Visible to the public Biblio

Filters: Keyword is power grid  [Clear All Filters]
Zhang, Fengli, Huff, Philip, McClanahan, Kylie, Li, Qinghua.  2020.  A Machine Learning-Based Approach for Automated Vulnerability Remediation Analysis. 2020 IEEE Conference on Communications and Network Security (CNS). :1–9.
Security vulnerabilities in firmware/software pose an important threat ton power grid security, and thus electric utility companies should quickly decide how to remediate vulnerabilities after they are discovered. Making remediation decisions is a challenging task in the electric industry due to the many factors to consider, the balance to maintain between patching and service reliability, and the large amount of vulnerabilities to deal with. Unfortunately, remediation decisions are current manually made which take a long time. This increases security risks and incurs high cost of vulnerability management. In this paper, we propose a machine learning-based automation framework to automate remediation decision analysis for electric utilities. We apply it to an electric utility and conduct extensive experiments over two real operation datasets obtained from the utility. Results show the high effectiveness of the solution.
Zhang, L., Shen, X., Zhang, F., Ren, M., Ge, B., Li, B..  2019.  Anomaly Detection for Power Grid Based on Time Series Model. 2019 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC). :188—192.

In the process of informationization and networking of smart grids, the original physical isolation was broken, potential risks increased, and the increasingly serious cyber security situation was faced. Therefore, it is critical to develop accuracy and efficient anomaly detection methods to disclose various threats. However, in the industry, mainstream security devices such as firewalls are not able to detect and resist some advanced behavior attacks. In this paper, we propose a time series anomaly detection model, which is based on the periodic extraction method of discrete Fourier transform, and determines the sequence position of each element in the period by periodic overlapping mapping, thereby accurately describe the timing relationship between each network message. The experiments demonstrate that our model can detect cyber attacks such as man-in-the-middle, malicious injection, and Dos in a highly periodic network.

Sarochar, J., Acharya, I., Riggs, H., Sundararajan, A., Wei, L., Olowu, T., Sarwat, A. I..  2019.  Synthesizing Energy Consumption Data Using a Mixture Density Network Integrated with Long Short Term Memory. 2019 IEEE Green Technologies Conference(GreenTech). :1—4.
Smart cities comprise multiple critical infrastructures, two of which are the power grid and communication networks, backed by centralized data analytics and storage. To effectively model the interdependencies between these infrastructures and enable a greater understanding of how communities respond to and impact them, large amounts of varied, real-world data on residential and commercial consumer energy consumption, load patterns, and associated human behavioral impacts are required. The dissemination of such data to the research communities is, however, largely restricted because of security and privacy concerns. This paper creates an opportunity for the development and dissemination of synthetic energy consumption data which is inherently anonymous but holds similarities to the properties of real data. This paper explores a framework using mixture density network (MDN) model integrated with a multi-layered Long Short-Term Memory (LSTM) network which shows promise in this area of research. The model is trained using an initial sample recorded from residential smart meters in the state of Florida, and is used to generate fully synthetic energy consumption data. The synthesized data will be made publicly available for interested users.
Tamimi, A., Touhiduzzaman, M., Hahn, A..  2019.  Modeling and Analysis Cyber Threats in Power Systems Using Architecture Analysis Design Language (AADL). 2019 Resilience Week (RWS). 1:213–218.
The lack of strong cyber-physical modeling capabilities presents many challenges across the design, development, verification, and maintenance phases of a system [7]. Novel techniques for modeling the cyber-grid components, along with analysis and verification techniques, are imperative to the deployment of a resilient and robust power grid. Several works address False Data Injection (FDI) attacks to the power grid. However, most of them suffer from the lack of a model to investigate the effects of attacks. This paper proposed a cyber-physical model using Architecture Analysis & Design Language (AADL) [15] and power system information models to address different attacks in power systems.
Pearce, Hammond, Pinisetty, Srinivas, Roop, Partha S., Kuo, Matthew M. Y., Ukil, Abhisek.  2020.  Smart I/O Modules for Mitigating Cyber-Physical Attacks on Industrial Control Systems. IEEE Transactions on Industrial Informatics. 16:4659—4669.

