skip to main content

This content will become publicly available on March 1, 2024

Title: Model-Measurement Data Integrity Attacks
The vulnerabilities of information and communica-tion technology (ICT) infrastructures leave room for cyber attacks threatening the reliable operations of power systems. Based on the real-world evidence of the Ukraine power grid attack and the pop-ular technical discussion that cyber attacks could be launched at the control-center level, this paper reveals a new attack strategy: model-measurement data integrity (MMI) attack. Instead of com-promising measurements only, we investigate the possibility where network parameters are coordinately manipulated when con-structing false data injection attack (FDIA) vectors. Furthermore, we model cyber adversaries possible behavior of co-planning the manipulated measurement channels and parameter attack vectors prior to the launch of FDIAs. The revealed MMI attack strategy allows a drastic reduction of measurement channels to compro-mise in run-time for keeping the stealth property. Simulations in the IEEE 14-bus test system and the IEEE 118-bus test system demonstrate the feasibility of the revealed MMI attack strategy.
; ; ; ;
Award ID(s):
Publication Date:
Journal Name:
IEEE Transactions on Smart Grid
Page Range or eLocation-ID:
1 to 1
Sponsoring Org:
National Science Foundation
More Like this
  1. Communication networks in power systems are a major part of the smart grid paradigm. It enables and facilitates the automation of power grid operation as well as self-healing in contingencies. Such dependencies on communication networks, though, create a roam for cyber-threats. An adversary can launch an attack on the communication network, which in turn reflects on power grid operation. Attacks could be in the form of false data injection into system measurements, flooding the communication channels with unnecessary data, or intercepting messages. Using machine learning-based processing on data gathered from communication networks and the power grid is a promising solution for detecting cyber threats. In this paper, a co-simulation of cyber-security for cross-layer strategy is presented. The advantage of such a framework is the augmentation of valuable data that enhances the detection as well as identification of anomalies in the operation of the power grid. The framework is implemented on the IEEE 118-bus system. The system is constructed in Mininet to simulate a communication network and obtain data for analysis. A distributed three controller software-defined networking (SDN) framework is proposed that utilizes the Open Network Operating System (ONOS) cluster. According to the findings of our suggested architecture, it outperforms amore »single SDN controller framework by a factor of more than ten times the throughput. This provides for a higher flow of data throughout the network while decreasing congestion caused by a single controller’s processing restrictions. Furthermore, our CECD-AS approach outperforms state-of-the-art physics and machine learning-based techniques in terms of attack classification. The performance of the framework is investigated under various types of communication attacks.« less
  2. Power system state estimation is an important component of the status and healthiness of the underlying electric power grid real-time monitoring. However, such a component is prone to cyber-physical attacks. The majority of research in cyber-physical power systems security focuses on detecting measurements False-Data Injection attacks. While this is important, measurement model parameters are also a most important part of the state estimation process. Measurement model parameters though, also known as static-data, are not monitored in real-life applications. Measurement model solutions ultimately provide estimated states. A state-of-the-art model presents a two-step process towards simultaneous false-data injection security: detection and correction. Detection steps are χ2 statistical hypothesis test based, while correction steps consider the augmented state vector approach. In addition, the correction step uses an iterative solution of a relaxed non-linear model with no guarantee of optimal solution. This paper presents a linear programming method to detect and correct cyber-attacks in the measurement model parameters. The presented bi-level model integrates the detection and correction steps. Temporal and spatio characteristics of the power grid are used to provide an online detection and correction tool for attacks pertaining the parameters of the measurement model. The presented model is implemented on the IEEE 118more »bus system. Comparative test results with the state-of-the-art model highlight improved accuracy. An easy-to-implement model, built on the classical weighted least squares solution, without hard-to-derive parameters, highlights potential aspects towards real-life applications.« less
  3. This work proposes a moving target defense (MTD) strategy to detect coordinated cyber-physical attacks (CCPAs) against power grids. A CCPA consists of a physical attack, such as disconnecting a transmission line, followed by a coordinated cyber attack that injects false data into the sensor measurements to mask the effects of the physical attack. Such attacks can lead to undetectable line outages and cause significant damage to the grid. The main idea of the proposed approach is to invalidate the knowledge that the attackers use to mask the effects of the physical attack by actively perturbing the grid’s transmission line reactances using distributed flexible AC transmission system (D-FACTS) devices. We identify the MTD design criteria in this context to thwart CCPAs. The proposed MTD design consists of two parts. First, we identify the subset of links for D-FACTS device deployment that enables the defender to detect CCPAs against any link in the system. Then, in order to minimize the defense cost during the system’s operational time, we use a game-theoretic approach to identify the best subset of links (within the D-FACTS deployment set) to perturb which will provide adequate protection. Extensive simulations performed using the MATPOWER simulator on IEEE bus systemsmore »verify the effectiveness of our approach in detecting CCPAs and reducing the operator’s defense cost.« less
  4. This paper presents a deep learning based multi-label attack detection approach for the distributed control in AC microgrids. The secondary control of AC microgrids is formulated as a constrained optimization problem with voltage and frequency as control variables which is then solved using a distributed primal-dual gradient algorithm. The normally distributed false data injection (FDI) attacks against the proposed distributed control are then designed for the distributed gener-ator's output voltage and active/reactive power measurements. In order to detect the presence of false measurements, a deep learning based attack detection strategy is further developed. The proposed attack detection is formulated as a multi-label classification problem to capture the inconsistency and co-occurrence dependencies in the power flow measurements due to the presence of FDI attacks. With this multi-label classification scheme, a single model is able to identify the presence of different attacks and load change simultaneously. Two different deep learning techniques are compared to design the attack detector, and the performance of the proposed distributed control and the attack detector is demonstrated through simulations on the modified IEEE 34-bus distribution test system.
  5. Phasor Measurement Units (PMU), due to their capability for providing highly precise and time-synchronized measurements of synchrophasors, have now become indispensable in wide area monitoring of power-grid systems. Successful and reliable delivery of synchrophasor packets from the PMUs to the Phasor Data Concentrators (PDCs) and beyond, requires a backbone communication network that is robust and resilient to failures. These networks are vulnerable to a range of failures that include cyber-attacks, system or device level outages and link failures. In this paper, we present a framework to evaluate the resilience of a PMU network in the context of link failures. We model the PMU network as a connected graph and link failures as edges being removed from the graph. Our approach, inspired by model checking methods, involves exhaustively checking the reachability of PMU nodes to PDC nodes, for all possible combinations of link failures, given an expected number of links fail simultaneously. Using the IEEE 14-bus system, we illustrate the construction of the graph model and the solution design. Finally, a comparative evaluation on how adding redundant links to the network improves the Power System Observability, is performed on the IEEE 118 bus-system.