False data injection attack (FDIA): An overview and new metrics for fair evaluation of its countermeasure

The concept of false data injection attack (FDIA) was introduced originally in the smart grid domain. While the term sounds common, it specifically means the case when an attacker compromises sensor readings in such tricky way that undetected errors are introduced into calculations of state variables and values. Due to the rapid growth of the Internet and associated complex adaptive systems, cyber attackers are interested in exploiting similar attacks in other application domains such as healthcare, finance, defense, governance, etc. In today’s increasingly perilous cyber world of complex adaptive systems, FDIA has become one of the top-priority issues to deal with. It is a necessity today for greater awareness and better mechanism to counter such attack in the cyberspace. Hence, this work presents an overview of the attack, identifies the impact of FDIA in critical domains, and talks about the countermeasures. A taxonomy of the existing countermeasures to defend against FDIA is provided. Unlike other works, we propose some evaluation metrics for FDIA detection and also highlight the scarcity of benchmark datasets to validate the performance of FDIA detection techniques. [Figure not available: see fulltext.] © 2020, The Author(s)

Detection and prevention of Denial-of-Service in cloud-based smart grid

Smart Grid (SG), components with historical set of security challenges, becomes more vulnerable because Information and Communications Technology (ICT) has its own share of problems while Cloud infrastructure adds yet another unpredicted layer of threats. Scalability and availability, which are strong aspects of the cloud platform making it attractive to users, also attracts security threats for the same reasons. The malware installed on single host offers very limited scope compared to attack magnitude that compromised Cloud platform can offer. Therefore, the strongest aspect of Cloud itself becomes a nightmare in Cloud-Based SG. A breach in such a delicate system can cause severe consequences including interruption of electricity, equipment damage, data breach, complete blackouts, or even life-threatening consequences. We mimic Denial-of-Service (DoS) attacks to demonstrate interruption of electricity in SG with open-source solution to co-simulate power and communication systems

Cognitive Dynamic System for AC State Estimation and Cyber-Attack Detection in Smart Grid

The work presented in this chapter is an extension of our previous research of bringing together the Cognitive Dynamic System (CDS) and the Smart Grid (SG) by focusing on AC state estimation and Cyber-Attack detection. Under the AC power flow model, state estimation is complex and computationally expensive as it relies on iterative procedures. On the other hand, the False Data Injection (FDI) attacks are a new category of cyber-attacks targeting the SG that can bypass the current bad data detection techniques in the SG. Due to the complexity of the nonlinear system involved, the amount of published works on AC based FDI attacks have been fewer compared to their DC counterpart. Here, we will demonstrate how the entropic state, which is the objective function of the CDS, can be used as a metric to monitor the grid’s health and detect FDI attacks. The CDS, acting as the supervisor of the system, improves the entropic state on a cycle to cycle basis by dynamically optimizing the state estimation process through the reconfiguration of the weights of the sensors in the network. In order to showcase performance of this new structure, computer simulations are carried out on the IEEE 14-bus system for optimal state estimation and FDI attack detection

Detection and Characterization of Actuator Attacks Using Kalman Filter Estimation

In this thesis, two discrete-time control systems subject to noise, are modeled, analyzed and estimated. These systems are then subjected to attack by false signals such as constant and ramp signals. In order to find out how and when the control systems are being attacked by the false signals, several detection algorithms are applied to the systems. This work focuses on actuator attack detection. To detect the presence of false actuator signals, a bank of Kalman filters is set up which uses adaptive estimation and conditional probability density functions for detecting the false signals. The individual Kalman filters are each tuned to satisfy a control system: one of which is the original system and the other of which is the system with a false signal. The use of the bank of Kalman filters to detect actuator attacks is tested in 4 cases; first-order system attacked by a constant or ramp signal and then a second-order system subject to the same types of attack signals. This work shows the bank of Kalman filters can successfully detect the intrusion of false signals for actuator attack by using several different detection algorithms. Simulations show that the false signal is found and detected in all cases

A Frequency Hopping Method to Detect Replay Attacks

The application of information technology in network control systems introduces the potential threats to the future industrial control system. The malicious attacks undermine the security of network control system, which could cause a huge economic loss. This thesis studies a particular cyber attack called the replay attack, which is motivated by the Stuxnet worm allegedly used against the nuclear facilities in Iran. For replay attack, this thesis injects the narrow-band signal into control signal and adopts the spectrum estimation approach to test the estimation residue. In order to protect the information of the injected signal from knowing by attackers, the frequency hopping technology is employed to encrypt the frequency of the narrow-band signal. The detection method proposed in the thesis is illustrated and examined by the simulation studies, and it shows the good detection rate and security

