Visible to the public Biblio

Filters: Keyword is state estimation  [Clear All Filters]
Xiong, Leilei, Grijalva, Santiago.  2019.  N-1 RTU Cyber-Physical Security Assessment Using State Estimation. 2019 IEEE Power Energy Society General Meeting (PESGM). :1–5.
Real-time supervisory control and data acquisition (SCADA) systems use remote terminal units (RTUs) to monitor and manage the flow of power at electrical substations. As their connectivity to different utility and private networks increases, RTUs are becoming more vulnerable to cyber-attacks. Some attacks seek to access RTUs to directly control power system devices with the intent to shed load or cause equipment damage. Other attacks (such as denial-of-service) target network availability and seek to block, delay, or corrupt communications between the RTU and the control center. In the most severe case, when communications are entirely blocked, the loss of an RTU can cause the power system to become unobservable. It is important to understand how losing an RTU impacts the system state (bus voltage magnitudes and angles). The system state is determined by the state estimator and serves as the input to other critical EMS applications. There is currently no systematic approach for assessing the cyber-physical impact of losing RTUs. This paper proposes a methodology for N-1 RTU cyber-physical security assessment that could benefit power system control and operation. We demonstrate our approach on the IEEE 14-bus system as well as on a synthetic 200-bus system.
Chen, Yanping, Ma, Long, Xia, Hong, Gao, Cong, Wang, Zhongmin, Yu, Zhong.  2019.  Trust-Based Distributed Kalman Filter Estimation Fusion under Malicious Cyber Attacks. 2019 IEEE 21st International Conference on High Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems (HPCC/SmartCity/DSS). :2255—2260.

We consider distributed Kalman filter for dynamic state estimation over wireless sensor networks. It is promising but challenging when network is under cyber attacks. Since the information exchange between nodes, the malicious attacks quickly spread across the entire network, which causing large measurement errors and even to the collapse of sensor networks. Aiming at the malicious network attack, a trust-based distributed processing frame is proposed. Which allows neighbor nodes to exchange information, and a series of trusted nodes are found using truth discovery. As a demonstration, distributed Cooperative Localization is considered, and numerical results are provided to evaluate the performance of the proposed approach by considering random, false data injection and replay attacks.

