RI)

Risk-Aware Vulnerability Analysis of Electric Grids from Attacker’s Perspective

Presenter: Yihai ZhuAuthors: Yihai Zhu, Jun Yan Yan Sun, Haibo He

Dept. of Electrical, Computer & Biomedical EngineeringUniversity of Rhode Island

PresenterPresentation NotesGood afternoon, everyone. My name is Yihai Zhu, a graduate student in the department of electrical engineering. I have been here since 2010. Today, I am pretty happy to have a chance to share my research topic with so many talents. My talk is about “”. Let me start my presentation.


Overview

o Backgroundo Problem Statement o Model and Attacko Experimentso Questions


Backgroundo The largest blackouts around the world

– 2003 Italy, 2003 Northest, 2005 Java-Bali, 2009 Brazil and Parguay, and 2012 India (670 millions)

• Rare to happen• Cause disasters to modern society

o What is the cascading failure of power grid?– One of major reasons of large blackous– A cascading failure is an initial failure of certain parts, such

as transmission lines, which triggers the successive failure of other parts, and finally disable the whole power grid.

– To understand cascading failure is an important step to solve the problem of blackouts.

PresenterPresentation NotesIn the past decade, there were several famous blackouts, which affected hundreds of millions of people in Europe, south and north American, and Asian. The most serious one was just in the past year, the India case, which made more than six hundreds millions people lose the power. Although large blackouts are rare, they could really cause disasters to modern society. The cascading failure is one of the major reasons of large blackouts. A cascading failure is an initial failure of certain parts, such as transmission lines, which triggers the successive failure of other parts in power grid, and finally disable the power grid. To understand cascading failure is a important step to solve the problem of blackouts.


Problem Statemento To find stronger attack strategies, aiming to

cause severe cascading failures. o Comparisons schemes

– Load-based approach– Optimal search approach

o Contribution– Understanding vulnerability of power grid systems– Provide insights for future defense solutions

PresenterPresentation NotesTwo slides:

The focus of this paper is to study cascading failures in power grid systems. We all know that cascading failures is one of the major reasons for large scale power outage. In cascading failures, one or a few compoents failures can cause …… Next slideIn this paper, we find ………We will compare the proposed attack methods with …..The contribution of this work is …..


Model and Attack

Basic Structure of the Power Grid

Fig. 1 Basic structure of power grid

PresenterPresentation NotesThis is a basic structure of power grid. Power is first produced at generating stations, then transmitted in high-voltage transmission lines to load substations, where power is delivered to customers.


Extended Model Basic concepts

– Directed graph (A): current direction on a link

– Nodes: Generators, load substations, and transmission substations.

– Adopt Power Transfer Distribution Factors (PTDFs) to reflect the power distribution in transmission lines.

– Extended Betweenness (EB) of a node

• Summation of the power in all links connecting to this node.

Cascading simulator– Load: extende betweenness– Capacity: proportional to the

initial load, e.g. node i

– System tolerance: T– Overloadeing: removed

from power grid network– Load rebalance

• Recalculate EB– Assessment: percent of

failure (PoF)

N and M the number of surviving nodes before and after an attack

NMPoF −=1

)0(* ii LTC =

PresenterPresentation NotesUnder the extended model, power grid is viewed as a directed graph, with substations being as nodes and transmission lines being as links. The direction of a link represents the direction of current in this line. Nodes are divided into three categories, generator, load substations and transmission substations. Under this model, PTDFs are adopted to reflect the power distribution in transmission lines. In addition, the extended betweenness of a node is defined as the summation of the power in all links connecting to this node. In the cascading simulator, EB is adopted as load. Capacity of a node is used to represent the maximum load a substation can carry. The capacity is defined as system tolerance times the initial load of a substation. When a node is overloaded, this node will be removed from power grid network. When a node is removed, the extended betweenness will be recalculated to simulate the load rebalance. Finally, percent of failure (PoF) is used as assessment metric to evaluate different attacks. Its definition is here, where N is the network size. M is the number of surviving nodes after an attack.


Sub-optimal Search Attacko Motivation

– Exisiting malicious attacks do not stand for the strongest attacks.

– Optimal search is computationally infeasible.• Five-node attack on IEEE 118 bus system needs to search

more than a hundred million node combinations

o Sub-optimal Search Attack– Goals: (1) sharply reduce the computation task, (2)

obtain good attack performance– Primary idea: limit the number of candidate

combinations during the each round search.