Detection and Characterization of Actuator Attacks Using Kalman Filter Estimation

In this thesis, two discrete-time control systems subject to noise, are modeled, analyzed and estimated. These systems are then subjected to attack by false signals such as constant and ramp signals. In order to find out how and when the control systems are being attacked by the false signals, several detection algorithms are applied to the systems. This work focuses on actuator attack detection. To detect the presence of false actuator signals, a bank of Kalman filters is set up which uses adaptive estimation and conditional probability density functions for detecting the false signals. The individual Kalman filters are each tuned to satisfy a control system: one of which is the original system and the other of which is the system with a false signal. The use of the bank of Kalman filters to detect actuator attacks is tested in 4 cases; first-order system attacked by a constant or ramp signal and then a second-order system subject to the same types of attack signals. This work shows the bank of Kalman filters can successfully detect the intrusion of false signals for actuator attack by using several different detection algorithms. Simulations show that the false signal is found and detected in all cases

Cyber-Physical Security of Wide-Area Frequency-based Applications in Power Systems

Modern power systems are continuously developing into large and interconnected ones. However, at the same time, restructuring within the power industry and reduced investment in transmission system expansions mean that power systems are operating closer and closer to their limits, leaving them more vulnerable to fault outages than before. The aspects of protection and control within power systems have thus become increasingly important as well as complicated. Concurrently, the continuous technological development in communication and measurement has accelerated the occurrence and application of Wide-Area Monitoring, Protection and Control (WAMPAC), a new kind of advanced scheme based on wide-area measurements. The blackouts happening in North America as well as in other countries over the past few years are also providing more incentives to scientists and engineers to study wide-area protection and control systems. Communication networks in smart grids bring increased connectivity at the cost of increased security vulnerabilities and challenges. A smart grid can be a prime target for cyber terrorism because of its critical nature. As a result, smart grid security has already attracted significant attention from governments, the energy industry, and consumers, leading to several important studies. WAMPAC is the concept of using system-wide information via a centralized control center or Energy Management System (EMS) to monitor and control the whole system. Based on the situation and the required control action, the control center shares selected data with specific remote locations that are in need of the data. The utilization of system-wide information makes it easier to monitor the entire system and make better control and protection decisions by the EMS. Although the communication system is the backbone of these recent schemes, it makes them vulnerable to different types of cyber attacks. This thesis aims to investigate the problem of cyber security in frequency-related WAMPAC schemes. Two main schemes are considered as case studies: Automatic Generation Control(AGC) and Wide-Area Under-Frequency Load Shedding (WAUFLS) protection schemes. In addition, the cyber security of Power System State Estimation (PSSE), as a Wide-Area Monitoring (WAM) scheme, has been revisited. As WAMPAC schemes are so varied in their purpose and implementation, there is no general analysis to illustrate the potential impact of a cyber attack on all such schemes. However, some general types of system responses are considered in this work. First, with regard to AGC systems, a Kalman filter-based approach is proposed to detect False Data Injection (FDI) in AGC systems. Because detecting FDI and removing the compromised measurements are not enough in practical situations, the use of a simultaneous input and state estimation-based algorithm to detect and concurrently compensate for FDI attacks against the measurements of AGC systems is investigated. Throughout the use of this algorithm, the FDI attack signal is dealt with as an unknown input and its value is estimated accordingly. Then, the estimated value for the FDI is used to compensate for the effect of the attack so that the control center makes its decisions based on the corrected sensor signals, not the manipulated ones. Unlike other approaches, and as an extension to this work, the effect of AGC nonlinearities is studied during the attack time. Recurrent Neural Networks (RNN)-based approach is proposed to detect FDI during a time where any of the nonlinearities is affecting the system. The RNN-based approach is used to classify and identify the attacks according to their behavior. Second, with regard to WAUFLS protection schemes, this thesis investigates the problem of cyber attacks on WAUFLS. This is followed by a detailed analysis showing that an adversary can launch an FDI attack against existing WAUFLS schemes in three different ways depending on they access level to system data, which may lead to equipment damage and/or system-wide blackout. To address this issue, a new mitigation scheme, that is ro-bust against cyber attacks, is proposed to mitigate the effect of FDI attacks on WAUFLS. The proposed scheme depends on trusted system states to run power flow, so the power mismatch in the system is calculated. Finally, the calculated magnitude of disturbance is used to decide on the amount and locations of the load shedding. All proposed detection and mitigation methods in the thesis are tested using simulations of practical systems. In addition, sensitivity analysis is given after each method