224 research outputs found

    Low Latency Intrusion Detection in Smart Grids

    Get PDF
    The transformation of traditional power grids into smart grids has seen more new technologies such as communication networks and smart meters (sensors) being integrated into the physical infrastructure of the power grids. However, these technologies pose new vulnerabilities to the cybersecurity of power grids as malicious attacks can be launched by adversaries to attack the smart meters and modify the measurement data collected by these meters. If not timely detected and removed, these attacks may lead to inaccurate system state estimation, which is critical to the system operators for control decisions such as economic dispatch and other related functions. This dissertation studies the challenges associated with cyberattacks in power grids and develops solutions to effectively and timely detect these attacks to ensure an accurate state estimation. One of the common approaches to improving the state estimation accuracy is to incorporate phasor measurement unit (PMU) devices into the system to provide extra and more secure measurements. In this research, we design algorithms that place PMUs at strategic locations to enhance the system\u27s state estimation accuracy and its capability to detect cyberattacks. This approach of installing PMU devices in power grids, nonetheless, does not guarantee a timely attack detection that is critical for a timely deployment of countermeasures to prevent catastrophic impacts from the attacks. Thus, the low latency intrusion detection problem is studied to reduce attack detection delays. The state estimation and intrusion detection problem is further extended to a dynamic power system, where there are sudden changes in system loads

    e-SAFE: Secure, Efficient and Forensics-Enabled Access to Implantable Medical Devices

    Full text link
    To facilitate monitoring and management, modern Implantable Medical Devices (IMDs) are often equipped with wireless capabilities, which raise the risk of malicious access to IMDs. Although schemes are proposed to secure the IMD access, some issues are still open. First, pre-sharing a long-term key between a patient's IMD and a doctor's programmer is vulnerable since once the doctor's programmer is compromised, all of her patients suffer; establishing a temporary key by leveraging proximity gets rid of pre-shared keys, but as the approach lacks real authentication, it can be exploited by nearby adversaries or through man-in-the-middle attacks. Second, while prolonging the lifetime of IMDs is one of the most important design goals, few schemes explore to lower the communication and computation overhead all at once. Finally, how to safely record the commands issued by doctors for the purpose of forensics, which can be the last measure to protect the patients' rights, is commonly omitted in the existing literature. Motivated by these important yet open problems, we propose an innovative scheme e-SAFE, which significantly improves security and safety, reduces the communication overhead and enables IMD-access forensics. We present a novel lightweight compressive sensing based encryption algorithm to encrypt and compress the IMD data simultaneously, reducing the data transmission overhead by over 50% while ensuring high data confidentiality and usability. Furthermore, we provide a suite of protocols regarding device pairing, dual-factor authentication, and accountability-enabled access. The security analysis and performance evaluation show the validity and efficiency of the proposed scheme