PresenterPresentation NotesExisting malicious attacks, e.g. degree-based or load-based, do not represent the strongest attack. In addition, the optimal attack is computationally infeasible. For example, if launch five-node attack on 118 bus system. The optimal search method needs to find its best attack among more than a hundred million node combinations. More than a hundred million cascading simulations is really a big job for any computer. Can we find any other attacks, which can not only sharply reduce the computation task, but also arrive at good attack performance? We propose a sub-optimal search method, which could reach our goals. The primary idea of this method is to reduce the number of candidate combinations in each round of search. Let me show how the sup-optimal attack works.


The sub-optimal search attack

o Procedure– Step 1: Set the number of target nodes, M, and system

tolerance, T. – Step 2: Run one-node attacks, and select the top P

strongest nodes as first round chosen combinations.– Step 3: Cascading simulator runs M – 1 rounds. In each

round• Combine each candidate node with each chosen combination from

the previous round to get new combinations.• Run attacks for all new combinations.

• Top P strongest attacks as this round chosen combinations.


o A realization of the sub-optimal search– IEEE 118 bus system– M = 8, T = 1.2, P = 16, all nodes as candidate node

PresenterPresentation NotesWhen all 8 rounds are finished, all chosen combinations are listed in a table, shown here. The first row in this table is the strongest attacks from the sub-optimal search method. The strength of this method is that it could sharply reduce the computation complexity of a search-based method. The worst case of sub-optimal method is N with power of 2. While that of the optimal search is N with power of M. When M is larger than 2, the difference is clear. This method also has its own weakness. It is still a search-based scheme, and still needs to do lots of searches. In addition, this method is sensitive to system tolerance, which means if changing the system tolerance, the node combination in this table will also change.


Risk-Graph based Attack

PresenterPresentation NotesMy concern here is that the sub-optimal search could obtain good attack performance, but it needs to do lots of search. Can we find an attack, whose performance can compete with that of the search-based ones, but do not need to do any search, just as how the load-based attack does? The answer is yes. Let’s see, those nodes and node combinations often appear in this table. If we show the table in another form, in a figure looking like this one. It seems the combination relationship between candidate nodes are much clear. Obviously, those candidate nodes are strongly related. We call this graph as risk graph. Now, I will discuss how to obtain this risk graph from this table.


Construction of Risk Graph

o Procedure– Step 1: all the nodes in the table are vertexes in

the risk graph.– Step 2: deal with the combinations one by one.

• A node appears in a combination, its frequency +1.• A combination contains more than one node, e.g. K

nodes.– Add K(K-1)/2 edges into the risk graph.– Add the weight of each edge with 2/[K(K-1)].

PresenterPresentation NotesIn the second step, we deal with the combinations one by one. If a node appears in a combination, its frequency will plus 1. If a combination includes more than one nodes, e.g. K nodes. We add K * (K-1) divided by 2 edges into the risk graph, and each edge will be added with a weight of 2/[K*(K-1)], the reciprocal of the number of edges obtained from the combination. Let me show some examples to help you understand this step.


Fig. 2 An single risk graph of IEEE 118 bus system


Risk-graph Based Attacko Integrated Risk Graph (IRG)

– Set T from 1.05 to 2 with an interval 0.05, and obtain 20 single risk graphs.

– Add those 20 single risk graphs as a IRG.o Risk-graph based attack based IRG

– M == 1, choose the node with largest frequency.– M >=2, choose the M nodes. First, there must

exist an edge between each pair of vertexes. Second, the summation of the weight on all those edges is maximum.

PresenterPresentation NotesThe risk graph is a good way to show the combination relationship between candidate nodes. But it is sensitive to system tolerance. We set the system tolerance from 1.05 to 2 with an interval 0.05, and obtain 20 single risk graphs. Add them together to generate the integrated risk graph. Based on this integrated risk graph, we propose a riskgraph-based attack. This method works as this. When choose one TN, choose the node with the largest frequency in the integrated risk graph. When choose more TNs, the TNs are from the IRG subject to two constrains. First, there must exist an edge between each pair of vertexes. Second, the summation of the weight on those edges is maximum. This risk-graph based attack is shown to have good attack performance, without any search. And its complexity is similar to that of load-based attack.


Experimentso Test benchmarks

– IEEE 57 bus system and IEEE 118 bus systemo Comparisons

– Sub-optimal vs optimal – Load-based, riskgraph-based, sub-optimal

PresenterPresentation NotesThe IEEE 57 and 118 bus systems are used as test benchmarks. We do two kinds of comparisons. The first one is to compare the sub-optimal attack with optimal attack to check the attack performance of the sub-optimal method. The second comparison was done among load-based, riskgraph-based and sub-optimal methods to check the performance of risk-graph based method.


