Security Aspects of Internet of Things aided Smart Grids: a Bibliometric Survey

The integration of sensors and communication technology in power systems, known as the smart grid, is an emerging topic in science and technology. One of the critical issues in the smart grid is its increased vulnerability to cyber threats. As such, various types of threats and defense mechanisms are proposed in literature. This paper offers a bibliometric survey of research papers focused on the security aspects of Internet of Things (IoT) aided smart grids. To the best of the authors' knowledge, this is the very first bibliometric survey paper in this specific field. A bibliometric analysis of all journal articles is performed and the findings are sorted by dates, authorship, and key concepts. Furthermore, this paper also summarizes the types of cyber threats facing the smart grid, the various security mechanisms proposed in literature, as well as the research gaps in the field of smart grid security.Comment: The paper is published in Elsevier's Internet of Things journal. 25 pages + 20 pages of reference

Online disturbance prediction for enhanced availability in smart grids

A gradual move in the electric power industry towards Smart Grids brings new challenges to the system's efficiency and dependability. With a growing complexity and massive introduction of renewable generation, particularly at the distribution level, the number of faults and, consequently, disturbances (errors and failures) is expected to increase significantly. This threatens to compromise grid's availability as traditional, reactive management approaches may soon become insufficient. On the other hand, with grids' digitalization, real-time status data are becoming available. These data may be used to develop advanced management and control methods for a sustainable, more efficient and more dependable grid. A proactive management approach, based on the use of real-time data for predicting near-future disturbances and acting in their anticipation, has already been identified by the Smart Grid community as one of the main pillars of dependability of the future grid. The work presented in this dissertation focuses on predicting disturbances in Active Distributions Networks (ADNs) that are a part of the Smart Grid that evolves the most. These are distribution networks with high share of (renewable) distributed generation and with systems in place for real-time monitoring and control. Our main goal is to develop a methodology for proactive network management, in a sense of proactive mitigation of disturbances, and to design and implement a method for their prediction. We focus on predicting voltage sags as they are identified as one of the most frequent and severe disturbances in distribution networks. We address Smart Grid dependability in a holistic manner by considering its cyber and physical aspects. As a result, we identify Smart Grid dependability properties and develop a taxonomy of faults that contribute to better understanding of the overall dependability of the future grid. As the process of grid's digitization is still ongoing there is a general problem of a lack of data on the grid's status and especially disturbance-related data. These data are necessary to design an accurate disturbance predictor. To overcome this obstacle we introduce a concept of fault injection to simulation of power systems. We develop a framework to simulate a behavior of distribution networks in the presence of faults, and fluctuating generation and load that, alone or combined, may cause disturbances. With the framework we generate a large set of data that we use to develop and evaluate a voltage-sag disturbance predictor. To quantify how prediction and proactive mitigation of disturbances enhance availability we create an availability model of a proactive management. The model is generic and may be applied to evaluate the effect of proactive management on availability in other types of systems, and adapted for quantifying other types of properties as well. Also, we design a metric and a method for optimizing failure prediction to maximize availability with proactive approach. In our conclusion, the level of availability improvement with proactive approach is comparable to the one when using high-reliability and costly components. Following the results of the case study conducted for a 14-bus ADN, grid's availability may be improved by up to an order of magnitude if disturbances are managed proactively instead of reactively. The main results and contributions may be summarized as follows: (i) Taxonomy of faults in Smart Grid has been developed; (ii) Methodology and methods for proactive management of disturbances have been proposed; (iii) Model to quantify availability with proactive management has been developed; (iv) Simulation and fault-injection framework has been designed and implemented to generate disturbance-related data; (v) In the scope of a case study, a voltage-sag predictor, based on machine- learning classification algorithms, has been designed and the effect of proactive disturbance management on downtime and availability has been quantified

A data-driven ensemble technique for the detection of false data injection attacks in the smart grid framework