Tuttle, Michael, Wicker, Braden, Poshtan, Majid, Callenes, Joseph.  2019.  Algorithmic Approaches to Characterizing Power Flow Cyber-Attack Vulnerabilities. 2019 IEEE Power Energy Society Innovative Smart Grid Technologies Conference (ISGT). :1—5.
As power grid control systems become increasingly automated and distributed, security has become a significant design concern. Systems increasingly expose new avenues, at a variety of levels, for attackers to exploit and enable widespread disruptions and/or surveillance. Much prior work has explored the implications of attack models focused on false data injection at the front-end of the control system (i.e. during state estimation) [1]. Instead, in this paper we focus on characterizing the inherent cyber-attack vulnerabilities with power flow. Power flow (and power flow constraints) are at the core of many applications critical to operation of power grids (e.g. state estimation, economic dispatch, contingency analysis, etc.). We propose two algorithmic approaches for characterizing the vulnerability of buses within power grids to cyber-attacks. Specifically, we focus on measuring the instability of power flow to attacks which manifest as either voltage or power related errors. Our results show that attacks manifesting as voltage errors are an order of magnitude more likely to cause instability than attacks manifesting as power related errors (and 5x more likely for state estimation as compared to power flow).
Al-Eryani, Yasser, Baroudi, Uthman.  2019.  An Investigation on Detecting Bad Data Injection Attack in Smart Grid. 2019 International Conference on Computer and Information Sciences (ICCIS). :1–4.
Security and consistency of smart grids is one of the main issues in the design and maintenance of highly controlled and monitored new power grids. Bad data injection attack could lead to disasters such as power system outage, or huge economical losses. In many attack scenarios, the attacker can come up with new attack strategies that couldn't be detected by the traditional bad data detection methods. Adaptive Partitioning State Estimation (APSE) method [3] has been proposed recently to combat such attacks. In this work, we evaluate and compare with a traditional method. The main idea of APSE is to increase the sensitivity of the chi-square test by partitioning the large grids into small ones and apply the test on each partition individually and repeat this procedure until the faulty node is located. Our simulation findings using MATPOWER program show that the method is not consistent where it is sensitive the systems size and the location of faulty nodes as well.
Lakshminarayana, Subhash, Belmega, E. Veronica, Poor, H. Vincent.  2019.  Moving-Target Defense for Detecting Coordinated Cyber-Physical Attacks in Power Grids. 2019 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm). :1–7.
This work proposes a moving target defense (MTD) strategy to detect coordinated cyber-physical attacks (CCPAs) against power grids. A CCPA consists of a physical attack, such as disconnecting a transmission line, followed by a coordinated cyber attack that injects false data into the sensor measurements to mask the effects of the physical attack. Such attacks can lead to undetectable line outages and cause significant damage to the grid. The main idea of the proposed approach is to invalidate the knowledge that the attackers use to mask the effects of the physical attack by actively perturbing the grid's transmission line reactances using distributed flexible AC transmission system (D-FACTS) devices. We identify the MTD design criteria in this context to thwart CCPAs. The proposed MTD design consists of two parts. First, we identify the subset of links for D-FACTS device deployment that enables the defender to detect CCPAs against any link in the system. Then, in order to minimize the defense cost during the system's operational time, we use a game-theoretic approach to identify the best subset of links (within the D-FACTS deployment set) to perturb which will provide adequate protection. Extensive simulations performed using the MATPOWER simulator on IEEE bus systems verify the effectiveness of our approach in detecting CCPAs and reducing the operator's defense cost.
Zhang, Chiyu, Hwang, Inseok.  2019.  Decentralized Multi-Sensor Scheduling for Multi-Target Tracking and Identity Management. 2019 18th European Control Conference (ECC). :1804–1809.
This paper proposes a multi-target tracking and identity management method with multiple sensors: a primary sensor with a large detection range to provide the targets' state estimates, and multiple secondary sensors capable of recognizing the targets' identities. Each of the secondary sensors is assigned to a sector of the operation area; a secondary sensor decides which target in its assigned sector to be identified and controls itself to identify the target. We formulate the decision-making process as an optimization problem to minimize the uncertainty of the targets' identities subject to the sensor dynamic constraints. The proposed algorithm is decentralized since the secondary sensors only communicate with the primary sensor for the target information, and need not to synchronize with each other. By integrating the proposed algorithm with the existing multi-target tracking algorithms, we develop a closed-loop multi-target tracking and identity management algorithm. The effectiveness of the proposed algorithm is demonstrated with illustrative numerical examples.
Zhang, Zhenyong, Wu, Junfeng, Yau, David, Cheng, Peng, Chen, Jiming.  2018.  Secure Kalman Filter State Estimation by Partially Homomorphic Encryption. 2018 ACM/IEEE 9th International Conference on Cyber-Physical Systems (ICCPS). :345–346.
Recently, the security of state estimation has been attracting significant research attention due to the need for trustworthy situation awareness in emerging (e.g., industrial) cyber-physical systems. In this paper, we investigate secure estimation based on Kalman filtering (SEKF) using partially homomorphically encrypted data. The encryption will enhance the confidentiality not only of data transmitted in the communication network, but also key system information required by the estimator. We use a multiplicative homomorphic encryption scheme, but with a modified decryption algorithm. SEKF is able to conceal comprehensive information (i.e., system parameters, measurements, and state estimates) aggregated at the sink node of the estimator, while retaining the effectiveness of normal Kalman filtering. Therefore, even if an attacker has gained unauthorized access to the estimator and associated communication channels, he will not be able to obtain sufficient knowledge of the system state to guide the attack, e.g., ensure its stealthiness. We present an implementation structure of the SEKF to reduce the communication overhead compared with traditional secure multiparty computation (SMC) methods. Finally, we demonstrate the effectiveness of the SEKF on an IEEE 9-bus power system.
Severson, T., Rodriguez-Seda, E., Kiriakidis, K., Croteau, B., Krishnankutty, D., Robucci, R., Patel, C., Banerjee, N..  2018.  Trust-Based Framework for Resilience to Sensor-Targeted Attacks in Cyber-Physical Systems. 2018 Annual American Control Conference (ACC). :6499-6505.

