Markov modeling of moving target defense games

We introduce a Markov-model-based framework for Moving Target Defense (MTD) analysis. The framework allows modeling of broad range of MTD strategies, provides general theorems about how the probability of a successful adversary defeating an MTD strategy is related to the amount of time/cost spent by the adversary, and shows how a multi-level composition of MTD strategies can be analyzed by a straightforward combination of the analysis for each one of these strategies. Within the proposed framework we define the concept of security capacity which measures the strength or effectiveness of an MTD strategy: the security capacity depends on MTD specific parameters and more general system parameters. We apply our framework to two concrete MTD strategies

Enhancing Cyber-Resiliency of DER-based SmartGrid: A Survey

The rapid development of information and communications technology has enabled the use of digital-controlled and software-driven distributed energy resources (DERs) to improve the flexibility and efficiency of power supply, and support grid operations. However, this evolution also exposes geographically-dispersed DERs to cyber threats, including hardware and software vulnerabilities, communication issues, and personnel errors, etc. Therefore, enhancing the cyber-resiliency of DER-based smart grid - the ability to survive successful cyber intrusions - is becoming increasingly vital and has garnered significant attention from both industry and academia. In this survey, we aim to provide a systematical and comprehensive review regarding the cyber-resiliency enhancement (CRE) of DER-based smart grid. Firstly, an integrated threat modeling method is tailored for the hierarchical DER-based smart grid with special emphasis on vulnerability identification and impact analysis. Then, the defense-in-depth strategies encompassing prevention, detection, mitigation, and recovery are comprehensively surveyed, systematically classified, and rigorously compared. A CRE framework is subsequently proposed to incorporate the five key resiliency enablers. Finally, challenges and future directions are discussed in details. The overall aim of this survey is to demonstrate the development trend of CRE methods and motivate further efforts to improve the cyber-resiliency of DER-based smart grid.Comment: Submitted to IEEE Transactions on Smart Grid for Publication Consideratio

Operational moving target defences for improved power system cyber-physical security

In this work, we examine how Moving Target Defences (MTDs) can be enhanced to circumvent intelligent false data injection (FDI) attacks against power systems. Initially, we show how, by implementing state-of-the-art topology learning techniques, we can commit full-knowledge-equivalent FDI attacks against static power systems with no prior system knowledge. We go on to explore how naive applications of topology change, as MTDs, can be countered by unsupervised learning-based FDI attacks and how MTDs can be combined with physical watermarking to enhance system resilience. A novel intelligent attack, which incorporates dimensionality reduction and density-based spatial clustering, is developed and shown to be effective in maintaining stealth in the presence of traditional MTD strategies. In resisting this new type of attack, a novel implementation of MTD is suggested. The implementation uses physical watermarking to drive detection of traditional and intelligent FDI attacks while remaining hidden to the attackers. Following this, we outline a cyber-physical authentication strategy for use against FDI attacks. An event-triggered MTD protocol is proposed at the physical layer to complement cyber-side enhancements. This protocol applies a distributed anomaly detection scheme based on Holt-Winters seasonal forecasting in combination with MTD implemented via inductance perturbation. To conclude, we developed a cyber-physical risk assessment framework for FDI attacks. Our assessment criteria combines a weighted graph model of the networks cyber vulnerabilities with a centralised residual-based assessment of the physical system with respect to MTD. This combined approach provides a cyber-physical assessment of FDI attacks which incorporates both the likelihood of intrusion and the prospect of an attacker making stealthy change once intruded.Open Acces

Digital Twins for Moving Target Defense Validation in AC Microgrids

Cyber-physical microgrids are vulnerable to stealth attacks that can degrade their stability and operability by performing low-magnitude manipulations in a coordinated manner. This paper formulates the interactions between CSAs and microgrid defenders as a non-cooperative, zero-sum game. Additionally, it presents a hybrid Moving Target Defense (MTD) strategy for distributed microgrids that can dynamically alter local control gains to achieve resiliency against Coordinated Stealth Attacks (CSAs). The proposed strategy reduces the success probability of attack(s) by making system dynamics less predictable. The framework also identifies and removes malicious injections by modifying secondary control weights assigned to them. The manipulated signals are reconstructed using an Artificial Neural Network (ANN)-based Digital Twin (DT) to preserve stability. To guarantee additional immunity against instability arising from gain alterations, MTD decisions are also validated (via utility and best response computations) using the DT before actual implementation. The DT is also used to find the minimum perturbation that defenders must achieve to invalidate an attacker's knowledge effectively.Comment: IEEE Energy Conversion Congress and Expo (ECCE) 202

Cybersecurity Games: Mathematical Approaches for Cyber Attack and Defense Modeling

Cyber-attacks targeting individuals and enterprises have become a predominant part of the computer/information age. Such attacks are becoming more sophisticated and prevalent on a day-to-day basis. The exponential growth of cyber plays and cyber players necessitate the inauguration of new methods and research for better understanding the cyber kill chain, particularly with the rise of advanced and novel malware and the extraordinary growth in the population of Internet residents, especially connected Internet of Things (IoT) devices. Mathematical modeling could be used to represent real-world cyber-attack situations. Such models play a beneficial role when it comes to the secure design and evaluation of systems/infrastructures by providing a better understanding of the threat itself and the attacker\u27s conduct during the lifetime of a cyber attack. Therefore, the main goal of this dissertation is to construct a proper theoretical framework to be able to model and thus evaluate the defensive strategies/technologies\u27 effectiveness from a security standpoint. To this end, we first present a Markov-based general framework to model the interactions between the two famous players of (network) security games, i.e., a system defender and an attacker taking actions to reach its attack objective(s) in the game. We mainly focus on the most significant and tangible aspects of sophisticated cyber attacks: (1) the amount of time it takes for the adversary to accomplish its mission and (2) the success probabilities of fulfilling the attack objective(s) by translating attacker-defender interactions into well-defined games and providing rigorous cryptographic security guarantees for a system given both players\u27 tactics and strategies. We study various attack-defense scenarios, including Moving Target Defense (MTD) strategies, multi-stage attacks, and Advanced Persistent Threats (APT). We provide general theorems about how the probability of a successful adversary defeating a defender’s strategy is related to the amount of time (or any measure of cost) spent by the adversary in such scenarios. We also introduce the notion of learning in cybersecurity games and describe a general game of consequences meaning that each player\u27s chances of making a progressive move in the game depend on its previous actions. Finally, we walk through a malware propagation and botnet construction game in which we investigate the importance of defense systems\u27 learning rates to fight against the self-propagating class of malware such as worms and bots. We introduce a new propagation modeling and containment strategy called the learning-based model and study the containment criterion for the propagation of the malware based on theoretical and simulation analysis