Cyber-physical systems (CPSs) are implemented in many industrial and embedded control applications. Where these systems are safety-critical, correct and safe behavior is of paramount importance. Malicious attacks on such CPSs can have far-reaching repercussions. For instance, if elements of a power grid behave erratically, physical damage and loss of life could occur. Currently, there is a trend toward increased complexity and connectivity of CPS. However, as this occurs, the potential attack vectors for these systems grow in number, increasing the risk that a given controller might become compromised. In this article, we examine how the dangers of compromised controllers can be mitigated. We propose a novel application of runtime enforcement that can secure the safety of real-world physical systems. Here, we synthesize enforcers to a new hardware architecture within programmable logic controller I/O modules to act as an effective line of defence between the cyber and the physical domains. Our enforcers prevent the physical damage that a compromised control system might be able to perform. To demonstrate the efficacy of our approach, we present several benchmarks, and show that the overhead for each system is extremely minimal.

Trevizan, Rodrigo D., Ruben, Cody, Nagaraj, Keerthiraj, Ibukun, Layiwola L., Starke, Allen C., Bretas, Arturo S., McNair, Janise, Zare, Alina.  2019.  Data-driven Physics-based Solution for False Data Injection Diagnosis in Smart Grids. 2019 IEEE Power Energy Society General Meeting (PESGM). :1—5.
This paper presents a data-driven and physics-based method for detection of false data injection (FDI) in Smart Grids (SG). As the power grid transitions to the use of SG technology, it becomes more vulnerable to cyber-attacks like FDI. Current strategies for the detection of bad data in the grid rely on the physics based State Estimation (SE) process and statistical tests. This strategy is naturally vulnerable to undetected bad data as well as false positive scenarios, which means it can be exploited by an intelligent FDI attack. In order to enhance the robustness of bad data detection, the paper proposes the use of data-driven Machine Intelligence (MI) working together with current bad data detection via a combined Chi-squared test. Since MI learns over time and uses past data, it provides a different perspective on the data than the SE, which analyzes only the current data and relies on the physics based model of the system. This combined bad data detection strategy is tested on the IEEE 118 bus system.
Hong, Junho, Nuqui, Reynaldo F., Kondabathini, Anil, Ishchenko, Dmitry, Martin, Aaron.  2019.  Cyber Attack Resilient Distance Protection and Circuit Breaker Control for Digital Substations. IEEE Transactions on Industrial Informatics. 15:4332—4341.
This paper proposes new concepts for detecting and mitigating cyber attacks on substation automation systems by domain-based cyber-physical security solutions. The proposed methods form the basis of a distributed security domain layer that enables protection devices to collaboratively defend against cyber attacks at substations. The methods utilize protection coordination principles to cross check protection setting changes and can run real-time power system analysis to evaluate the impact of the control commands. The transient fault signature (TFS)-based cross-correlation coefficient algorithm has been proposed to detect the false sampled values data injection attack. The proposed functions were verified in a hardware-in-the-loop (HIL) simulation using commercial relays and a real-time digital simulator (RTDS). Various types of cyber intrusions are tested using this test bed to evaluate the consequences and impacts of cyber attacks to power grid as well as to validate the performance of the proposed research-grade cyber attack mitigation functions.
Chen, Yu-Cheng, Mooney, Vincent, Grijalva, Santiago.  2019.  A Survey of Attack Models for Cyber-Physical Security Assessment in Electricity Grid. 2019 IFIP/IEEE 27th International Conference on Very Large Scale Integration (VLSI-SoC). :242–243.
This paper surveys some prior work regarding attack models in a cyber-physical system and discusses the potential benefits. For comparison, the full paper will model a bad data injection attack scenario in power grid using the surveyed prior work.
Chen, Yu-Cheng, Gieseking, Tim, Campbell, Dustin, Mooney, Vincent, Grijalva, Santiago.  2019.  A Hybrid Attack Model for Cyber-Physical Security Assessment in Electricity Grid. 2019 IEEE Texas Power and Energy Conference (TPEC). :1–6.
A detailed model of an attack on the power grid involves both a preparation stage as well as an execution stage of the attack. This paper introduces a novel Hybrid Attack Model (HAM) that combines Probabilistic Learning Attacker, Dynamic Defender (PLADD) model and a Markov Chain model to simulate the planning and execution stages of a bad data injection attack in power grid. We discuss the advantages and limitations of the prior work models and of our proposed Hybrid Attack Model and show that HAM is more effective compared to individual PLADD or Markov Chain models.
LV, Zhining, HU, Ziheng, NING, Baifeng, DING, Lifu, Yan, Gangfeng, SHI, Xiasheng.  2019.  Non-intrusive Runtime Monitoring for Power System Intelligent Terminal Based on Improved Deep Belief Networks (I-DBN). 2019 4th International Conference on Power and Renewable Energy (ICPRE). :361–365.
Power system intelligent terminal equipment is widely used in real-time monitoring, data acquisition, power management, power distribution and other tasks of smart grid. The power system intelligent terminal can obtain various information of users and power companies in the power grid, but there is still a lack of protection means for the connection and communication process of the terminal components. In this paper, a novel method based on improved deep belief network(IDBN) is proposed to accomplish the business-level security monitoring and attack detection of power system terminal. A non-intrusive business-level monitoring platform for power system terminals is established, which uses energy metering intelligent terminals as an example for non-intrusive data collection. Based on this platform, the I-DBN extracts the spatial and temporal attack characteristics of the external monitoring data of the system. Some fault conditions and cyber attacks of the model have been simulated to demonstrate the effectiveness of the proposed detection method and the results show excellent performance. The method and platform proposed in this paper can be extended to other services in the power industry, providing a theoretical basis and implementation method for realizing the security monitoring of power system intelligent terminals from the business level.
Ulrich, Jacob J., Vaagensmith, Bjorn C., Rieger, Craig G., Welch, Justin J..  2019.  Software Defined Cyber-Physical Testbed for Analysis of Automated Cyber Responses for Power System Security. 2019 Resilience Week (RWS). 1:47–54.

