Date of Graduation


Document Type


Degree Type



Statler College of Engineering and Mineral Resources


Lane Department of Computer Science and Electrical Engineering

Committee Chair

Sarika K Solanki

Committee Co-Chair

Muhammed Choudhry

Committee Member

Jignesh M Solanki


Vast deployment of Wide Area Measurement Systems (WAMS) has facilitated in increased understanding and intelligent management of the current complex power systems. Phasor Measurement Units (PMU's), being the integral part of WAMS transmit high quality system information to the control centers every second. With the North American Synchro Phasor Initiative (NAPSI), the number of PMUs deployed across the system has been growing rapidly. With this increase in the number of PMU units, the amount of data accumulated is also growing in a tremendous manner. This increase in the data necessitates the use of sophisticated data processing, data reduction, data analysis and data mining techniques. WAMS is also closely associated with the information and communication technologies that are capable of implementing intelligent protection and control actions in order to improve the reliability and efficiency of the existing power systems. Along with the myriad of advantages that these measurements systems, informational and communication technologies bring, they also lead to a close synergy between heterogeneous physical and cyber components which unlocked access points for easy cyber intrusions. This easy access has resulted in various cyber attacks on control equipment consequently increasing the vulnerability of the power systems.;This research proposes a data mining based methodology that is capable of identifying attacks in the system using the real time data. The proposed methodology employs an online clustering technique to monitor only limited number of measuring units (PMU's) deployed across the system. Two different classification algorithms are implemented to detect the occurrence of attacks along with its location. This research also proposes a methodology to differentiate physical attacks with malicious data attacks and declare attack severity and criticality. The proposed methodology is implemented on IEEE 24 Bus reliability Test System using data generated for attacks at different locations, under different system topologies and operating conditions. Different cross validation studies are performed to determine all the user defined variables involved in data mining studies. The performance of the proposed methodology is completely analyzed and results are demonstrated. Finally the strengths and limitations of the proposed approach are discussed.