    외부 공격으로부터 자율 복원 가능한 제어 시스템: 센서 공격에 안전한 상태 추정 기법

    Get PDF
    학위논문 (박사)-- 서울대학교 대학원 : 공과대학 전기·컴퓨터공학부, 2018. 2. 심형보.Recent advances in computer and communication technologies make control systems more connected thanks to the developments in networked actuation and sensing devices. As this connectivity increases, the resulting large scale networked control systems, or the cyber-physical systems (CPS), are exposed and can be vulnerable to malicious attacks. In response to the crisis by the malicious adversaries, this dissertation presents sophisticated control algorithms which are more reliable even when some components of the feedback control systems are corrupted. Focusing especially on sensor attacks, security related problems on CPS are carefully analyzed and an attack-resilient state estimation scheme is proposed. First, the notion of redundant observability is introduced that explains in a unified manner existing security notions such as dynamic security index, attack detectability, and observability under attacks. The redundant observability is a key concept in this dissertation, and a system is said to be q-redundant observable if it is observable even after eliminating any q measurements. It has been shown that any q-sparse sensor attack is detectable if and only if the given linear time invariant (LTI) system is q-redundant observable. It is also equivalent to the condition that the system is observable under ⌊q/2⌋-sparse sensor attacks. Moreover, the dynamic security index, which is defined by the minimum number of attacks to be undetectable, can be computed as q + 1. In addition, the redundant detectability (or, asymptotic redundant observability), which is a weaker notion than the redundant observability, is also introduced. While the redundant observability does not care about the magnitudes of sensor attacks and does not mind whether the attacks are disruptive or not, the redundant detectability only deals with attacks that do not converge to zero as time goes on, so that it is more practical in the sense that it can only detect and correct the attacks that are actually harmful to the system. Next, a resilient state estimation scheme is proposed under two assumptions: ⌊q/2⌋-sparsity of attack vector and q-redundant detectability of the system. The proposed estimator consists of a bank of partial observers operating based on Kalman detectability decomposition and a decoder exploiting error correction techniques. The partial observers are either constructed by Luenberger observers or Kalman filters. The Luenberger observer guarantees the robustness with bounded disturbances/noises, while the Kalman filter shows the suboptimality in the sense of minimum variance with Garussian disturbances/noises. In terms of time complexity, an ℓ0 minimization problem in the decoder alleviates the computational efforts by reducing the search space to a finite set and by combining a detection algorithm to the optimization process. On the other hand, in terms of space complexity, the required memory is linear with the number of sensors by means of the decomposition used for constructing a bank of partial observers. This resilient state estimation scheme proposed for LTI systems, is further extended for a class of uniformly observable nonlinear systems. Based on the uniform observability decomposition, a high gain observer is constructed for each single measurement to estimate the observable sub-state and it constitutes the partial observer. Finally, the decoder solves a nonlinear error correcting problem by collecting all the information from the high gain observers and by exploiting redundancy.1 Introduction 1 1.1 Background 1 1.2 Research Objective and Contributions 5 1.3 Outline of the Dissertation 8 2 Error Correction over Reals and its Extensions 11 2.1 Error Correction over Reals and Compressed Sensing 11 2.2 Extension to Stacked Vector Case 16 2.2.1 Error Detectability and Error Correctability 16 2.2.2 Error Detection and Correction Scheme for Noiseless Case 20 2.2.3 Error Detection and Correction Scheme for Noisy Case 23 3 On Redundant Observability 41 3.1 Redundant Observability 42 3.1.1 Definition and Characterization 42 3.1.2 Relationship with Strong Observability 45 3.1.3 Redundant Unobservable Subspace 47 3.1.4 Asymptotic Redundant Observability 49 3.2 Attack Detectability and Dynamic Security Index 56 3.3 Observability under Sparse Sensor Attacks 65 4 Attack-Resilient State Estimation for Linear Systems 69 4.1 Problem Formulation 70 4.2 Components of Attack-Resilient Estimator and Their Functions 73 4.2.1 Partial Observer: Kalman Detectability Decomposition 73 4.2.2 Decoder: Error Correction for Stacked Vector 77 4.3 Design of Attack-Resilient State Estimator 78 4.3.1 Deterministic Estimator with Bounded Disturbance and Noise 79 4.3.2 Suboptimal Estimator with Gaussian Disturbance and Noise 85 4.4 Remarks on Proposed Attack-Resilient Estimator 93 4.4.1 Comparison with Fault Detection and Isolation 93 4.4.2 Analysis of Time and Space Complexity 95 4.5 Simulation Results: Three-Inertia System 96 5 Attack-Resilient State Estimation for Nonlinear Systems 101 5.1 Problem Formulation and Preliminaries 102 5.1.1 Problem Formulation 102 5.1.2 Bi-Lipschitz Function and Lipschitz Left Inverse 103 5.1.3 Nonlinear Error Detectability and Error Correctability 105 5.2 Uniformly Observable Nonlinear Systems for Any Input 108 5.2.1 Uniform Observability Decomposition 108 5.2.2 Design of High Gain Observer 111 5.3 Redundant Observability for Nonlinear Systems 112 5.4 Attack Detection and Resilient Estimation for Nonlinear Systems 115 5.4.1 Detection of Sensor Attacks 115 5.4.2 Attack-Resilient State Estimation 119 5.5 Simulation Results: Numerical Example 121 6 Conclusion 125 6.1 Summary 125 6.2 Future Works 127 Bibliography 129 국문초록 141Docto