As the power grid becomes more interconnected the attack surface increases and determining the causes of anomalies becomes more complex. Automated responses are a mechanism which can provide resilience in a power system by responding to anomalies. An automated response system can make intelligent decisions when paired with an automated health assessment system which includes a human in the loop for making critical decisions. Effective responses can be determined by developing a matrix which considers the likely impacts on resilience if a response is taken. A testbed assists to analyze these responses and determine their effects on system resilience.

Liu, Donglan, Zhang, Hao, Yu, Hao, Liu, Xin, Zhao, Yong, Lv, Guodong.  2019.  Research and Application of APT Attack Defense and Detection Technology Based on Big Data Technology. 2019 IEEE 9th International Conference on Electronics Information and Emergency Communication (ICEIEC). :1—4.
In order to excavate security threats in power grid by making full use of heterogeneous data sources in power information system, this paper proposes APT (Advanced Persistent Threat) attack detection sandbox technology and active defense system based on big data analysis technology. First, the file is restored from the mirror traffic and executed statically. Then, sandbox execution was carried out to introduce analysis samples into controllable virtual environment, and dynamic analysis and operation samples were conducted. Through analyzing the dynamic processing process of samples, various known and unknown malicious code, APT attacks, high-risk Trojan horses and other network security risks were comprehensively detected. Finally, the threat assessment of malicious samples is carried out and visualized through the big data platform. The results show that the method proposed in this paper can effectively warn of unknown threats, improve the security level of system data, have a certain active defense ability. And it can effectively improve the speed and accuracy of power information system security situation prediction.
Babay, Amy, Schultz, John, Tantillo, Thomas, Amir, Yair.  2018.  Toward an Intrusion-Tolerant Power Grid: Challenges and Opportunities. 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS). :1321–1326.
While cyberattacks pose a relatively new challenge for power grid control systems, commercial cloud systems have needed to address similar threats for many years. However, technology and approaches developed for cloud systems do not necessarily transfer directly to the power grid, due to important differences between the two domains. We discuss our experience adapting intrusion-tolerant cloud technologies to the power domain and describe the challenges we have encountered and potential directions for overcoming those obstacles.
Babay, Amy, Tantillo, Thomas, Aron, Trevor, Platania, Marco, Amir, Yair.  2018.  Network-Attack-Resilient Intrusion-Tolerant SCADA for the Power Grid. 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). :255–266.
As key components of the power grid infrastructure, Supervisory Control and Data Acquisition (SCADA) systems are likely to be targeted by nation-state-level attackers willing to invest considerable resources to disrupt the power grid. We present Spire, the first intrusion-tolerant SCADA system that is resilient to both system-level compromises and sophisticated network-level attacks and compromises. We develop a novel architecture that distributes the SCADA system management across three or more active sites to ensure continuous availability in the presence of simultaneous intrusions and network attacks. A wide-area deployment of Spire, using two control centers and two data centers spanning 250 miles, delivered nearly 99.999% of all SCADA updates initiated over a 30-hour period within 100ms. This demonstrates that Spire can meet the latency requirements of SCADA for the power grid.
Ni, Ming, Xue, Yusheng, Tong, Heqin, Li, Manli.  2018.  A cyber physical power system co-simulation platform. 2018 Workshop on Modeling and Simulation of Cyber-Physical Energy Systems (MSCPES). :1—5.