Networked control systems improve the efficiency of cyber-physical plants both functionally, by the availability of data generated even in far-flung locations, and operationally, by the adoption of standard protocols. A side-effect, however, is that now the safety and stability of a local process and, in turn, of the entire plant are more vulnerable to malicious agents. Leveraging the communication infrastructure, the authors here present the design of networked control systems with built-in resilience. Specifically, the paper addresses attacks known as false data injections that originate within compromised sensors. In the proposed framework for closed-loop control, the feedback signal is constructed by weighted consensus of estimates of the process state gathered from other interconnected processes. Observers are introduced to generate the state estimates from the local data. Side-channel monitors are attached to each primary sensor in order to assess proper code execution. These monitors provide estimates of the trust assigned to each observer output and, more importantly, independent of it; these estimates serve as weights in the consensus algorithm. The authors tested the concept on a multi-sensor networked physical experiment with six primary sensors. The weighted consensus was demonstrated to yield a feedback signal within specified accuracy even if four of the six primary sensors were injecting false data.

Kolosok, I., Korkina, E., Mahnitko, A., Gavrilovs, A..  2018.  Supporting Cyber-Physical Security of Electric Power System by the State Estimation Technique. 2018 IEEE 59th International Scientific Conference on Power and Electrical Engineering of Riga Technical University (RTUCON). :1–6.

Security is one of the most important properties of electric power system (EPS). We consider the state estimation (SE) tool as a barrier to the corruption of data on current operating conditions of the EPS. An algorithm for a two-level SE on the basis of SCADA and WAMS measurements is effective in terms of detection of malicious attacks on energy system. The article suggests a methodology to identify cyberattacks on SCADA and WAMS.

Lu, G., Feng, D..  2018.  Network Security Situation Awareness for Industrial Control System Under Integrity Attacks. 2018 21st International Conference on Information Fusion (FUSION). :1808-1815.

Due to the wide implementation of communication networks, industrial control systems are vulnerable to malicious attacks, which could cause potentially devastating results. Adversaries launch integrity attacks by injecting false data into systems to create fake events or cover up the plan of damaging the systems. In addition, the complexity and nonlinearity of control systems make it more difficult to detect attacks and defense it. Therefore, a novel security situation awareness framework based on particle filtering, which has good ability in estimating state for nonlinear systems, is proposed to provide an accuracy understanding of system situation. First, a system state estimation based on particle filtering is presented to estimate nodes state. Then, a voting scheme is introduced into hazard situation detection to identify the malicious nodes and a local estimator is constructed to estimate the actual system state by removing the identified malicious nodes. Finally, based on the estimated actual state, the actual measurements of the compromised nodes are predicted by using the situation prediction algorithm. At the end of this paper, a simulation of a continuous stirred tank is conducted to verify the efficiency of the proposed framework and algorithms.

Paudel, Sarita, Smith, Paul, Zseby, Tanja.  2018.  Stealthy Attacks on Smart Grid PMU State Estimation. Proceedings of the 13th International Conference on Availability, Reliability and Security. :16:1-16:10.

Smart grids require communication networks for supervision functions and control operations. With this they become attractive targets for attackers. In newer power grids, State Estimation (SE) is often performed based on Kalman Filters (KFs) to deal with noisy measurement data and detect Bad Data (BD) due to failures in the measurement system. Nevertheless, in a setting where attackers can gain access to modify sensor data, they can exploit the fact that SE is used to process the data. In this paper, we show how an attacker can modify Phasor Measurement Unit (PMU) sensor data in a way that it remains undetected in the state estimation process. We show how anomaly detection methods based on innovation gain fail if an attacker is aware of the state estimation and uses the right strategy to circumvent detection.

Nichols, W., Hawrylak, P. J., Hale, J., Papa, M..  2018.  Methodology to Estimate Attack Graph System State from a Simulation of a Nuclear Research Reactor. 2018 Resilience Week (RWS). :84-87.
Hybrid attack graphs are a powerful tool when analyzing the cybersecurity of a cyber-physical system. However, it is important to ensure that this tool correctly models reality, particularly when modelling safety-critical applications, such as a nuclear reactor. By automatically verifying that a simulation reaches the state predicted by an attack graph by analyzing the final state of the simulation, this verification procedure can be accomplished. As such, a mechanism to estimate if a simulation reaches the expected state in a hybrid attack graph is proposed here for the nuclear reactor domain.
Sun, K., Esnaola, I., Perlaza, S. M., Poor, H. V..  2017.  Information-Theoretic Attacks in the Smart Grid. 2017 IEEE International Conference on Smart Grid Communications (SmartGridComm). :455–460.