    Low Latency Anomaly Detection with Imperfect Models

    Get PDF
    The problem of anomaly detection deals with detecting abrupt changes/anomalies in the distribution of sequentially observed data in a stochastic system. This problem applies to many applications, such as signal processing, intrusion detection, quality control, medical diagnosis, etc. A low latency anomaly detection algorithm, which is based on the framework of quickest change detection (QCD), aims at minimizing the detection delay of anomalies in the sequentially observed data while ensuring satisfactory detection accuracy. Moreover, in many practical applications, complete knowledge of the post-change distribution model might not be available due to the unexpected nature of the change. Hence, the objective of this dissertation is to study low latency anomaly detection or QCD algorithms for systems with imperfect models such that any type of abnormality in the system can be detected as quickly as possible for reliable and secured system operations. This dissertation includes the theoretical foundations behind these low latency anomaly detection algorithms along with real-world applications. First, QCD algorithms are designed for detecting changes in systems with multiple post-change models under both Bayesian and non-Bayesian settings. Next, a QCD algorithm is studied for real-time detection of false data injection attacks in smart grids with dynamic models. Finally, a QCD algorithm for detecting wind turbine bearing faults is developed by analyzing the statistical behaviors of stator currents generated by the turbines. For all the proposed algorithms, analytical bounds of the system performance metrics are derived using asymptotic analysis and the simulation results show that the proposed algorithms outperform existing algorithms

    Sparsity and Coordination Constraints on Stealth Data Injection Attacks

    Get PDF
    In this thesis, data injection attacks (DIAs) to smart grid within Bayesian framework is studied from two perspectives: centralized and decentralized systems. The fundamental limits of the data injection attacks are characterized by the information measures. Specifically, two metrics, mutual information and the Kullback-Leibler (KL) divergence, quantifies the disruption caused by the attacks and the corresponding stealthiness, respectively. From the perspective of centralized system, a unique attacker constructs the attacks that jointly minimize the mutual information acquired from the measurements about the state variables and the KL divergence between the distribution of measurements with and without attacks. One of the main contributions in the centralized attack construction is the sparsity constraints. Two scenarios where the attacks between different locations are independent and correlated are studied, respectively. In independent attacks, the challenge of the combinatorial character of identifying the support of the sparse attack vector is circumvented by obtaining the closed-form solution to single measurement attack problem followed by a greedy construction that leverages the insight distilled. In correlated attacks, the challenge is tackled by incorporating an additional measurement that yields sequential sensor selection problem. The sequential procedure allows the attacker to identify the additional sensor first and character the corresponding covariances between the additional measurement and the compromised measurements. Following the studies on sparse attacks, a novel metric that describes the vulnerability of the measurements on smart grids to data integrity attacks is proposed. The new metric, coined vulnerability index (VuIx), leverages information theoretic measures to assess the attack effect on the fundamental limits of the disruption and detection tradeoff. The result of computing the VuIx of the measurements in the system yields an ordering of the measurements vulnerability based on the level of the exposure to data integrity attacks. The assessment on the measurements vulnerability of IEEE test systems observes that power injection measurements are overwhelmingly more vulnerable to data integrity attacks than power flow measurements. From the perspective of decentralized system, the attack constructions are determined by a group of attackers in a cooperative manner. The interaction between the attackers is formulated as a game with a normal form. The uniqueness of the Nash Equilibrium (NE) is characterized in different games where the attackers have different objectives. Closed-form expression for the best response of the attackers in different games are obtained and followed by best response dynamics that leads to the NEs. The sparsity constraint is considered in decentralized system where the attackers have limited access to sensors. The attack construction with sparsity constraints in decentralized system is also formulated as a game with a normal form. The uniqueness of the NE and the closed-form expression for the best response are obtained

