6,896 research outputs found
Local Cyber-Physical Attack for Masking Line Outage and Topology Attack in Smart Grid
Malicious attacks in the power system can eventually result in a large-scale
cascade failure if not attended on time. These attacks, which are traditionally
classified into \emph{physical} and \emph{cyber attacks}, can be avoided by
using the latest and advanced detection mechanisms. However, a new threat
called \emph{cyber-physical attacks} which jointly target both the physical and
cyber layers of the system to interfere the operations of the power grid is
more malicious as compared with the traditional attacks. In this paper, we
propose a new cyber-physical attack strategy where the transmission line is
first physically disconnected, and then the line-outage event is masked, such
that the control center is misled into detecting as an obvious line outage at a
different position in the local area of the power system. Therefore, the
topology information in the control center is interfered by our attack. We also
propose a novel procedure for selecting vulnerable lines, and analyze the
observability of our proposed framework. Our proposed method can effectively
and continuously deceive the control center into detecting fake line-outage
positions, and thereby increase the chance of cascade failure because the
attention is given to the fake outage. The simulation results validate the
efficiency of our proposed attack strategy.Comment: accepted by IEEE Transactions on Smart Grid. arXiv admin note: text
overlap with arXiv:1708.0320
Local Cyber-physical Attack with Leveraging Detection in Smart Grid
A well-designed attack in the power system can cause an initial failure and
then results in large-scale cascade failure. Several works have discussed power
system attack through false data injection, line-maintaining attack, and
line-removing attack. However, the existing methods need to continuously attack
the system for a long time, and, unfortunately, the performance cannot be
guaranteed if the system states vary. To overcome this issue, we consider a new
type of attack strategy called combinational attack which masks a line-outage
at one position but misleads the control center on line outage at another
position. Therefore, the topology information in the control center is
interfered by our attack. We also offer a procedure of selecting the vulnerable
lines of its kind. The proposed method can effectively and continuously deceive
the control center in identifying the actual position of line-outage. The
system under attack will be exposed to increasing risks as the attack
continuously. Simulation results validate the efficiency of the proposed attack
strategy.Comment: Accepted by IEEE SmartGridComm 201
Intrusion Detection System using Bayesian Network Modeling
Computer Network Security has become a critical and important issue due to ever increasing cyber-crimes. Cybercrimes are spanning from simple piracy crimes to information theft in international terrorism. Defence security agencies and other militarily related organizations are highly concerned about the confidentiality and access control of the stored data. Therefore, it is really important to investigate on Intrusion Detection System (IDS) to detect and prevent cybercrimes to protect these systems. This research proposes a novel distributed IDS to detect and prevent attacks such as denial service, probes, user to root and remote to user attacks. In this work, we propose an IDS based on Bayesian network classification modelling technique. Bayesian networks are popular for adaptive learning, modelling diversity network traffic data for meaningful classification details. The proposed model has an anomaly based IDS with an adaptive learning process. Therefore, Bayesian networks have been applied to build a robust and accurate IDS. The proposed IDS has been evaluated against the KDD DAPRA dataset which was designed for network IDS evaluation. The research methodology consists of four different Bayesian networks as classification models, where each of these classifier models are interconnected and communicated to predict on incoming network traffic data. Each designed Bayesian network model is capable of detecting a major category of attack such as denial of service (DoS). However, all four Bayesian networks work together to pass the information of the classification model to calibrate the IDS system. The proposed IDS shows the ability of detecting novel attacks by continuing learning with different datasets. The testing dataset constructed by sampling the original KDD dataset to contain balance number of attacks and normal connections. The experiments show that the proposed system is effective in detecting attacks in the test dataset and is highly accurate in detecting all major attacks recorded in DARPA dataset. The proposed IDS consists with a promising approach for anomaly based intrusion detection in distributed systems. Furthermore, the practical implementation of the proposed IDS system can be utilized to train and detect attacks in live network traffi
PMU Placement in Electric Transmission Networks for Reliable State Estimation against False Data Injection Attacks
Currently the false data injection (FDI) attack bring direct challenges in synchronized phase measurement unit (PMU) based network state estimation in wide-area measurement system (WAMS), resulting in degraded system reliability and power supply security. This paper assesses the performance of state estimation in electric cyber-physical system (ECPS) paradigm considering the presence of FDI attacks. The adverse impact on network state estimation is evaluated through simulations for a range of FDI attack scenarios using IEEE 14-bus network model. In addition, an algorithmic solution is proposed to address the issue of additional PMU installation and placement with cyber security consideration and evaluated for a set of standard electric transmission networks (IEEE 14-bus, 30-bus and 57-bus network). The numerical result confirms that the FDI attack can significantly degrade the state estimation and the cyber security can be improved by an appropriate placement of a limited number of additional PMUs
Attack Resilience and Recovery using Physical Challenge Response Authentication for Active Sensors Under Integrity Attacks
Embedded sensing systems are pervasively used in life- and security-critical
systems such as those found in airplanes, automobiles, and healthcare.
Traditional security mechanisms for these sensors focus on data encryption and
other post-processing techniques, but the sensors themselves often remain
vulnerable to attacks in the physical/analog domain. If an adversary
manipulates a physical/analog signal prior to digitization, no amount of
digital security mechanisms after the fact can help. Fortunately, nature
imposes fundamental constraints on how these analog signals can behave. This
work presents PyCRA, a physical challenge-response authentication scheme
designed to protect active sensing systems against physical attacks occurring
in the analog domain. PyCRA provides security for active sensors by continually
challenging the surrounding environment via random but deliberate physical
probes. By analyzing the responses to these probes, and by using the fact that
the adversary cannot change the underlying laws of physics, we provide an
authentication mechanism that not only detects malicious attacks but provides
resilience against them. We demonstrate the effectiveness of PyCRA through
several case studies using two sensing systems: (1) magnetic sensors like those
found wheel speed sensors in robotics and automotive, and (2) commercial RFID
tags used in many security-critical applications. Finally, we outline methods
and theoretical proofs for further enhancing the resilience of PyCRA to active
attacks by means of a confusion phase---a period of low signal to noise ratio
that makes it more difficult for an attacker to correctly identify and respond
to PyCRA's physical challenges. In doing so, we evaluate both the robustness
and the limitations of PyCRA, concluding by outlining practical considerations
as well as further applications for the proposed authentication mechanism.Comment: Shorter version appeared in ACM ACM Conference on Computer and
Communications (CCS) 201
- …