A composite detection technique against stealthy data manipulations is developed in this paper for distribution networks that are low observable. Attack detection strategies typically rely on state estimation which becomes challenging when limited measurements are available. In this paper, a modified matrix completion approach provides estimates of the system state and its error variances for the locations in the network where measurements are unavailable. Using the error statistics and their corresponding state estimates, bad data detection can be carried out using the chi-squared test. The proposed approach employs a moving target defence strategy (MTD) where the network parameters are perturbed through distributed flexible AC transmission system (D-FACTS) devices such that stealthy data manipulation attacks can be exposed in the form of bad data. Thus, the bad data detection approach developed in this paper can detect stealthy attacks using the MTD strategy. This technique is implemented on 37-bus and 123-bus three-phase unbalanced distribution networks to demonstrate the attack detection accuracy even for a low observable system.
more »
« less
Moving-Target Defense for Detecting Coordinated Cyber-Physical Attacks in Power Grids
This work proposes a moving target defense (MTD) strategy to detect coordinated cyber-physical attacks (CCPAs) against power grids. A CCPA consists of a physical attack, such as disconnecting a transmission line, followed by a coordinated cyber attack that injects false data into the sensor measurements to mask the effects of the physical attack. Such attacks can lead to undetectable line outages and cause significant damage to the grid. The main idea of the proposed approach is to invalidate the knowledge that the attackers use to mask the effects of the physical attack by actively perturbing the grid’s transmission line reactances using distributed flexible AC transmission system (D-FACTS) devices. We identify the MTD design criteria in this context to thwart CCPAs. The proposed MTD design consists of two parts. First, we identify the subset of links for D-FACTS device deployment that enables the defender to detect CCPAs against any link in the system. Then, in order to minimize the defense cost during the system’s operational time, we use a game-theoretic approach to identify the best subset of links (within the D-FACTS deployment set) to perturb which will provide adequate protection. Extensive simulations performed using the MATPOWER simulator on IEEE bus systems verify the effectiveness of our approach in detecting CCPAs and reducing the operator’s defense cost.
more »
« less
- Award ID(s):
- 1824710
- NSF-PAR ID:
- 10127249
- Date Published:
- Journal Name:
- Proceedings of the 10th IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm 2019)
- Page Range / eLocation ID:
- 1 to 7
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
The increasing penetration of cyber systems into smart grids has resulted in these grids being more vulnerable to cyber physical attacks. The central challenge of higher order cyber-physical contingency analysis is the exponential blow-up of the attack surface due to a large number of attack vectors. This gives rise to computational challenges in devising efficient attack mitigation strategies. However, a system operator can leverage private information about the underlying network to maintain a strategic advantage over an adversary equipped with superior computational capability and situational awareness. In this work, we examine the following scenario: A malicious entity intrudes the cyber-layer of a power network and trips the transmission lines. The objective of the system operator is to deploy security measures in the cyber-layer to minimize the impact of such attacks. Due to budget constraints, the attacker and the system operator have limits on the maximum number of transmission lines they can attack or defend. We model this adversarial interaction as a resource-constrained attacker-defender game. The computational intractability of solving large security games is well known. However, we exploit the approximately modular behavior of an impact metric known as the disturbance value to arrive at a linear-time algorithm for computing an optimal defense strategy. We validate the efficacy of the proposed strategy against attackers of various capabilities and provide an algorithm for a real-time implementation.more » « less
-
Hidden moving target defense (HMTD) is a proactive defense strategy that is kept hidden from attackers by changing the reactance of transmission lines to thwart false data injection (FDI) attacks. However, alert attackers with strong capabilities pose additional risks to the HMTD and thus, it is much-needed to evaluate the hiddenness of the HMTD. This paper first summarizes two existing alert attacker models, i.e., bad-data-detection-based alert attackers and data-driven alert attackers. Furthermore, this paper proposes a novel model-based alert attacker model that uses the MTD operation models to estimate the dispatched line reactance. The proposed attacker model can use the estimated line reactance to construct stealthy FDI attacks against HMTD methods that lack randomness. We propose a novel random-enabled HMTD (RHMTD) operation method, which utilizes random weights to introduce randomness and uses the derived hiddenness operation conditions as constraints. RHMTD is theoretically proven to be kept hidden from three alert attacker models. In addition, we analyze the detection effectiveness of the RHMTD against three alert attacker models. Simulation results on the IEEE 14-bus systems show that traditional HMTD methods fail to detect attacks by the model-based alert attacker, and RHMTD is kept hidden from three alert attackers and is effective in detecting attacks by three alert attackers.more » « less
-
The fast-growing installation of solar PVs has a significant impact on the operation of distribution systems. Grid-tied solar inverters provide reactive power capability to support the voltage profile in a distribution system. In comparison with traditional inverters, smart inverters have the capability of real time remote control through digital communication interfaces. However, cyberattack has become a major threat with the deployment of Information and Communications Technology (ICT) in a smart grid. The past cyberattack incidents have demonstrated how attackers can sabotage a power grid through digital communication systems. In the worst case, numerous electricity consumers can experience a major and extended power outage. Unfortunately, tracking techniques are not efficient for today’s advanced communication networks. Therefore, a reliable cyber protection system is a necessary defense tool for the power grid. In this paper, a signature-based Intrusion Detection System (IDS) is developed to detect cyber intrusions of a distribution system with a high level penetration of solar energy. To identify cyberattack events, an attack table is constructed based on the Temporal Failure Propagation Graph (TFPG) technique. It includes the information of potential cyberattack patterns in terms of attack types and time sequence of anomaly events. Once the detected anomaly events are matched with any of the predefined attack patterns, it is judged to be a cyberattack. Since the attack patterns are distinguishable from other system failures, it reduces the false positive rate. To study the impact of cyberattacks on solar devices and validate the performance of the proposed IDS, a realistic Cyber-Physical System (CPS) simulation environment available at Virginia Tech (VT) is used to develop an interconnection between the cyber and power system models. The CPS model demonstrates how communication system anomalies can impact the physical system. The results of two example cyberattack test cases are obtained with the IEEE 13 node test feeder system and the power system simulator, DIgSILENT PowerFactory.more » « less
-
Securing cyber-physical systems (CPS) like the Smart Grid against cyber attacks is making it imperative for the system defenders to plan for investing in the cybersecurity resources of cyber-physical critical infrastructure. Given the constraint of limited resources that can be invested in the cyber layer of the cyber-physical smart grid, optimal allocation of these resources has become a priority for the defenders of the grid. This paper proposes a methodology for optimizing the allocation of resources for the cybersecurity infrastructure in a smart grid using attack-defense trees and game theory. The proposed methodology uses attack-defense trees (ADTs) for analyzing the cyber-attack paths (attacker strategies) within the grid and possible defense strategies to prevent those attacks. The attack-defense strategy space (ADSS) provides a comprehensive list of interactions between the attacker and the defender of the grid. The proposed methodology uses the ADSS from the ADT analysis for a game-theoretic formulation (GTF) of attacker-defender interaction. The GTF allows us to obtain strategies for the defender in order to optimize cybersecurity resource allocation in the smart grid. The implementation of the proposed methodology is validated using a synthetic smart grid model equipped with cyber and physical components depicting the feasibility of the methodology for real-world implementation.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Conference Paper:
- https://doi.org/10.1109/SmartGridComm.2019.8909767
