Indirect Coordinated Attack Against Relay via Load-Side Power Electronics and Its Defense Strategy

The vital importance of the relay protection system makes it difficult for attackers to attack it directly. This article points out an innovative indirect coordinated attack (ICA) against the relay, which is initiated by manipulating load-side power electronics to generate false signals, to induce relays to malfunction and thus override trip. First, this article analyzes the vulnerability of the load-side power electronic and the potential for manipulating it to cause relay to malfunction. Next, this article investigates the principles and consequences of two indirect attacks, resulting in the blocking or tripping of the directional overcurrent relay (DOCR), respectively. Notably, if these two indirect attacks are combined into the ICA, it can penetrate through multiple DOCRs, posing a considerable threat to the security of the power system. To cope with it, a defense strategy is proposed, which is to implement a blocking reasons identification technology (BRIT) as a built-in function in DOCRs. BRIT employs the recursive feature elimination method to select optimal features and then identifies the actual overcurrent signal based on bidirectional LSTMto defend against the faulty blocking caused by the ICA. Consequently, it prevents the tripping signal from causing more extensive damage. The performance of the ICA process and the defense strategy is validated using the CIGRE low-voltage microgrid example system.