    A survey on the application of deep learning for code injection detection

    Get PDF
    Abstract Code injection is one of the top cyber security attack vectors in the modern world. To overcome the limitations of conventional signature-based detection techniques, and to complement them when appropriate, multiple machine learning approaches have been proposed. While analysing these approaches, the surveys focus predominantly on the general intrusion detection, which can be further applied to specific vulnerabilities. In addition, among the machine learning steps, data preprocessing, being highly critical in the data analysis process, appears to be the least researched in the context of Network Intrusion Detection, namely in code injection. The goal of this survey is to fill in the gap through analysing and classifying the existing machine learning techniques applied to the code injection attack detection, with special attention to Deep Learning. Our analysis reveals that the way the input data is preprocessed considerably impacts the performance and attack detection rate. The proposed full preprocessing cycle demonstrates how various machine-learning-based approaches for detection of code injection attacks take advantage of different input data preprocessing techniques. The most used machine learning methods and preprocessing stages have been also identified

    Game-Theoretic and Machine-Learning Techniques for Cyber-Physical Security and Resilience in Smart Grid

    Get PDF
    The smart grid is the next-generation electrical infrastructure utilizing Information and Communication Technologies (ICTs), whose architecture is evolving from a utility-centric structure to a distributed Cyber-Physical System (CPS) integrated with a large-scale of renewable energy resources. However, meeting reliability objectives in the smart grid becomes increasingly challenging owing to the high penetration of renewable resources and changing weather conditions. Moreover, the cyber-physical attack targeted at the smart grid has become a major threat because millions of electronic devices interconnected via communication networks expose unprecedented vulnerabilities, thereby increasing the potential attack surface. This dissertation is aimed at developing novel game-theoretic and machine-learning techniques for addressing the reliability and security issues residing at multiple layers of the smart grid, including power distribution system reliability forecasting, risk assessment of cyber-physical attacks targeted at the grid, and cyber attack detection in the Advanced Metering Infrastructure (AMI) and renewable resources. This dissertation first comprehensively investigates the combined effect of various weather parameters on the reliability performance of the smart grid, and proposes a multilayer perceptron (MLP)-based framework to forecast the daily number of power interruptions in the distribution system using time series of common weather data. Regarding evaluating the risk of cyber-physical attacks faced by the smart grid, a stochastic budget allocation game is proposed to analyze the strategic interactions between a malicious attacker and the grid defender. A reinforcement learning algorithm is developed to enable the two players to reach a game equilibrium, where the optimal budget allocation strategies of the two players, in terms of attacking/protecting the critical elements of the grid, can be obtained. In addition, the risk of the cyber-physical attack can be derived based on the successful attack probability to various grid elements. Furthermore, this dissertation develops a multimodal data-driven framework for the cyber attack detection in the power distribution system integrated with renewable resources. This approach introduces the spare feature learning into an ensemble classifier for improving the detection efficiency, and implements the spatiotemporal correlation analysis for differentiating the attacked renewable energy measurements from fault scenarios. Numerical results based on the IEEE 34-bus system show that the proposed framework achieves the most accurate detection of cyber attacks reported in the literature. To address the electricity theft in the AMI, a Distributed Intelligent Framework for Electricity Theft Detection (DIFETD) is proposed, which is equipped with Benford’s analysis for initial diagnostics on large smart meter data. A Stackelberg game between utility and multiple electricity thieves is then formulated to model the electricity theft actions. Finally, a Likelihood Ratio Test (LRT) is utilized to detect potentially fraudulent meters

    Security Analysis of Interdependent Critical Infrastructures: Power, Cyber and Gas

