A Colonel Blotto Game for Interdependence-Aware Cyber-Physical Systems Security in Smart Cities

Smart cities must integrate a number of interdependent cyber-physical systems that operate in a coordinated manner to improve the well-being of the city's residents. A cyber-physical system (CPS) is a system of computational elements controlling physical entities. Large-scale CPSs are more vulnerable to attacks due to the cyber-physical interdependencies that can lead to cascading failures which can have a significant detrimental effect on a city. In this paper, a novel approach is proposed for analyzing the problem of allocating security resources, such as firewalls and anti-malware, over the various cyber components of an interdependent CPS to protect the system against imminent attacks. The problem is formulated as a Colonel Blotto game in which the attacker seeks to allocate its resources to compromise the CPS, while the defender chooses how to distribute its resources to defend against potential attacks. To evaluate the effects of defense and attack, various CPS factors are considered including human-CPS interactions as well as physical and topological characteristics of a CPS such as flow and capacity of interconnections and minimum path algorithms. Results show that, for the case in which the attacker is not aware of the CPS interdependencies, the defender can have a higher payoff, compared to the case in which the attacker has complete information. The results also show that, in the case of more symmetric nodes, due to interdependencies, the defender achieves its highest payoff at the equilibrium compared to the case with independent, asymmetric nodes

A distributed networked approach for fault detection of large-scale systems

Networked systems present some key new challenges in the development of fault diagnosis architectures. This paper proposes a novel distributed networked fault detection methodology for large-scale interconnected systems. The proposed formulation incorporates a synchronization methodology with a filtering approach in order to reduce the effect of measurement noise and time delays on the fault detection performance. The proposed approach allows the monitoring of multi-rate systems, where asynchronous and delayed measurements are available. This is achieved through the development of a virtual sensor scheme with a model-based re-synchronization algorithm and a delay compensation strategy for distributed fault diagnostic units. The monitoring architecture exploits an adaptive approximator with learning capabilities for handling uncertainties in the interconnection dynamics. A consensus-based estimator with timevarying weights is introduced, for improving fault detectability in the case of variables shared among more than one subsystem. Furthermore, time-varying threshold functions are designed to prevent false-positive alarms. Analytical fault detectability sufficient conditions are derived and extensive simulation results are presented to illustrate the effectiveness of the distributed fault detection technique

Local Cyber-Physical Attack for Masking Line Outage and Topology Attack in Smart Grid

Malicious attacks in the power system can eventually result in a large-scale cascade failure if not attended on time. These attacks, which are traditionally classified into \emph{physical} and \emph{cyber attacks}, can be avoided by using the latest and advanced detection mechanisms. However, a new threat called \emph{cyber-physical attacks} which jointly target both the physical and cyber layers of the system to interfere the operations of the power grid is more malicious as compared with the traditional attacks. In this paper, we propose a new cyber-physical attack strategy where the transmission line is first physically disconnected, and then the line-outage event is masked, such that the control center is misled into detecting as an obvious line outage at a different position in the local area of the power system. Therefore, the topology information in the control center is interfered by our attack. We also propose a novel procedure for selecting vulnerable lines, and analyze the observability of our proposed framework. Our proposed method can effectively and continuously deceive the control center into detecting fake line-outage positions, and thereby increase the chance of cascade failure because the attention is given to the fake outage. The simulation results validate the efficiency of our proposed attack strategy.Comment: accepted by IEEE Transactions on Smart Grid. arXiv admin note: text overlap with arXiv:1708.0320