Detection and prevention of Denial-of-Service in cloud-based smart grid

Smart Grid (SG), components with historical set of security challenges, becomes more vulnerable because Information and Communications Technology (ICT) has its own share of problems while Cloud infrastructure adds yet another unpredicted layer of threats. Scalability and availability, which are strong aspects of the cloud platform making it attractive to users, also attracts security threats for the same reasons. The malware installed on single host offers very limited scope compared to attack magnitude that compromised Cloud platform can offer. Therefore, the strongest aspect of Cloud itself becomes a nightmare in Cloud-Based SG. A breach in such a delicate system can cause severe consequences including interruption of electricity, equipment damage, data breach, complete blackouts, or even life-threatening consequences. We mimic Denial-of-Service (DoS) attacks to demonstrate interruption of electricity in SG with open-source solution to co-simulate power and communication systems

False data injection attack (FDIA): An overview and new metrics for fair evaluation of its countermeasure

The concept of false data injection attack (FDIA) was introduced originally in the smart grid domain. While the term sounds common, it specifically means the case when an attacker compromises sensor readings in such tricky way that undetected errors are introduced into calculations of state variables and values. Due to the rapid growth of the Internet and associated complex adaptive systems, cyber attackers are interested in exploiting similar attacks in other application domains such as healthcare, finance, defense, governance, etc. In today’s increasingly perilous cyber world of complex adaptive systems, FDIA has become one of the top-priority issues to deal with. It is a necessity today for greater awareness and better mechanism to counter such attack in the cyberspace. Hence, this work presents an overview of the attack, identifies the impact of FDIA in critical domains, and talks about the countermeasures. A taxonomy of the existing countermeasures to defend against FDIA is provided. Unlike other works, we propose some evaluation metrics for FDIA detection and also highlight the scarcity of benchmark datasets to validate the performance of FDIA detection techniques. [Figure not available: see fulltext.] © 2020, The Author(s)

A Frequency Hopping Method to Detect Replay Attacks

The application of information technology in network control systems introduces the potential threats to the future industrial control system. The malicious attacks undermine the security of network control system, which could cause a huge economic loss. This thesis studies a particular cyber attack called the replay attack, which is motivated by the Stuxnet worm allegedly used against the nuclear facilities in Iran. For replay attack, this thesis injects the narrow-band signal into control signal and adopts the spectrum estimation approach to test the estimation residue. In order to protect the information of the injected signal from knowing by attackers, the frequency hopping technology is employed to encrypt the frequency of the narrow-band signal. The detection method proposed in the thesis is illustrated and examined by the simulation studies, and it shows the good detection rate and security

Detection and Characterization of Actuator Attacks Using Kalman Filter Estimation

In this thesis, two discrete-time control systems subject to noise, are modeled, analyzed and estimated. These systems are then subjected to attack by false signals such as constant and ramp signals. In order to find out how and when the control systems are being attacked by the false signals, several detection algorithms are applied to the systems. This work focuses on actuator attack detection. To detect the presence of false actuator signals, a bank of Kalman filters is set up which uses adaptive estimation and conditional probability density functions for detecting the false signals. The individual Kalman filters are each tuned to satisfy a control system: one of which is the original system and the other of which is the system with a false signal. The use of the bank of Kalman filters to detect actuator attacks is tested in 4 cases; first-order system attacked by a constant or ramp signal and then a second-order system subject to the same types of attack signals. This work shows the bank of Kalman filters can successfully detect the intrusion of false signals for actuator attack by using several different detection algorithms. Simulations show that the false signal is found and detected in all cases

Detection and Characterization of Actuator Attacks Using Kalman Filter Estimation

In this thesis, two discrete-time control systems subject to noise, are modeled, analyzed and estimated. These systems are then subjected to attack by false signals such as constant and ramp signals. In order to find out how and when the control systems are being attacked by the false signals, several detection algorithms are applied to the systems. This work focuses on actuator attack detection. To detect the presence of false actuator signals, a bank of Kalman filters is set up which uses adaptive estimation and conditional probability density functions for detecting the false signals. The individual Kalman filters are each tuned to satisfy a control system: one of which is the original system and the other of which is the system with a false signal. The use of the bank of Kalman filters to detect actuator attacks is tested in 4 cases; first-order system attacked by a constant or ramp signal and then a second-order system subject to the same types of attack signals. This work shows the bank of Kalman filters can successfully detect the intrusion of false signals for actuator attack by using several different detection algorithms. Simulations show that the false signal is found and detected in all cases