Cyber-Attack Detection and Mitigation in Networked Control Systems

Cyber-Physical System (CPS) is the term used to describe the physical systems equipped with computation and communication capabilities. CPSs can be used in different applications e.g. autonomous vehicles, water distribution systems, smart grids, industry 4.0 and Internet of Things (IoT). CPSs have expectation of improving the capability of traditional engineering system but on the other hand, they arise several concerns about their security against cyber-attacks. In the last decade, several cyber-attacks targeting SCADA systems have been reported, see e.g. Maroochy water breach and the Stuxnet worm aimed Iran's nuclear facility. From a control point of view, a CPS can be interpreted as a Networked Control System (NCS) where the risk of cyber-attacks can be modeled as the possibility that malicious agents could compromise the communication channels. In order to bene�t from CPSs, specially in safety critical systems, their vulnerabilities to cyber-attacks must be properly faced. In this thesis two control architectures for CPS are developed. In the first, starting from the analysis of active detection mechanisms available in the literature, we propose a novel architecture capable of detecting a broad class of False Data Injection (FDI) attacks. Such strategy has been contrasted with the well-known watermarking detection mechanism and it is shown that our solution is capable of detecting replay attacks without degrading the closed-loop performance of the system. Moreover, it is shown that compared to detection schemes resorting to auxiliary systems, the proposed strategy is less involved and of easier implementation. In particular, it can be installed on the existing NCS infrastructure without changing communications, controller or state estimator. In the second architecture, we propose another novel architecture capable of detecting and mitigating a broad class of FDI attacks. First, we propose a detection mechanism based on a coding scheme to limit the attacker's disclosure and disruptive resources and prevent the existence of stealthy attacks. Second, we propose an emergency local controller that is activated when an attack is detected or the plant's safety is in danger. It is proved that the proposed architecture always guarantees the safety of the system, regardless of the attack actions and detector performance. Moreover, plant's normal operation recovery is ensured once the attack is terminated

Cyber-Attack Detection and Mitigation in Networked Control Systems

Cyber-Physical System (CPS) is the term used to describe the physical systems equipped with computation and communication capabilities. CPSs can be used in different applications e.g. autonomous vehicles, water distribution systems, smart grids, industry 4.0 and Internet of Things (IoT). CPSs have expectation of improving the capability of traditional engineering system but on the other hand, they arise several concerns about their security against cyber-attacks. In the last decade, several cyber-attacks targeting SCADA systems have been reported, see e.g. Maroochy water breach and the Stuxnet worm aimed Iran's nuclear facility. From a control point of view, a CPS can be interpreted as a Networked Control System (NCS) where the risk of cyber-attacks can be modeled as the possibility that malicious agents could compromise the communication channels. In order to benefit from CPSs, specially in safety critical systems, their vulnerabilities to cyber-attacks must be properly faced. In this thesis two control architectures for CPS are developed. In the first, starting from the analysis of active detection mechanisms available in the literature, we propose a novel architecture capable of detecting a broad class of False Data Injection (FDI) attacks. Such strategy has been contrasted with the well-known watermarking detection mechanism and it is shown that our solution is capable of detecting replay attacks without degrading the closed-loop performance of the system. Moreover, it is shown that compared to detection schemes resorting to auxiliary systems, the proposed strategy is less involved and of easier implementation. In particular, it can be installed on the existing NCS infrastructure without changing communications, controller or state estimator. In the second architecture, we propose another novel architecture capable of detecting and mitigating a broad class of FDI attacks. First, we propose a detection mechanism based on a coding scheme to limit the attacker's disclosure and disruptive resources and prevent the existence of stealthy attacks. Second, we propose an emergency local controller that is activated when an attack is detected or the plant's safety is in danger. It is proved that the proposed architecture always guarantees the safety of the system, regardless of the attack actions and detector performance. Moreover, plant's normal operation recovery is ensured once the attack is terminated

On the Control of Microgrids Against Cyber-Attacks: A Review of Methods and Applications

Nowadays, the use of renewable generations, energy storage systems (ESSs) and microgrids (MGs) has been developed due to better controllability of distributed energy resources (DERs) as well as their cost-effective and emission-aware operation. The development of MGs as well as the use of hierarchical control has led to data transmission in the communication platform. As a result, the expansion of communication infrastructure has made MGs as cyber-physical systems (CPSs) vulnerable to cyber-attacks (CAs). Accordingly, prevention, detection and isolation of CAs during proper control of MGs is essential. In this paper, a comprehensive review on the control strategies of microgrids against CAs and its defense mechanisms has been done. The general structure of the paper is as follows: firstly, MGs operational conditions, i.e., the secure or insecure mode of the physical and cyber layers are investigated and the appropriate control to return to a safer mode are presented. Then, the common MGs communication system is described which is generally used for multi-agent systems (MASs). Also, classification of CAs in MGs has been reviewed. Afterwards, a comprehensive survey of available researches in the field of prevention, detection and isolation of CA and MG control against CA are summarized. Finally, future trends in this context are clarified