Classification of Disturbances and Cyber-Attacks in Power Systems Using Heterogeneous Time Synchronized Data
The significance of visualization and situational awareness in power systems cannot be overstated, as the timely detection of power-system incidents, such as transmission line faults or cyber-attacks, is crucial.
Swifter operators can respond promptly to prevent avoidable losses. The utilization of precise time-synchronized data, such as system measurements and device status, offers advantages in the monitoring of system state. Nevertheless, the analysis of heterogeneous data in the time domain to identify patterns is challenging because of the presence of transient phenomena in the measured waveforms. This paper presents a rigorous method for extracting patterns of power-system disturbances and cyber-attacks from diverse time-synchronized data, such as synchrophasor measurements, relay logs, and network event monitor logs, using a sequential pattern mining approach. This paper introduces the concept of the common path. A common path refers to a series of crucial system states that occur in a specific order over time, each representing different types of disruptions and cyber-attacks. Common paths are distinct patterns that are specific to each type of observed event. Classification can be conducted by comparing them to observed system states. This paper presents an introduction to the automated process of identifying common paths from labeled data logs. The provided case study employs the common path-mining algorithm to acquire knowledge of shared paths by combining diverse synchrophasor data and system logs. These paths pertain to three distinct types of disturbances, specifically faults, as well as three types of cyber-attacks that bear resemblance to or imitate faults. The case study showcases the efficacy of the algorithm in accurately identifying distinct paths for each event type, as well as the classifier’s proficiency in accurately distinguishing each event type.