LAUSR

The internetworking of grid-connected power electronics converters (PECs) in photovoltaic (PV) farms has inevitably expanded the cyber-attack surfaces. This paper presents a comprehensive study on cyber-attack detection and diagnosis for PEC-enabled PV farms via single waveform sensor to distinguish between normal conditions, open-circuit faults, short-circuit faults, and cyber-attacks. To our knowledge, this has not been attempted before. Firstly, we propose frequency-domain magnitude-based residuals to identify short-circuit faults and a time-domain mean current vector-based feature to distinguish open-circuit faults from other threats. These features can fully reflect the specific physical characteristics of PV farms during threat duration. Secondly, unlike micro phasor measurement units ( $\mu $ PMU) and raw electric waveform-based methods, the proposed innovative features can address novel cyber-attacks that are excluded from the training process. Thirdly, an online hardware-in-the-loop (HIL) testbed using the OPAL-RT real-time digital simulator has verified the effectiveness. The monitoring system runs in real-time while using HIL as an operational solar farm and a National Instruments (NI) data acquisition card as the electric waveform sensor at the point of coupling.