LAUSR

While securing wide-area damping controllers (WADCs) against cyber attacks becomes critical, most existing efforts deal with model-based attacks. A smart attacker may not follow the prescribed models and can intelligently change the attack actions. To tackle this challenge, this work proposes a stochastic game theoretic framework that can model the dynamic interaction between the attacker (a jammer) and the defender (intrusion detector in the WADC) with the player’s type uncertainty to optimally manage the vulnerability of the power system. Uniquely, the always opponent assumption of the other player made in most of the existing works is removed as this assumption may lead to serious resource waste due to the high over-defense rate. In this incomplete information stochastic game, the attacker intelligently jams the communication links between phasor measurement units (PMUs) and WADCs, while the intrusion detection of the WADCs is considered as the defense action. The vulnerability level of the power system resulted from the attack and defense actions in the cyber-layer is indexed by the trace of the observability Gramian. Therefore, the proposed stochastic game framework provides a cyber-physical view to make the optimal cyber-layer intrusion detection system (IDS) triggering strategy for the WADC. As the types of the other player are unknown to the defender, a Bayesian based posterior type belief update method is proposed for the defender to update the type belief about the opponent by the boundary probability based on the Bayesian Nash Equilibrium. The proposed cyber-layer IDS triggering strategy is tested and compared with other game approaches on the IEEE 39-bus 10-generator system. Simulation results show that the proposed approach can achieve the same defense performance compared to the complete information stochastic game while reducing the over-defense rate from 40% to 16%.