Power grids increasingly need real-time situational awareness under the ever-evolving cyberthreat landscape. Advances in snapshot-based system identification approaches have enabled accurately estimating states and topology from a snapshot of measurement data, under random bad data and topology errors. However, modern interactive, targeted false data can stay undetectable to these methods, and significantly compromise estimation accuracy. This work advances system identification that combines snapshot-based method with time-series model via Bayesian Integration, to advance cyber resiliency against both random and targeted false data. Using a distance-based time-series model, this work can leverage historical data of different distributions induced by changes in grid topology and other settings. The normal system behavior captured from historical data is integrated into system identification through a Bayesian treatment, to make solutions robust to targeted false data. We experiment on mixed random anomalies (bad data, topology error) and targeted false data injection attack (FDIA) to demonstrate our method's 1) cyber resilience: achieving over 70% reduction in estimation error under FDIA; 2) anomalous data identification: being able to alarm and locate anomalous data; 3) almost linear scalability: achieving comparable speed with the snapshot-based baseline, both taking <1min per time tick on the large 2,383-bus system using a laptop CPU.

翻译：在不断演变的网络威胁环境下，电网日益需要实时态势感知能力。基于快照的系统辨识方法已能在随机坏数据与拓扑错误条件下，从测量数据快照中准确估计系统状态与拓扑。然而，现代交互式、有目标的虚假数据可能规避这些方法的检测，并显著降低估计精度。本研究提出通过贝叶斯集成将基于快照的方法与时间序列模型相结合的系统辨识框架，以增强对随机与有目标虚假数据的网络弹性。通过采用基于距离的时间序列模型，本方法能够利用因电网拓扑及其他设置变化而产生的不同分布历史数据。从历史数据中提取的正常系统行为通过贝叶斯处理融入系统辨识过程，使解决方案对有目标虚假数据具有鲁棒性。我们在混合随机异常（坏数据、拓扑错误）与有目标虚假数据注入攻击（FDIA）场景中进行实验，结果表明所提方法具有：1）网络弹性：在FDIA下估计误差降低超70%；2）异常数据识别：能够报警并定位异常数据；3）近似线性可扩展性：在大型2,383节点系统中使用笔记本电脑CPU处理每个时间戳耗时<1分钟，与基于快照的基线方法速度相当。