LAUSR

Conventional cyber-security intrusion detection systems monitor network traffic for malicious activity and indications that an adversary has gained access to the system. The approach discussed here expands the idea of a traditional intrusion detection system within electrical power systems, specifically power distribution networks, by monitoring the physical behavior of the grid. This is achieved through the use of high-rate distribution Phasor Measurement Units (PMUs), alongside SCADA packets analysis, for the purpose of monitoring the behavior of discrete control devices. In this work we present a set of algorithms for passively learning the control logic of voltage regulators and switched capacitor banks. Upon detection of an abnormal operation, the operator is alerted and further action can be taken. The proposed learning algorithms are validated on both simulated data and on measured PMU data from a utility pilot deployment site.