Virginia Tech® home

Cyberattack Correlation and Mitigation for Distribution Systems via Machine Learning

Paper Details


Electric power systems are remote-monitored and controlled, and human operators can often resolve issues by sending a command to telemetry points (nodes) via a communication network, significantly reducing the duration of outages. 

However, this rapid communications network exposes the grid to cyberattacks that could damage equipment and cause widespread, long-lasting outages, prompting the need for a Cyber-Physical security system.

Researchers explored installing AI-based software modules, or agents, at nodes in a distribution network. Each agent monitored the local cyberspace of the node and managed its remote-control capability. 

The project, which approached cyberattack mitigation in both the communication network and the physical grid, developed a three-stage algorithm (sequence of instructions) to be implemented by network agents. 

Each agent applies the first part of the algorithm to detect attacks. If an agent detects an attack, it notifies all other agents and the remote human operator. The agent then blocks the attacker and turns off remote control for its node. Other agents tighten their defense mechanisms based on the likelihood of an attack. 

If an attack is persistent, a master agent, or software module with oversight of the entire network, and the human operator reconfigure the electrical network, allowing consumers to get electricity from alternative sources and paths.