Gaussian random attacks that jointly minimize the amount of information obtained by the operator from the grid and the probability of attack detection are presented. The construction of the attack is posed as an optimization problem with a utility function that captures two effects: firstly, minimizing the mutual information between the measurements and the state variables; secondly, minimizing the probability of attack detection via the Kullback-Leibler (KL) divergence between the distribution of the measurements with an attack and the distribution of the measurements without an attack. Additionally, a lower bound on the utility function achieved by the attacks constructed with imperfect knowledge of the second order statistics of the state variables is obtained. The performance of the attack construction using the sample covariance matrix of the state variables is numerically evaluated. The above results are tested in the IEEE 30-Bus test system.

Tian, Jue, Tan, Rui, Guan, Xiaohong, Liu, Ting.  2017.  Hidden Moving Target Defense in Smart Grids. Proceedings of the 2Nd Workshop on Cyber-Physical Security and Resilience in Smart Grids. :21–26.
Recent research has proposed a moving target defense (MTD) approach that actively changes transmission line susceptance to preclude stealthy false data injection (FDI) attacks against the state estimation of a smart grid. However, existing studies were often conducted under a less adversarial setting, in that they ignore the possibility that an alert attacker can also try to detect the activation of MTD and then cancel any FDI attack until they learn the new system configuration after MTD. Indeed, in this paper, we show that this can be achieved easily by the attacker. To improve the stealthiness of MTD against the attacker, we propose a hidden MTD approach that maintains the power flows of the whole grid after MTD. We develop an algorithm to construct the hidden MTD and analyze its feasibility condition when only a subset of transmission lines can adjust susceptance. Simulations are conducted to demonstrate the effectiveness of the hidden MTD against alert attackers under realistic settings.
Wang, J., Shi, D., Li, Y., Chen, J., Duan, X..  2017.  Realistic measurement protection schemes against false data injection attacks on state estimators. 2017 IEEE Power Energy Society General Meeting. :1–5.
False data injection attacks (FDIA) on state estimators are a kind of imminent cyber-physical security issue. Fortunately, it has been proved that if a set of measurements is strategically selected and protected, no FDIA will remain undetectable. In this paper, the metric Return on Investment (ROI) is introduced to evaluate the overall returns of the alternative measurement protection schemes (MPS). By setting maximum total ROI as the optimization objective, the previously ignored cost-benefit issue is taken into account to derive a realistic MPS for power utilities. The optimization problem is transformed into the Steiner tree problem in graph theory, where a tree pruning based algorithm is used to reduce the computational complexity and find a quasi-optimal solution with acceptable approximations. The correctness and efficiency of the algorithm are verified by case studies.
Li, Q., Xu, B., Li, S., Liu, Y., Cui, D..  2017.  Reconstruction of measurements in state estimation strategy against cyber attacks for cyber physical systems. 2017 36th Chinese Control Conference (CCC). :7571–7576.

To improve the resilience of state estimation strategy against cyber attacks, the Compressive Sensing (CS) is applied in reconstruction of incomplete measurements for cyber physical systems. First, observability analysis is used to decide the time to run the reconstruction and the damage level from attacks. In particular, the dictionary learning is proposed to form the over-completed dictionary by K-Singular Value Decomposition (K-SVD). Besides, due to the irregularity of incomplete measurements, sampling matrix is designed as the measurement matrix. Finally, the simulation experiments on 6-bus power system illustrate that the proposed method achieves the incomplete measurements reconstruction perfectly, which is better than the joint dictionary. When only 29% available measurements are left, the proposed method has generality for four kinds of recovery algorithms.

Tsujii, Y., Kawakita, K. E., Kumagai, M., Kikuchi, A., Watanabe, M..  2017.  State Estimation Error Detection System for Online Dynamic Security Assessment. 2017 IEEE Power Energy Society Innovative Smart Grid Technologies Conference (ISGT). :1–5.