    Get PDF
    abstract: Our daily life is becoming more and more reliant on services provided by the infrastructures power, gas , communication networks. Ensuring the security of these infrastructures is of utmost importance. This task becomes ever more challenging as the inter-dependence among these infrastructures grows and a security breach in one infrastructure can spill over to the others. The implication is that the security practices/ analysis recommended for these infrastructures should be done in coordination. This thesis, focusing on the power grid, explores strategies to secure the system that look into the coupling of the power grid to the cyber infrastructure, used to manage and control it, and to the gas grid, that supplies an increasing amount of reserves to overcome contingencies. The first part (Part I) of the thesis, including chapters 2 through 4, focuses on the coupling of the power and the cyber infrastructure that is used for its control and operations. The goal is to detect malicious attacks gaining information about the operation of the power grid to later attack the system. In chapter 2, we propose a hierarchical architecture that correlates the analysis of high resolution Micro-Phasor Measurement Unit (microPMU) data and traffic analysis on the Supervisory Control and Data Acquisition (SCADA) packets, to infer the security status of the grid and detect the presence of possible intruders. An essential part of this architecture is tied to the analysis on the microPMU data. In chapter 3 we establish a set of anomaly detection rules on microPMU data that flag "abnormal behavior". A placement strategy of microPMU sensors is also proposed to maximize the sensitivity in detecting anomalies. In chapter 4, we focus on developing rules that can localize the source of an events using microPMU to further check whether a cyber attack is causing the anomaly, by correlating SCADA traffic with the microPMU data analysis results. The thread that unies the data analysis in this chapter is the fact that decision are made without fully estimating the state of the system; on the contrary, decisions are made using a set of physical measurements that falls short by orders of magnitude to meet the needs for observability. More specifically, in the first part of this chapter (sections 4.1- 4.2), using microPMU data in the substation, methodologies for online identification of the source Thevenin parameters are presented. This methodology is used to identify reconnaissance activity on the normally-open switches in the substation, initiated by attackers to gauge its controllability over the cyber network. The applications of this methodology in monitoring the voltage stability of the grid is also discussed. In the second part of this chapter (sections 4.3-4.5), we investigate the localization of faults. Since the number of PMU sensors available to carry out the inference is insufficient to ensure observability, the problem can be viewed as that of under-sampling a "graph signal"; the analysis leads to a PMU placement strategy that can achieve the highest resolution in localizing the fault, for a given number of sensors. In both cases, the results of the analysis are leveraged in the detection of cyber-physical attacks, where microPMU data and relevant SCADA network traffic information are compared to determine if a network breach has affected the integrity of the system information and/or operations. In second part of this thesis (Part II), the security analysis considers the adequacy and reliability of schedules for the gas and power network. The motivation for scheduling jointly supply in gas and power networks is motivated by the increasing reliance of power grids on natural gas generators (and, indirectly, on gas pipelines) as providing critical reserves. Chapter 5 focuses on unveiling the challenges and providing solution to this problem.Dissertation/ThesisDoctoral Dissertation Electrical Engineering 201

    Secure Wireless Communications Based on Compressive Sensing: A Survey

    Get PDF
    IEEE Compressive sensing (CS) has become a popular signal processing technique and has extensive applications in numerous fields such as wireless communications, image processing, magnetic resonance imaging, remote sensing imaging, and anology to information conversion, since it can realize simultaneous sampling and compression. In the information security field, secure CS has received much attention due to the fact that CS can be regarded as a cryptosystem to attain simultaneous sampling, compression and encryption when maintaining the secret measurement matrix. Considering that there are increasing works focusing on secure wireless communications based on CS in recent years, we produce a detailed review for the state-of-the-art in this paper. To be specific, the survey proceeds with two phases. The first phase reviews the security aspects of CS according to different types of random measurement matrices such as Gaussian matrix, circulant matrix, and other special random matrices, which establishes theoretical foundations for applications in secure wireless communications. The second phase reviews the applications of secure CS depending on communication scenarios such as wireless wiretap channel, wireless sensor network, internet of things, crowdsensing, smart grid, and wireless body area networks. Finally, some concluding remarks are given
    corecore