skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Moving-Target Defense for Detecting Coordinated Cyber-Physical Attacks in Power Grids
This work proposes a moving target defense (MTD) strategy to detect coordinated cyber-physical attacks (CCPAs) against power grids. A CCPA consists of a physical attack, such as disconnecting a transmission line, followed by a coordinated cyber attack that injects false data into the sensor measurements to mask the effects of the physical attack. Such attacks can lead to undetectable line outages and cause significant damage to the grid. The main idea of the proposed approach is to invalidate the knowledge that the attackers use to mask the effects of the physical attack by actively perturbing the grid’s transmission line reactances using distributed flexible AC transmission system (D-FACTS) devices. We identify the MTD design criteria in this context to thwart CCPAs. The proposed MTD design consists of two parts. First, we identify the subset of links for D-FACTS device deployment that enables the defender to detect CCPAs against any link in the system. Then, in order to minimize the defense cost during the system’s operational time, we use a game-theoretic approach to identify the best subset of links (within the D-FACTS deployment set) to perturb which will provide adequate protection. Extensive simulations performed using the MATPOWER simulator on IEEE bus systems verify the effectiveness of our approach in detecting CCPAs and reducing the operator’s defense cost.  more » « less
Award ID(s):
1824710
PAR ID:
10127249
Author(s) / Creator(s):
; ;
Date Published:
Journal Name:
Proceedings of the 10th IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm 2019)
Page Range / eLocation ID:
1 to 7
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; (, IEEE Transactions on Smart Grid)
    A composite detection technique against stealthy data manipulations is developed in this paper for distribution networks that are low observable. Attack detection strategies typically rely on state estimation which becomes challenging when limited measurements are available. In this paper, a modified matrix completion approach provides estimates of the system state and its error variances for the locations in the network where measurements are unavailable. Using the error statistics and their corresponding state estimates, bad data detection can be carried out using the chi-squared test. The proposed approach employs a moving target defence strategy (MTD) where the network parameters are perturbed through distributed flexible AC transmission system (D-FACTS) devices such that stealthy data manipulation attacks can be exposed in the form of bad data. Thus, the bad data detection approach developed in this paper can detect stealthy attacks using the MTD strategy. This technique is implemented on 37-bus and 123-bus three-phase unbalanced distribution networks to demonstrate the attack detection accuracy even for a low observable system. 
    more » « less
  2. ; (, IET Cyber-Physical Systems: Theory & Applications)
    Abstract Moving target defence (MTD) has been gaining traction to thwart false data injection attacks against state estimation (SE) in the power grid. MTD actively perturbs the reactance of transmission lines equipped with distributed flexible AC transmission system (D‐FACTS) devices to falsify the attacker's knowledge about the system configuration. However, the existing literature has not systematically studied what influences the detection effectiveness of MTD and how it can be improved based on the topology analysis. These problems are tackled here from the perspective of an MTD plan in which the D‐FACTS placement is determined. We first exploit the relation between the rank of the composite matrix and the detecting effectiveness. Then, we rigorously derive upper and lower bounds on the attack detecting probability of MTDs with a given rank of the composite matrix. Furthermore, we analyse existing planning methods and highlight the importance of bus coverage by D‐FACTS devices. To improve the detection effectiveness, we propose a novel graph theory–based planning algorithm to retain the maximum rank of the composite matrix while covering all necessary buses. Comparative results on multiple systems show the high detecting effectiveness of the proposed algorithm in both DC‐ and AC‐SE. 
    more » « less
  3. ; (, IEEE Innovative Smart Grid Technologies (ISGT))
    Securing cyber-physical systems (CPS) like the Smart Grid against cyber attacks is making it imperative for the system defenders to plan for investing in the cybersecurity resources of cyber-physical critical infrastructure. Given the constraint of limited resources that can be invested in the cyber layer of the cyber-physical smart grid, optimal allocation of these resources has become a priority for the defenders of the grid. This paper proposes a methodology for optimizing the allocation of resources for the cybersecurity infrastructure in a smart grid using attack-defense trees and game theory. The proposed methodology uses attack-defense trees (ADTs) for analyzing the cyber-attack paths (attacker strategies) within the grid and possible defense strategies to prevent those attacks. The attack-defense strategy space (ADSS) provides a comprehensive list of interactions between the attacker and the defender of the grid. The proposed methodology uses the ADSS from the ADT analysis for a game-theoretic formulation (GTF) of attacker-defender interaction. The GTF allows us to obtain strategies for the defender in order to optimize cybersecurity resource allocation in the smart grid. The implementation of the proposed methodology is validated using a synthetic smart grid model equipped with cyber and physical components depicting the feasibility of the methodology for real-world implementation. 
    more » « less
  4. ; (, 2024 International Wireless Communications and Mobile Computing (IWCMC))
    Wireless Sensor Network (WSN) becomes the dominate last-mile connection to cyber-physical systems and Internet-of-Things. However, WSN opens new attack surfaces such as black holes, where sensing information gets lost during relay towards base stations. Current defense mechanisms against black hole attacks require substantial energy consumption, reducing the system's lifetime. This paper proposes a novel approach to detect and recover from black hole attacks using an improved version of Low-Energy Adaptive Clustering Hierarchy (LEACH) protocol. LEACH is an energy-efficient routing protocol for groups of battery-operated sensor nodes in hierarchy. A round of selection for cluster heads is scheduled in a set time. We propose to improve LEACH with Anomaly Report Cycling (ARC-LEACH), tradeoff between security strength and energy cost. ARC-LEACH absorbs an attack when it occurs by rotating cluster heads to reestablish communication and then sending a message from the base station to coordinate all nodes against the malicious nodes. ARC-LEACH actively blocks malicious nodes while leveraging the resilience of LEACH for stronger resistance to blackhole attacks. ARC-LEACH can provide more defense capability when under attack from multiple malicious nodes that would otherwise be defenseless by LEACH, with only minor increase in energy consumption. 
    more » « less
  5. ; ; ; ; ; (, IEEE PES General Meeting)
    The increasing penetration of cyber systems into smart grids has resulted in these grids being more vulnerable to cyber physical attacks. The central challenge of higher order cyber-physical contingency analysis is the exponential blow-up of the attack surface due to a large number of attack vectors. This gives rise to computational challenges in devising efficient attack mitigation strategies. However, a system operator can leverage private information about the underlying network to maintain a strategic advantage over an adversary equipped with superior computational capability and situational awareness. In this work, we examine the following scenario: A malicious entity intrudes the cyber-layer of a power network and trips the transmission lines. The objective of the system operator is to deploy security measures in the cyber-layer to minimize the impact of such attacks. Due to budget constraints, the attacker and the system operator have limits on the maximum number of transmission lines they can attack or defend. We model this adversarial interaction as a resource-constrained attacker-defender game. The computational intractability of solving large security games is well known. However, we exploit the approximately modular behavior of an impact metric known as the disturbance value to arrive at a linear-time algorithm for computing an optimal defense strategy. We validate the efficacy of the proposed strategy against attackers of various capabilities and provide an algorithm for a real-time implementation. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email