With the tighter integration of power system and Information and Communication Technology (ICT), power grid is becoming a typical cyber physical system (CPS). It is important to analyze the impact of the cyber event on power system, so that it is necessary to build a co-simulation system for studying the interaction between power system and ICT. In this paper, a cyber physical power system (CPPS) co-simulation platform is proposed, which includes the hardware-in-the-loop (HIL) simulation function. By using flexible interface, various simulation software for power system and ICT can be interconnected into the platform to build co-simulation tools for various simulation purposes. To demonstrate it as a proof, one simulation framework for real life cyber-attack on power system control is introduced. In this case, the real life denial-of-service attack on a router in automatic voltage control (AVC) is simulated to demonstrate impact of cyber-attack on power system.

Ge, Mengmeng, Fu, Xiping, Syed, Naeem, Baig, Zubair, Teo, Gideon, Robles-Kelly, Antonio.  2019.  Deep Learning-Based Intrusion Detection for IoT Networks. 2019 IEEE 24th Pacific Rim International Symposium on Dependable Computing (PRDC). :256—25609.

Internet of Things (IoT) has an immense potential for a plethora of applications ranging from healthcare automation to defence networks and the power grid. The security of an IoT network is essentially paramount to the security of the underlying computing and communication infrastructure. However, due to constrained resources and limited computational capabilities, IoT networks are prone to various attacks. Thus, safeguarding the IoT network from adversarial attacks is of vital importance and can be realised through planning and deployment of effective security controls; one such control being an intrusion detection system. In this paper, we present a novel intrusion detection scheme for IoT networks that classifies traffic flow through the application of deep learning concepts. We adopt a newly published IoT dataset and generate generic features from the field information in packet level. We develop a feed-forward neural networks model for binary and multi-class classification including denial of service, distributed denial of service, reconnaissance and information theft attacks against IoT devices. Results obtained through the evaluation of the proposed scheme via the processed dataset illustrate a high classification accuracy.

Pan, Huan, Lian, Honghui, Na, Chunning.  2019.  Vulnerability Analysis of Smart Grid under Community Attack Style. IECON 2019 - 45th Annual Conference of the IEEE Industrial Electronics Society. 1:5971—5976.
The smart grid consists of two parts, one is the physical power grid, the other is the information network. In order to study the cascading failure, the vulnerability analysis of the smart grid is done under a kind of community attack style in this paper. Two types of information networks are considered, i.e. topology consistency and scale-free cyber networks, respectively. The concept of control center is presented and the controllable power nodes and observable power lines are defined. Minimum load reduction model(MLRM) is given and described as a linear programming problem. A index is introduced to assess the vulnerability. New England 39 nodes system is applied to simulate the cascading failure process to demonstrate the effectiveness of the proposed MLRM where community the attack methods include attack the power lines among and in power communities.
Babay, Amy, Schultz, John, Tantillo, Thomas, Beckley, Samuel, Jordan, Eamon, Ruddell, Kevin, Jordan, Kevin, Amir, Yair.  2019.  Deploying Intrusion-Tolerant SCADA for the Power Grid. 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). :328–335.