Online Dynamic Security Assessment (DSA) is a dynamical system widely used for assessing and analyzing an electrical power system. The outcomes of DSA are used in many aspects of the operation of power system, from monitoring the system to determining remedial action schemes (e.g. the amount of generators to be shed at the event of a fault). Measurement from supervisory control and data acquisition (SCADA) and state estimation (SE) results are the inputs for online-DSA, however, the SE error, caused by sudden change in power flow or low convergence rate, could be unnoticed and skew the outcome. Therefore, generator shedding scheme cannot achieve optimum but must have some margin because we don't know how SE error caused by these problems will impact power system stability control. As a method for solving the problem, we developed SE error detection system (EDS), which is enabled by detecting the SE error that will impact power system transient stability. The method is comparing a threshold value and an index calculated by the difference between SE results and PMU observation data, using the distance from the fault point and the power flow value. Using the index, the reliability of the SE results can be verified. As a result, online-DSA can use the SE results while avoiding the bad SE results, assuring the outcome of the DSA assessment and analysis, such as the amount of generator shedding in order to prevent the power system's instability.

Matrosova, A., Mitrofanov, E., Ostanin, S., Nikolaeva, E..  2017.  Detection and Masking of Trojan Circuits in Sequential Logic. 2017 IEEE East-West Design Test Symposium (EWDTS). :1–4.

A technique of finding a set of sequential circuit nodes in which Trojan Circuits (TC) may be implanted is suggested. The technique is based on applying the precise (not heuristic) random estimations of internal node observability and controllability. Getting the estimations we at the same time derive and compactly represent all sequential circuit full states (depending on input and state variables) in which of that TC may be switched on. It means we obtain precise description of TC switch on area for the corresponding internal node v. The estimations are computed with applying a State Transition Graph (STG) description, if we suppose that TC may be inserted out of the working area (out of the specification) of the sequential circuit. Reduced Ordered Binary Decision Diagrams (ROBDDs) for the combinational part and its fragments are applied for getting the estimations by means of operations on ROBDDs. Techniques of masking TCs are proposed. Masking sub-circuits overhead is appreciated.

Liang, J., Sankar, L., Kosut, O..  2017.  Vulnerability analysis and consequences of false data injection attack on power system state estimation. 2017 IEEE Power Energy Society General Meeting. :1–1.
An unobservable false data injection (FDI) attack on AC state estimation (SE) is introduced and its consequences on the physical system are studied. With a focus on understanding the physical consequences of FDI attacks, a bi-level optimization problem is introduced whose objective is to maximize the physical line flows subsequent to an FDI attack on DC SE. The maximization is subject to constraints on both attacker resources (size of attack) and attack detection (limiting load shifts) as well as those required by DC optimal power flow (OPF) following SE. The resulting attacks are tested on a more realistic non-linear system model using AC state estimation and ACOPF, and it is shown that, with an appropriately chosen sub-network, the attacker can overload transmission lines with moderate shifts of load.
Lan, T., Wang, W., Huang, G. M..  2017.  False data injection attack in smart grid topology control: Vulnerability and countermeasure. 2017 IEEE Power Energy Society General Meeting. :1–5.
Cyber security is a crucial factor for modern power system as many applications are heavily relied on the result of state estimation. Therefore, it is necessary to assess and enhance cyber security for new applications in power system. As an emerging technology, smart grid topology control has been investigated in stability and reliability perspectives while the associated cyber security issue is not studied before. In successful false data injection attack (FDIA) against AC state estimation, attacker could alter online stability check result by decreasing real power flow measurement on the switching target line to undermine physical system stability in topology control. The physical impact of FDIA on system control operation and stability are illustrated. The vulnerability is discussed on perfect FDIA and imperfect FDIA against residue based bad data detection and corresponding countermeasure is proposed to secure critical substations in the system. The vulnerability and countermeasure are demonstrated on IEEE 24 bus reliability test system (RTS).
Soltan, S., Zussman, G..  2017.  Power Grid State Estimation after a Cyber-Physical Attack under the AC Power Flow Model. 2017 IEEE Power Energy Society General Meeting. :1–5.