The major component of the smart grid (SG) is the advanced metering infrastructure (AMI), which monitors and controls the existing power system and provides interactive services for invoicing and electricity usage management with the utility. Including a cyber-layer in the metering system allows two-way communication but creates a new opportunity for energy theft, resulting in significant monetary loss. This article proposes an approach to detecting abnormal consumption patterns using energy metering data based on the ensemble technique AdaBoost, a boosting algorithm. Different statistical and descriptive features are retrieved from metering data samples, which account for extreme conditions. The model is trained for malicious and non-malicious data for five different attack scenarios, which are analyzed on the Irish Social Science Data Archive (ISSDA) smart meter dataset. In contrast to prior supervised techniques, it works well even with unbalanced data. The efficacy of the proposed theft detection method has been evaluated by comparing the accuracy, precision, recall, and F1 score with the other well-known approaches in the literature

SUTMS - Unified Threat Management Framework for Home Networks

Home networks were initially designed for web browsing and non-business critical applications. As infrastructure improved, internet broadband costs decreased, and home internet usage transferred to e-commerce and business-critical applications. Today’s home computers host personnel identifiable information and financial data and act as a bridge to corporate networks via remote access technologies like VPN. The expansion of remote work and the transition to cloud computing have broadened the attack surface for potential threats. Home networks have become the extension of critical networks and services, hackers can get access to corporate data by compromising devices attacked to broad- band routers. All these challenges depict the importance of home-based Unified Threat Management (UTM) systems. There is a need of unified threat management framework that is developed specifically for home and small networks to address emerging security challenges. In this research, the proposed Smart Unified Threat Management (SUTMS) framework serves as a comprehensive solution for implementing home network security, incorporating firewall, anti-bot, intrusion detection, and anomaly detection engines into a unified system. SUTMS is able to provide 99.99% accuracy with 56.83% memory improvements. IPS stands out as the most resource-intensive UTM service, SUTMS successfully reduces the performance overhead of IDS by integrating it with the flow detection mod- ule. The artifact employs flow analysis to identify network anomalies and categorizes encrypted traffic according to its abnormalities. SUTMS can be scaled by introducing optional functions, i.e., routing and smart logging (utilizing Apriori algorithms). The research also tackles one of the limitations identified by SUTMS through the introduction of a second artifact called Secure Centralized Management System (SCMS). SCMS is a lightweight asset management platform with built-in security intelligence that can seamlessly integrate with a cloud for real-time updates

Self-Healing in Cyber–Physical Systems Using Machine Learning:A Critical Analysis of Theories and Tools

The rapid advancement of networking, computing, sensing, and control systems has introduced a wide range of cyber threats, including those from new devices deployed during the development of scenarios. With recent advancements in automobiles, medical devices, smart industrial systems, and other technologies, system failures resulting from external attacks or internal process malfunctions are increasingly common. Restoring the system’s stable state requires autonomous intervention through the self-healing process to maintain service quality. This paper, therefore, aims to analyse state of the art and identify where self-healing using machine learning can be applied to cyber–physical systems to enhance security and prevent failures within the system. The paper describes three key components of self-healing functionality in computer systems: anomaly detection, fault alert, and fault auto-remediation. The significance of these components is that self-healing functionality cannot be practical without considering all three. Understanding the self-healing theories that form the guiding principles for implementing these functionalities with real-life implications is crucial. There are strong indications that self-healing functionality in the cyber–physical system is an emerging area of research that holds great promise for the future of computing technology. It has the potential to provide seamless self-organising and self-restoration functionality to cyber–physical systems, leading to increased security of systems and improved user experience. For instance, a functional self-healing system implemented on a power grid will react autonomously when a threat or fault occurs, without requiring human intervention to restore power to communities and preserve critical services after power outages or defects. This paper presents the existing vulnerabilities, threats, and challenges and critically analyses the current self-healing theories and methods that use machine learning for cyber–physical systems

Anomalous behaviour detection for cyber defence in modern industrial control systems

