Search for: All records

First responders and other tactical teams rely on mo- bile tactical networks to coordinate and accomplish emergent time- critical tasks. The information exchanged through these networks is vulnerable to various strategic cyber network attacks. Detecting and mitigating them is a challenging problem due to the volatile and mobile nature of an ad hoc environment. This paper proposes MalCAD, a graph machine learning-based framework for detecting cyber attacks in mobile tactical software-defined networks. Mal- CAD operates based on observing connectivity features among various nodes obtained using graph theory, instead of collecting information at each node. The MalCAD framework is based on the XGBOOST classification algorithm and is evaluated for lost versus wasted connectivity and random versus targeted cyber attacks. Results show that, while the initial cyber attacks create a loss of 30%–60% throughput, MalCAD results in a gain of average throughput by 25%–50%, demonstrating successful attack mitigation. 

Communication networks in power systems are a major part of the smart grid paradigm. It enables and facilitates the automation of power grid operation as well as self-healing in contingencies. Such dependencies on communication networks, though, create a roam for cyber-threats. An adversary can launch an attack on the communication network, which in turn reflects on power grid operation. Attacks could be in the form of false data injection into system measurements, flooding the communication channels with unnecessary data, or intercepting messages. Using machine learning-based processing on data gathered from communication networks and the power grid is a promising solution for detecting cyber threats. In this paper, a co-simulation of cyber-security for cross-layer strategy is presented. The advantage of such a framework is the augmentation of valuable data that enhances the detection as well as identification of anomalies in the operation of the power grid. The framework is implemented on the IEEE 118-bus system. The system is constructed in Mininet to simulate a communication network and obtain data for analysis. A distributed three controller software-defined networking (SDN) framework is proposed that utilizes the Open Network Operating System (ONOS) cluster. According to the findings of our suggested architecture, it outperforms a single SDN controller framework by a factor of more than ten times the throughput. This provides for a higher flow of data throughout the network while decreasing congestion caused by a single controller’s processing restrictions. Furthermore, our CECD-AS approach outperforms state-of-the-art physics and machine learning-based techniques in terms of attack classification. The performance of the framework is investigated under various types of communication attacks. 

In recent years, smart grid communications (SGC) has evolved to use new technologies not only for data delivery but also for enhanced smart grid (SG) security and reliability. Software Defined Networks (SDN) has proved to be a reliable and efficient architecture for handling diverse communication systems due to their ability to divide responsibilities of the network using control plane and data plane. This paper presents a graph learning approach for detecting and identifying Distributed Denial of Service (DDoS) attacks in SDN-SGC systems (GLASS). GLASS is a two phase framework that (1) detects if SDN-SGC is under DDoS attack using supervised graph deep learning and then (2) identifies the compromised entities using unsupervised learning methods. Network performance statistics are used for modeling SDN-SGC graphs, which train Graph Convolutional Neural Networks (GCN) to extract latent representations caused by DDoS attacks. Finally, spectral clustering is used to identify compromised entities. The experimental results, obtained by analysis of an IEEE 118-bus system, show the average throughput for compromised entities is able to maintain 84% of normal traffic level with GLASS, compared to achieving only 4% of normal throughput caused by DDoS attacks on compromised entities without the GLASS framework. 

Concerning power systems, real-time monitoring of cyber–physical security, false data injection attacks on wide-area measurements are of major concern. However, the database of the network parameters is just as crucial to the state estimation process. Maintaining the accuracy of the system model is the other part of the equation, since almost all applications in power systems heavily depend on the state estimator outputs. While much effort has been given to measurements of false data injection attacks, seldom reported work is found on the broad theme of false data injection on the database of network parameters. State-of-the-art physics-based model solutions correct false data injection on network parameter database considering only available wide-area measurements. In addition, deterministic models are used for correction. In this paper, an overdetermined physics-based parameter false data injection correction model is presented. The overdetermined model uses a parameter database correction Jacobian matrix and a Taylor series expansion approximation. The method further applies the concept of synthetic measurements, which refers to measurements that do not exist in the real-life system. A machine learning linear regression-based model for measurement prediction is integrated in the framework through deriving weights for synthetic measurements creation. Validation of the presented model is performed on the IEEE 118-bus system. Numerical results show that the approximation error is lower than the state-of-the-art, while providing robustness to the correction process. Easy-to-implement model on the classical weighted-least-squares solution, highlights real-life implementation potential aspects. 

Abstract Smart Grid (SG) research and development has drawn much attention from academia, industry and government due to the great impact it will have on society, economics and the environment. Securing the SG is a considerably significant challenge due the increased dependency on communication networks to assist in physical process control, exposing them to various cyber‐threats. In addition to attacks that change measurement values using False Data Injection (FDI) techniques, attacks on the communication network may disrupt the power system's real‐time operation by intercepting messages, or by flooding the communication channels with unnecessary data. Addressing these attacks requires a cross‐layer approach. In this paper a cross‐layered strategy is presented, called Cross‐Layer Ensemble CorrDet with Adaptive Statistics(CECD‐AS), which integrates the detection of faulty SG measurement data as well as inconsistent network inter‐arrival times and transmission delays for more reliable and accurate anomaly detection and attack interpretation. Numerical results show that CECD‐AS can detect multiple False Data Injections, Denial of Service (DoS) and Man In The Middle (MITM) attacks with a high F1‐score compared to current approaches that only use SG measurement data for detection such as the traditional physics‐based State Estimation, ECD‐AS strategy and other machine learning classification‐based detection schemes.