Data-Driven Cyber-Attack Detection for PV Farms via Time-Frequency Domain Features
Lulu Guo, Jinan Zhang, Jin Ye, Stephen J. Coshatt, Wen‐Zhan Song
Abstract
The internetworking of grid-connected power electronics converters (PECs) in photovoltaic (PV) farms has inevitably expanded the cyber-attack surfaces. This paper presents a comprehensive study on cyber-attack detection and diagnosis for PEC-enabled PV farms via single waveform sensor to distinguish between normal conditions, open-circuit faults, short-circuit faults, and cyber-attacks. To our knowledge, this has not been attempted before. Firstly, we propose frequency-domain magnitude-based residuals to identify short-circuit faults and a time-domain mean current vector-based feature to distinguish open-circuit faults from other threats. These features can fully reflect the specific physical characteristics of PV farms during threat duration. Secondly, unlike micro phasor measurement units ( <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\mu $ </tex-math></inline-formula> PMU) and raw electric waveform-based methods, the proposed innovative features can address novel cyber-attacks that are excluded from the training process. Thirdly, an online hardware-in-the-loop (HIL) testbed using the OPAL-RT real-time digital simulator has verified the effectiveness. The monitoring system runs in real-time while using HIL as an operational solar farm and a National Instruments (NI) data acquisition card as the electric waveform sensor at the point of coupling.