Data-Driven Detection and Identification of IoT-Enabled Load-Altering Attacks in Power Grids

Advances in edge computing are powering the development and deployment of Internet of Things (IoT) systems to provide advanced services and resource efficiency. However, large-scale IoT-based load-altering attacks (LAAs) can seriously impact power grid operations, such as destabilising the grid's control loops. Timely detection and identification of any compromised nodes are essential to minimise the adverse effects of these attacks on power grid operations. In this work, two data-driven algorithms are proposed to detect and identify compromised nodes and the attack parameters of the LAAs. The first method, based on the Sparse Identification of Nonlinear Dynamics (SINDy) approach, adopts a sparse regression framework to identify attack parameters that best describe the observed dynamics. The second method, based on physics-informed neural networks (PINN), employs neural networks to infer the attack parameters from the measurements. Both algorithms are presented utilising edge computing for deployment over decentralised architectures. Extensive simulations are performed on IEEE 6-,14- and 39-bus systems to verify the effectiveness of the proposed methods. Numerical results confirm that the proposed algorithms outperform existing approaches, such as those based on unscented Kalman filter, support vector machines (SVM), and neural networks (NN), and effectively detect and identify locations of attack in a timely manner.