A thesis submitted in partial fulfilment of the requirements of the University of Wolverhampton for the degree of Doctor of Philosophy.The fusion of pervasive internet connectivity and emerging technologies in smart cities creates fragile cyber-physical-natural ecosystems. Industrial Control Systems (ICS) are intrinsic parts of smart cities and critical to modern societies. Not designed for interconnectivity or security, disruptor technologies enable ubiquitous computing in modern ICS. Aided by artificial intelligence and the industrial internet of things they transform the ICS environment towards better automation, process control and monitoring. However, investigations reveal that leveraging disruptive technologies in ICS creates security challenges exposing critical infrastructure to sophisticated threat actors including increasingly hostile, well-organised cybercrimes and Advanced Persistent Threats. Besides external factors, the prevalence of insider threats includes malicious intent, accidental hazards and professional errors. The sensing capabilities create opportunities to capture various data types. Apart from operational use, this data combined with artificial intelligence can be innovatively utilised to model anomalous behaviour as part of defence-in-depth strategies. As such, this research aims to investigate and develop a security mechanism to improve cyber defence in ICS. Firstly, this thesis contributes a Systematic Literature Review (SLR), which helps analyse frameworks and systems that address CPS’ cyber resilience and digital forensic incident response in smart cities. The SLR uncovers emerging themes and concludes several key findings. For example, the chronological analysis reveals key influencing factors, whereas the data source analysis points to a lack of real CPS datasets with prevalent utilisation of software and infrastructure-based simulations. Further in-depth analysis shows that cross-sector proposals or applications to improve digital forensics focusing on cyber resilience are addressed by a small number of research studies in some smart sectors. Next, this research introduces a novel super learner ensemble anomaly detection and cyber risk quantification framework to profile anomalous behaviour in ICS and derive a cyber risk score. The proposed framework and associated learning models are experimentally validated. The produced results are promising and achieve an overall F1-score of 99.13%, and an anomalous recall score of 99% detecting anomalies lasting only 17 seconds ranging from 0.5% to 89% of the dataset. Further, a one-class classification model is developed, leveraging stream rebalancing followed by adaptive machine learning algorithms and drift detection methods. The model is experimentally validated producing promising results including an overall Matthews Correlation Coefficient (MCC) score of 0.999 and the Cohen’s Kappa (K) score of 0.9986 on limited variable single-type anomalous behaviour per data stream. Wide data streams achieve an MCC score of 0.981 and a K score of 0.9808 in the prevalence of multiple types of anomalous instances. Additionally, the thesis scrutinises the applicability of the learning models to support digital forensic readiness. The research study presents the concept of digital witness and digital chain of custody in ICS. Following that, a use case integrating blockchain technologies into the design of ICS to support digital forensic readiness is discussed. In conclusion, the contributions of this research thesis help towards developing the next generation of state-of-the-art methods for anomalous behaviour detection in ICS defence-in-depth

Cyber Security and Critical Infrastructures 2nd Volume

The second volume of the book contains the manuscripts that were accepted for publication in the MDPI Special Topic "Cyber Security and Critical Infrastructure" after a rigorous peer-review process. Authors from academia, government and industry contributed their innovative solutions, consistent with the interdisciplinary nature of cybersecurity. The book contains 16 articles, including an editorial that explains the current challenges, innovative solutions and real-world experiences that include critical infrastructure and 15 original papers that present state-of-the-art innovative solutions to attacks on critical systems

Journal of Telecommunications and Information Technology, 2014, nr 4

kwartalni

A Blockchain-Based Retribution Mechanism for Collaborative Intrusion Detection

Collaborative intrusion detection approach uses the shared detection signature between the collaborative participants to facilitate coordinated defense. In the context of collaborative intrusion detection system (CIDS), however, there is no research focusing on the efficiency of the shared detection signature. The inefficient detection signature costs not only the IDS resource but also the process of the peer-to-peer (P2P) network. In this paper, we therefore propose a blockchain-based retribution mechanism, which aims to incentivize the participants to contribute to verifying the efficiency of the detection signature in terms of certain distributed consensus. We implement a prototype using Ethereum blockchain, which instantiates a token-based retribution mechanism and a smart contract-enabled voting-based distributed consensus. We conduct a number of experiments built on the prototype, and the experimental results demonstrate the effectiveness of the proposed approach

Robustness of Image-Based Malware Analysis

In previous work, “gist descriptor” features extracted from images have been used in malware classification problems and have shown promising results. In this research, we determine whether gist descriptors are robust with respect to malware obfuscation techniques, as compared to Convolutional Neural Networks (CNN) trained directly on malware images. Using the Python Image Library (PIL), we create images from malware executables and from malware that we obfuscate. We conduct experiments to compare classifying these images with a CNN as opposed to extracting the gist descriptor features from these images to use in classification. For the gist descriptors, we consider a variety of classification algorithms including k-nearest neighbors, random forest, support vector machine, and multi-layer perceptron. We find that gist descriptors are more robust than CNNs, with respect to the obfuscation techniques that we consider