In this paper, we present an algorithm for estimating the state of the power grid following a cyber-physical attack. We assume that an adversary attacks an area by: (i) disconnecting some lines within that area (failed lines), and (ii) obstructing the information from within the area to reach the control center. Given the phase angles of the buses outside the attacked area under the AC power flow model (before and after the attack), the algorithm estimates the phase angles of the buses and detects the failed lines inside the attacked area. The novelty of our approach is the transformation of the line failures detection problem, which is combinatorial in nature, to a convex optimization problem. As a result, our algorithm can detect any number of line failures in a running time that is independent of the number of failures and is solely dependent on the size of the network. To the best of our knowledge, this is the first convex relaxation for the problem of line failures detection using phase angle measurements under the AC power flow model. We evaluate the performance of our algorithm in the IEEE 118- and 300-bus systems, and show that it estimates the phase angles of the buses with less that 1% error, and can detect the line failures with 80% accuracy for single, double, and triple line failures.

Liang, G., Weller, S. R., Zhao, J., Luo, F., Dong, Z. Y..  2017.  False Data Injection Attacks Targeting DC Model-Based State Estimation. 2017 IEEE Power Energy Society General Meeting. :1–5.

The false data injection attack (FDIA) is a form of cyber-attack capable of affecting the secure and economic operation of the smart grid. With DC model-based state estimation, this paper analyzes ways of constructing a successful attacking vector to fulfill specific targets, i.e., pre-specified state variable target and pre-specified meter target according to the adversary's willingness. The grid operator's historical reading experiences on meters are considered as a constraint for the adversary to avoid being detected. Also from the viewpoint of the adversary, we propose to take full advantage of the dual concept of the coefficients in the topology matrix to handle with the problem that the adversary has no access to some meters. Effectiveness of the proposed method is validated by numerical experiments on the IEEE-14 benchmark system.

Showkatbakhsh, M., Shoukry, Y., Chen, R. H., Diggavi, S., Tabuada, P..  2017.  An SMT-Based Approach to Secure State Estimation under Sensor and Actuator Attacks. 2017 IEEE 56th Annual Conference on Decision and Control (CDC). :157–162.

This paper addresses the problem of state estimation of a linear time-invariant system when some of the sensors or/and actuators are under adversarial attack. In our set-up, the adversarial agent attacks a sensor (actuator) by manipulating its measurement (input), and we impose no constraint on how the measurements (inputs) are corrupted. We introduce the notion of ``sparse strong observability'' to characterize systems for which the state estimation is possible, given bounds on the number of attacked sensors and actuators. Furthermore, we develop a secure state estimator based on Satisfiability Modulo Theory (SMT) solvers.

Škach, J., Straka, O., Punčochář, I..  2017.  Efficient active fault diagnosis using adaptive particle filter. 2017 IEEE 56th Annual Conference on Decision and Control (CDC). :5732–5738.

This paper presents a solution to a multiple-model based stochastic active fault diagnosis problem over the infinite-time horizon. A general additive detection cost criterion is considered to reflect the objectives. Since the system state is unknown, the design consists of a perfect state information reformulation and optimization problem solution by approximate dynamic programming. An adaptive particle filter state estimation algorithm based on the efficient sample size is proposed to maintain the estimate quality while reducing computational costs. A reduction of information statistics of the state is carried out using non-resampled particles to make the solution feasible. Simulation results illustrate the effectiveness of the proposed design.

Chu, Z., Zhang, J., Kosut, O., Sankar, L..  2016.  Evaluating power system vulnerability to false data injection attacks via scalable optimization. 2016 IEEE International Conference on Smart Grid Communications (SmartGridComm). :260–265.

Physical consequences to power systems of false data injection cyber-attacks are considered. Prior work has shown that the worst-case consequences of such an attack can be determined using a bi-level optimization problem, wherein an attack is chosen to maximize the physical power flow on a target line subsequent to re-dispatch. This problem can be solved as a mixed-integer linear program, but it is difficult to scale to large systems due to numerical challenges. Three new computationally efficient algorithms to solve this problem are presented. These algorithms provide lower and upper bounds on the system vulnerability measured as the maximum power flow subsequent to an attack. Using these techniques, vulnerability assessments are conducted for IEEE 118-bus system and Polish system with 2383 buses.