While there has been considerable research on making power grid Supervisory Control and Data Acquisition (SCADA) systems resilient to attacks, the problem of transitioning these technologies into deployed SCADA systems remains largely unaddressed. We describe our experience and lessons learned in deploying an intrusion-tolerant SCADA system in two realistic environments: a red team experiment in 2017 and a power plant test deployment in 2018. These experiences resulted in technical lessons related to developing an intrusion-tolerant system with a real deployable application, preparing a system for deployment in a hostile environment, and supporting protocol assumptions in that hostile environment. We also discuss some meta-lessons regarding the cultural aspects of transitioning academic research into practice in the power industry.

Zhang, Yihan, Wu, Jiajing, Chen, Zhenhao, Huang, Yuxuan, Zheng, Zibin.  2019.  Sequential Node/Link Recovery Strategy of Power Grids Based on Q-Learning Approach. 2019 IEEE International Symposium on Circuits and Systems (ISCAS). :1–5.

Cascading failure, which can be triggered by both physical and cyber attacks, is among the most critical threats to the security and resilience of power grids. In current literature, researchers investigate the issue of cascading failure on smart grids mainly from the attacker's perspective. From the perspective of a grid defender or operator, however, it is also an important issue to restore the smart grid suffering from cascading failure back to normal operation as soon as possible. In this paper, we consider cascading failure in conjunction with the restoration process involving repairing of the failed nodes/links in a sequential fashion. Based on a realistic power flow cascading failure model, we exploit a Q-learning approach to develop a practical and effective policy to identify the optimal way of sequential restorations for large-scale smart grids. Simulation results on three power grid test benchmarks demonstrate the learning ability and the effectiveness of the proposed strategy.

Tootaghaj, Diman Zad, La Porta, Thomas, He, Ting.  2019.  Modeling, Monitoring and Scheduling Techniques for Network Recovery from Massive Failures. 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM). :695–700.

Large-scale failures in communication networks due to natural disasters or malicious attacks can severely affect critical communications and threaten lives of people in the affected area. In the absence of a proper communication infrastructure, rescue operation becomes extremely difficult. Progressive and timely network recovery is, therefore, a key to minimizing losses and facilitating rescue missions. To this end, we focus on network recovery assuming partial and uncertain knowledge of the failure locations. We proposed a progressive multi-stage recovery approach that uses the incomplete knowledge of failure to find a feasible recovery schedule. Next, we focused on failure recovery of multiple interconnected networks. In particular, we focused on the interaction between a power grid and a communication network. Then, we focused on network monitoring techniques that can be used for diagnosing the performance of individual links for localizing soft failures (e.g. highly congested links) in a communication network. We studied the optimal selection of the monitoring paths to balance identifiability and probing cost. Finally, we addressed, a minimum disruptive routing framework in software defined networks. Extensive experimental and simulation results show that our proposed recovery approaches have a lower disruption cost compared to the state-of-the-art while we can configure our choice of trade-off between the identifiability, execution time, the repair/probing cost, congestion and the demand loss.

Muka, Romina, Haugli, Fredrik Bakkevig, Vefsnmo, Hanne, Heegaard, Poul E..  2019.  Information Inconsistencies in Smart Distribution Grids under Different Failure Causes modelled by Stochastic Activity Networks. 2019 AEIT International Annual Conference (AEIT). :1–6.
The ongoing digitalization of the power distribution grid will improve the operational support and automation which is believed to increase the system reliability. However, in an integrated and interdependent cyber-physical system, new threats appear which must be understood and dealt with. Of particular concern, in this paper, is the causes of an inconsistent view between the physical system (here power grid) and the Information and Communication Technology (ICT) system (here Distribution Management System). In this paper we align the taxonomy used in International Electrotechnical Commission (power eng.) and International Federation for Information Processing (ICT community), define a metric for inconsistencies, and present a modelling approach using Stochastic Activity Networks to assess the consequences of inconsistencies. The feasibility of the approach is demonstrated in a simple use case.
Iqbal, Maryam, Iqbal, Mohammad Ayman.  2019.  Attacks Due to False Data Injection in Smart Grids: Detection Protection. 2019 1st Global Power, Energy and Communication Conference (GPECOM). :451-455.

