13,431 research outputs found
Cyber-resilient Automatic Generation Control for Systems of AC Microgrids
In this paper we propose a co-design of the secondary frequency regulation in
systems of AC microgrids and its cyber securty solutions. We term the secondary
frequency regulator a Micro-Automatic Generation Control (Micro-AGC) for
highlighting its same functionality as the AGC in bulk power systems. We
identify sensory challenges and cyber threats facing the Micro-AGC. To address
the sensory challenges, we introduce a new microgrid model by exploiting the
rank-one deficiency property of microgrid dynamics. This model is used to pose
an optimal Micro-AGC control problem that is easily implemented, because it
does not require fast frequency measurements. An end-to-end cyber security
solution to the False Data Injection (FDI) attack detection and mitigation is
developed for the proposed Micro-AGC. The front-end barrier of applying
off-the-shelf algorithms for cyber attack detection is removed by introducing a
data-driven modeling approach. Finally, we propose an observer-based corrective
control for an islanded microgrid and a collaborative mitigation schemes in
systems of AC microgrids. We demonstrate a collaborative role of systems of
microgrids during cyber attacks. The performance of the proposed
cyber-resilient Micro-AGC is tested in a system of two networked microgrids.Comment: The manuscript has been accepted by IEEE Transactions on Smart Gri
Smart Grid Security: Threats, Challenges, and Solutions
The cyber-physical nature of the smart grid has rendered it vulnerable to a
multitude of attacks that can occur at its communication, networking, and
physical entry points. Such cyber-physical attacks can have detrimental effects
on the operation of the grid as exemplified by the recent attack which caused a
blackout of the Ukranian power grid. Thus, to properly secure the smart grid,
it is of utmost importance to: a) understand its underlying vulnerabilities and
associated threats, b) quantify their effects, and c) devise appropriate
security solutions. In this paper, the key threats targeting the smart grid are
first exposed while assessing their effects on the operation and stability of
the grid. Then, the challenges involved in understanding these attacks and
devising defense strategies against them are identified. Potential solution
approaches that can help mitigate these threats are then discussed. Last, a
number of mathematical tools that can help in analyzing and implementing
security solutions are introduced. As such, this paper will provide the first
comprehensive overview on smart grid security
SQL Injection Detection Using Machine Learning Techniques and Multiple Data Sources
SQL Injection continues to be one of the most damaging security exploits in terms of personal information exposure as well as monetary loss. Injection attacks are the number one vulnerability in the most recent OWASP Top 10 report, and the number of these attacks continues to increase. Traditional defense strategies often involve static, signature-based IDS (Intrusion Detection System) rules which are mostly effective only against previously observed attacks but not unknown, or zero-day, attacks. Much current research involves the use of machine learning techniques, which are able to detect unknown attacks, but depending on the algorithm can be costly in terms of performance. In addition, most current intrusion detection strategies involve collection of traffic coming into the web application either from a network device or from the web application host, while other strategies collect data from the database server logs. In this project, we are collecting traffic from two points: the web application host, and a Datiphy appliance node located between the webapp host and the associated MySQL database server. In our analysis of these two datasets, and another dataset that is correlated between the two, we have been able to demonstrate that accuracy obtained with the correlated dataset using algorithms such as rule-based and decision tree are nearly the same as those with a neural network algorithm, but with greatly improved performance
Optimal Attack against Cyber-Physical Control Systems with Reactive Attack Mitigation
This paper studies the performance and resilience of a cyber-physical control
system (CPCS) with attack detection and reactive attack mitigation. It
addresses the problem of deriving an optimal sequence of false data injection
attacks that maximizes the state estimation error of the system. The results
provide basic understanding about the limit of the attack impact. The design of
the optimal attack is based on a Markov decision process (MDP) formulation,
which is solved efficiently using the value iteration method. Using the
proposed framework, we quantify the effect of false positives and
mis-detections on the system performance, which can help the joint design of
the attack detection and mitigation. To demonstrate the use of the proposed
framework in a real-world CPCS, we consider the voltage control system of power
grids, and run extensive simulations using PowerWorld, a high-fidelity power
system simulator, to validate our analysis. The results show that by carefully
designing the attack sequence using our proposed approach, the attacker can
cause a large deviation of the bus voltages from the desired setpoint. Further,
the results verify the optimality of the derived attack sequence and show that,
to cause maximum impact, the attacker must carefully craft his attack to strike
a balance between the attack magnitude and stealthiness, due to the
simultaneous presence of attack detection and mitigation
- …