8,571 research outputs found
Modeling and Detecting False Data Injection Attacks against Railway Traction Power Systems
Modern urban railways extensively use computerized sensing and control
technologies to achieve safe, reliable, and well-timed operations. However, the
use of these technologies may provide a convenient leverage to cyber-attackers
who have bypassed the air gaps and aim at causing safety incidents and service
disruptions. In this paper, we study false data injection (FDI) attacks against
railways' traction power systems (TPSes). Specifically, we analyze two types of
FDI attacks on the train-borne voltage, current, and position sensor
measurements - which we call efficiency attack and safety attack -- that (i)
maximize the system's total power consumption and (ii) mislead trains' local
voltages to exceed given safety-critical thresholds, respectively. To
counteract, we develop a global attack detection (GAD) system that serializes a
bad data detector and a novel secondary attack detector designed based on
unique TPS characteristics. With intact position data of trains, our detection
system can effectively detect the FDI attacks on trains' voltage and current
measurements even if the attacker has full and accurate knowledge of the TPS,
attack detection, and real-time system state. In particular, the GAD system
features an adaptive mechanism that ensures low false positive and negative
rates in detecting the attacks under noisy system measurements. Extensive
simulations driven by realistic running profiles of trains verify that a TPS
setup is vulnerable to the FDI attacks, but these attacks can be detected
effectively by the proposed GAD while ensuring a low false positive rate.Comment: IEEE/IFIP DSN-2016 and ACM Trans. on Cyber-Physical System
Comprehensive Security Framework for Global Threats Analysis
Cyber criminality activities are changing and becoming more and more professional. With the growth of financial flows through the Internet and the Information System (IS), new kinds of thread arise involving complex scenarios spread within multiple IS components. The IS information modeling and Behavioral Analysis are becoming new solutions to normalize the IS information and counter these new threads. This paper presents a framework which details the principal and necessary steps for monitoring an IS. We present the architecture of the framework, i.e. an ontology of activities carried out within an IS to model security information and User Behavioral analysis. The results of the performed experiments on real data show that the modeling is effective to reduce the amount of events by 91%. The User Behavioral Analysis on uniform modeled data is also effective, detecting more than 80% of legitimate actions of attack scenarios
False Analog Data Injection Attack Towards Topology Errors: Formulation and Feasibility Analysis
In this paper, we propose a class of false analog data injection attack that
can misguide the system as if topology errors had occurred. By utilizing the
measurement redundancy with respect to the state variables, the adversary who
knows the system configuration is shown to be capable of computing the
corresponding measurement value with the intentionally misguided topology. The
attack is designed such that the state as well as residue distribution after
state estimation will converge to those in the system with a topology error. It
is shown that the attack can be launched even if the attacker is constrained to
some specific meters. The attack is detrimental to the system since
manipulation of analog data will lead to a forged digital topology status, and
the state after the error is identified and modified will be significantly
biased with the intended wrong topology. The feasibility of the proposed attack
is demonstrated with an IEEE 14-bus system.Comment: 5 pages, 7 figures, Proc. of 2018 IEEE Power and Energy Society
General Meetin
Local Cyber-physical Attack with Leveraging Detection in Smart Grid
A well-designed attack in the power system can cause an initial failure and
then results in large-scale cascade failure. Several works have discussed power
system attack through false data injection, line-maintaining attack, and
line-removing attack. However, the existing methods need to continuously attack
the system for a long time, and, unfortunately, the performance cannot be
guaranteed if the system states vary. To overcome this issue, we consider a new
type of attack strategy called combinational attack which masks a line-outage
at one position but misleads the control center on line outage at another
position. Therefore, the topology information in the control center is
interfered by our attack. We also offer a procedure of selecting the vulnerable
lines of its kind. The proposed method can effectively and continuously deceive
the control center in identifying the actual position of line-outage. The
system under attack will be exposed to increasing risks as the attack
continuously. Simulation results validate the efficiency of the proposed attack
strategy.Comment: Accepted by IEEE SmartGridComm 201
Practical Attacks Against Graph-based Clustering
Graph modeling allows numerous security problems to be tackled in a general
way, however, little work has been done to understand their ability to
withstand adversarial attacks. We design and evaluate two novel graph attacks
against a state-of-the-art network-level, graph-based detection system. Our
work highlights areas in adversarial machine learning that have not yet been
addressed, specifically: graph-based clustering techniques, and a global
feature space where realistic attackers without perfect knowledge must be
accounted for (by the defenders) in order to be practical. Even though less
informed attackers can evade graph clustering with low cost, we show that some
practical defenses are possible.Comment: ACM CCS 201
- …