As opposed to a traditional power grid, a smart grid can help utilities to save energy and therefore reduce the cost of operation. It also increases reliability of the system In smart grids the quality of monitoring and control can be adequately improved by incorporating computing and intelligent communication knowledge. However, this exposes the system to false data injection (FDI) attacks and the system becomes vulnerable to intrusions. Therefore, it is important to detect such false data injection attacks and provide an algorithm for the protection of system against such attacks. In this paper a comparison between three FDI detection methods has been made. An H2 control method has then been proposed to detect and control the false data injection on a 12th order model of a smart grid. Disturbances and uncertainties were added to the system and the results show the system to be fully controllable. This paper shows the implementation of a feedback controller to fully detect and mitigate the false data injection attacks. The controller can be incorporated in real life smart grid operations.

Fei, Jiaxuan, Shi, Congcong, Yuan, Xuechong, Zhang, Rui, Chen, Wei, Yang, Yi.  2019.  Reserch on Cyber Attack of Key Measurement and Control Equipment in Power Grid. 2019 IEEE International Conference on Energy Internet (ICEI). :31-36.

The normal operation of key measurement and control equipment in power grid (KMCEPG) is of great significance for safe and stable operation of power grid. Firstly, this paper gives a systematic overview of KMCEPG. Secondly, the cyber security risks of KMCEPG on the main station / sub-station side, channel side and terminal side are analyzed and the related vulnerabilities are discovered. Thirdly, according to the risk analysis results, the attack process construction technology of KMCEPG is proposed, which provides the test process and attack ideas for the subsequent KMCEPG-related attack penetration. Fourthly, the simulation penetration test environment is built, and a series of attack tests are carried out on the terminal key control equipment by using the attack flow construction technology proposed in this paper. The correctness of the risk analysis and the effectiveness of the attack process construction technology are verified. Finally, the attack test results are analyzed, and the attack test cases of terminal critical control devices are constructed, which provide the basis for the subsequent attack test. The attack flow construction technology and attack test cases proposed in this paper improve the network security defense capability of key equipment of power grid, ensure the safe and stable operation of power grid, and have strong engineering application value.

Wang, Bo, Wang, Xunting.  2018.  Vulnerability Assessment Method for Cyber Physical Power System Considering Node Heterogeneity. 2018 IEEE Innovative Smart Grid Technologies - Asia (ISGT Asia). :1109-1113.
In order to make up for the shortcomings of traditional evaluation methods neglecting node difference, a vulnerability assessment method considering node heterogeneity for cyber physical power system (CPPS) is proposed. Based on the entropy of the power flow and complex network theory, we establish heterogeneity evaluation index system for CPPS, which considers the survivability of island survivability and short-term operation of the communication network. For mustration, hierarchical CPPS model and distributed CPPS model are established respectively based on partitioning characteristic and different relationships of power grid and communication network. Simulation results show that distributed system is more robust than hierarchical system of different weighting factor whether under random attack or deliberate attack and a hierarchical system is more sensitive to the weighting factor. The proposed method has a better recognition effect on the equilibrium of the network structure and can assess the vulnerability of CPPS more accurately.
Wang, Chenguang, Cai, Yici, Wang, Haoyi, Zhou, Qiang.  2018.  Electromagnetic Equalizer: An Active Countermeasure Against EM Side-Channel Attack. Proceedings of the International Conference on Computer-Aided Design. :112:1-112:8.

Electromagnetic (EM) analysis is to reveal the secret information by analyzing the EM emission from a cryptographic device. EM analysis (EMA) attack is emerging as a serious threat to hardware security. It has been noted that the on-chip power grid (PG) has a security implication on EMA attack by affecting the fluctuations of supply current. However, there is little study on exploiting this intrinsic property as an active countermeasure against EMA. In this paper, we investigate the effect of PG on EM emission and propose an active countermeasure against EMA, i.e. EM Equalizer (EME). By adjusting the PG impedance, the current waveform can be flattened, equalizing the EM profile. Therefore, the correlation between secret data and EM emission is significantly reduced. As a first attempt to the co-optimization for power and EM security, we extend the EME method by fixing the vulnerability of power analysis. To verify the EME method, several cryptographic designs are implemented. The measurement to disclose (MTD) is improved by 1138x with area and power overheads of 0.62% and 1.36%, respectively.