Smart grids enhance the power system operation by using the data communication. Such enhancement calls for accurate cyber security schemes to guarantee the reliability of the operation. In this paper, timely detection of cyber-attacks in smart grids using the windowed online dynamic mode decomposition (WODMD) is investigated. Three criteria for the attack detection are studied: the absolute Frobenius norm difference of the online discovered system matrices, the absolute norm difference of the eigenvalue vector and the one-step-ahead prediction error by the WODMD. The proposed method is purely data-driven without any need to dynamic models of the grid. Also the proposed WODMD cyber-attack detection scheme acts online without prior learning of possible attack scenarios. Simulation studies illustrate the superiority of the proposed method over three commonly used model-free methods.
