Data-Driven Detection and Identification of IoT-Enabled Load-Altering Attacks in Power Grids

Advances in edge computing are powering the development and deployment of Internet of Things (IoT) systems in an effort to provide advanced services and resource efficiency. However, large-scale IoT-based load-altering attacks (LAAs) can have a serious impact on power grid operations such as destabilizing the grid's control loops. Timely detection and identification of any compromised nodes is important to minimize the adverse effects of these attacks on power grid operations. In this work, we present two data-driven algorithms to detect and identify compromised nodes and the attack parameters of the LAAs. The first, based on the Sparse Identification of Nonlinear Dynamics (SINDy) approach, adopts a sparse regression framework to identify attack parameters that best describes the observed dynamics. The second method, based on physics-informed neural networks (PINN), adopts deep neural networks to infer the attack parameters from the measurements. Both methods are presented utilizing edge computing for deployment over decentralized architectures. Extensive simulations performed on IEEE bus systems show that the proposed algorithms outperform existing approaches, such as those based on unscented Kalman filter, especially in systems that exhibit fast dynamics and are effective in detecting and identifying locations of attack in a timely manner.