Using spy node to identify cyber-attack in power systems as a novel approach

Cyber-security of power systems is of vital importance in this decade and the attackers attempt to manipulate the data and inject malicious data in state variables to divert state of the system. Cyber-attack utilizes the information of the system to generate the attacking vector in order to elude the malicious data tests. The proposed novel approach intends to change the information of the system being exploited by the adversary through adding virtual buses to the network referred as spy nodes. These nodes, including extra measurements fed to the attacker, are able to change the perceived topology of the network on which the attacker depends. Candidate places of the spy nodes are determined by using spanning tree algorithm. Excluding the spy data and using the proposed criteria, malicious data is detected. Results were verified by simulating IEEE 9-bus standard system for several times. Furthermore the method detects the malicious data when the value of spy data changes.