1 2 3 4 5 6 7 855

60

65

70

75

80

85

The number of target node

Per

cent

-of-f

ailu

re

NASoptNASsubopt

Conclusion: the attack performance of the sub-optimal approach is close that of the optimal search.

Fig. 3 Comparison between sub-optimal and optimal methods on IEEE 57 bus system

PresenterPresentation NotesThe sub-optimal and optimal search methods are tested on 57 bus system. The figure shows the result. In this figure, the horizontal axis represents the number of target nodes. While the vertical axis represents the PoF. The larger the PoF is, the stronger the attack is. The blue curve represents the attack performance for the optimal search method. Due its computation complexity, the attack results at high M values are hard to be obtained. Thus, the maximum number of TN for optimal search is set to be 5. The red curve represents the attack performance for the sub-optimal attack. From this figure, we know that the attack performance of the sub-optimal method is close to that of the optimal search.


1 2 3 4 5 6 7 8

10

20

30

40

50

60

70

80

90

100


PoF

NASsuboptNASriskgraphNASload

Fig. 4 Comparison among load-based, riskgraph-based and sub-optimal methods on IEEE 57 bus system

PresenterPresentation NotesThe comparison among load-based, riskgraph-based and sub-optimal methods is shown in this figure. The horizontal and vertical axis have the same means as previous figure. In this figure, the magenta curve represents the load-based attack. The green and red ones represent the riskgraph-based and sub-optimal attacks, respectively. It is clear to see that the green curve is close to the red one, and higher than the magenta one. This shows that the riskgraph-based attack is stronger than the load-based one. But a little weaker than the sub-optimal search.


1 2 3 4 5 6 7 8

10

20

30

40

50

60

70

80


PoF

NASsuboptNASriskgraphNASload

Conclusion: the attack performance of the riskgraph-based approach is much better than that of the load-based one.

Fig. 5 Comparison among load-based, riskgraph-based and sub-optimal methods on IEEE 118 bus system

PresenterPresentation NotesSimilar results are observed on 118 bus system. We could conclude that the riskgraph-based method has better attack performance than that of the load-based one.


Summary of Different Attacks

PresenterPresentation NotesThe comparisons are made in detail in this table. From the computation complexity perspective, load-based and riskgraph-based methods do not need to do any search. While the sub-optimal and the optimal methods need to do lots of search to get their best attacks. From the perspective of the attack performance, load-based attack is the weakest one. The other three are similar. From system tolerance perspective, load-based and riskgraph-based methods do not depend on system tolerance. While the other two are sensitive to system tolerance. In summation, the riskgraph-based attack is an amazing approach for launching attacks to power grids.


Acknowledgement

• We gratefully acknowledge the support from National Science Foundation (NSF) under Grant # CNS 1117314

• For more information, please contact Prof. Haibo He at [email protected]


References U.S.-Canada Power System Outage Task Force, “Final report on theaugust 14, 2003 blackout

in the united states and canada: Causes and recommendations,” April 2004. M. Vaiman, K. Bell, Y. Chen, B. Chowdhury, I. Dobson, P. Hines,M. Papic, S. Miller, and P.

Zhang, “Risk assessment of cascading outages: Methodologies and challenges,”IEEE Transactions on Power Systems, vol. 27, no. 2, 2012.

W. Wang, Q. Cai, Y. Sun, and H. He, “Risk-aware attacks and catastrophic cascading failures in u.s. power grid,” in IEEE Global Telecommunications Conference, 2011, pp. 1–6.

S. Arianos, E. Bompard, A. Carbone, and F. Xue, “Powergrid vulnerabil-ity: a complex network approach,” EChaos: An Interdisciplinary Journal of Nonlinear Science, vol. 19, 2009.

E. Bompard, R. Napoli, and F. Xue, “Extended topological approach for the assessment of structural vulnerability in transmission networks,” IET Generation, Transmission and Distribution, vol. 4, pp. 716–724, 2010.

PresenterPresentation NotesSome references are list here.


oComments & Questions?Thanks!

Risk-Aware Vulnerability Analysis of Electric Grids from Attacker’s PerspectiveOverviewBackgroundProblem StatementModel and AttackExtended ModelSub-optimal Search AttackThe sub-optimal search attackSlide Number 9Risk-Graph based AttackConstruction of Risk GraphSlide Number 12Risk-graph Based AttackExperimentsSlide Number 15Slide Number 16Slide Number 17Summary of Different AttacksAcknowledgementReferencesSlide Number 21

Documents

Risk-Aware Vulnerability Analysis of Electric Grids from ...yhzhu/docs/ConfTalk/ISGT13_RiskGraph.pdfRisk-Aware Vulnerability Analysis of Electric Grids from Attacker’s Perspective