OnionBots: Subverting Privacy Infrastructure for Cyber Attacks

Over the last decade botnets survived by adopting a sequence of increasingly sophisticated strategies to evade detection and take overs, and to monetize their infrastructure. At the same time, the success of privacy infrastructures such as Tor opened the door to illegal activities, including botnets, ransomware, and a marketplace for drugs and contraband. We contend that the next waves of botnets will extensively subvert privacy infrastructure and cryptographic mechanisms. In this work we propose to preemptively investigate the design and mitigation of such botnets. We first, introduce OnionBots, what we believe will be the next generation of resilient, stealthy botnets. OnionBots use privacy infrastructures for cyber attacks by completely decoupling their operation from the infected host IP address and by carrying traffic that does not leak information about its source, destination, and nature. Such bots live symbiotically within the privacy infrastructures to evade detection, measurement, scale estimation, observation, and in general all IP-based current mitigation techniques. Furthermore, we show that with an adequate self-healing network maintenance scheme, that is simple to implement, OnionBots achieve a low diameter and a low degree and are robust to partitioning under node deletions. We developed a mitigation technique, called SOAP, that neutralizes the nodes of the basic OnionBots. We also outline and discuss a set of techniques that can enable subsequent waves of Super OnionBots. In light of the potential of such botnets, we believe that the research community should proactively develop detection and mitigation methods to thwart OnionBots, potentially making adjustments to privacy infrastructure.Comment: 12 pages, 8 figure

MATCASC: A tool to analyse cascading line outages in power grids

Blackouts in power grids typically result from cascading failures. The key importance of the electric power grid to society encourages further research into sustaining power system reliability and developing new methods to manage the risks of cascading blackouts. Adequate software tools are required to better analyze, understand, and assess the consequences of the cascading failures. This paper presents MATCASC, an open source MATLAB based tool to analyse cascading failures in power grids. Cascading effects due to line overload outages are considered. The applicability of the MATCASC tool is demonstrated by assessing the robustness of IEEE test systems and real-world power grids with respect to cascading failures

Space Weather and Power Grids - A Vulnerability Assessment

Strong geomagnetic disturbances resulting from solar activity can have a major impact on ground-based infrastructures, such as power grids, pipelines and railway systems. The high voltage transmission network is particularly affected as currents induced by geomagnetic storms, so-called GICs, can severely damage network equipment possibly leading to system collapse. Therefore, increasing attention has been devoted to understanding the vulnerability of power grids to space weather conditions. In this study, we aim at analysing the vulnerability of power grids to extreme space weather. By means of complex network theory, we propose an analysis approach to understand how geomagnetically induced currents are driven through the power network based on its structural and physical characteristics. As a test network we used the Finnish power grid for which a study using network centrality measures was carried out to understand which components are the most critical for the system when exposed to an electric field of 1V/km. This information is helpful as the identification and ranking of critical components can help to identify where and how mitigation measures should be implemented to increase the system’s resilience to space weather impact. We have also subjected the grid to varying angles of the electric field. In addition, we have carried out a scoping study adding load flow to the GICs induced in the system. The preliminary results suggest that the benchmark system can resist GICs induced from high intensity electric fields. Moreover, the simplified network seems more prone to collapse if the electric field is oriented northward. Work is underway to further validate and expand our approach with the aim to eventually carry out a risk assessment of space weather impact on the power grid at EU level.JRC.G.5-Security technology assessmen

Analysis of Bulk Power System Resilience Using Vulnerability Graph

Critical infrastructure such as a Bulk Power System (BPS) should have some quantifiable measure of resiliency and definite rule-sets to achieve a certain resilience value. Industrial Control System (ICS) and Supervisory Control and Data Acquisition (SCADA) networks are integral parts of BPS. BPS or ICS are themselves not vulnerable because of their proprietary technology, but when the control network and the corporate network need to have communications for performance measurements and reporting, the ICS or BPS become vulnerable to cyber-attacks. Thus, a systematic way of quantifying resiliency and identifying crucial nodes in the network is critical for addressing the cyber resiliency measurement process. This can help security analysts and power system operators in the decision-making process. This thesis focuses on the resilience analysis of BPS and proposes a ranking algorithm to identify critical nodes in the network. Although there are some ranking algorithms already in place, but they lack comprehensive inclusion of the factors that are critical in the cyber domain. This thesis has analyzed a range of factors which are critical from the point of view of cyber-attacks and come up with a MADM (Multi-Attribute Decision Making) based ranking method. The node ranking process will not only help improve the resilience but also facilitate hardening the network from vulnerabilities and threats. The proposed method is called MVNRank which stands for Multiple Vulnerability Node Rank. MVNRank algorithm takes into account the asset value of the hosts, the exploitability and impact scores of vulnerabilities as quantified by CVSS (Common Vulnerability Scoring System). It also considers the total number of vulnerabilities and severity level of each vulnerability, degree centrality of the nodes in vulnerability graph and the attacker’s distance from the target node. We are using a multi-layered directed acyclic graph (DAG) model and ranking the critical nodes in the corporate and control network which falls in the paths to the target ICS. We don\u27t rank the ICS nodes but use them to calculate the potential power loss capability of the control center nodes using the assumed ICS connectivity to BPS. Unlike most of the works, we have considered multiple vulnerabilities for each node in the network while generating the rank by using a weighted average method. The resilience computation is highly time consuming as it considers all the possible attack paths from the source to the target node which increases in a multiplicative manner based on the number of nodes and vulnerabilities. Thus, one of the goals of this thesis is to reduce the simulation time to compute resilience which is achieved as illustrated in the simulation results

A Critical Review of Robustness in Power Grids using Complex Networks Concepts

Complex network theory for analyzing robustness in energy gridsThis paper reviews the most relevant works that have investigated robustness in power grids using Complex Networks (CN) concepts. In this broad field there are two different approaches. The first one is based solely on topological concepts, and uses metrics such as mean path length, clustering coefficient, efficiency and betweenness centrality, among many others. The second, hybrid approach consists of introducing (into the CN framework) some concepts from Electrical Engineering (EE) in the effort of enhancing the topological approach, and uses novel, more efficient electrical metrics such as electrical betweenness, net-ability, and others. There is however a controversy about whether these approaches are able to provide insights into all aspects of real power grids. The CN community argues that the topological approach does not aim to focus on the detailed operation, but to discover the unexpected emergence of collective behavior, while part of the EE community asserts that this leads to an excessive simplification. Beyond this open debate it seems to be no predominant structure (scale-free, small-world) in high-voltage transmission power grids, the vast majority of power grids studied so far. Most of them have in common that they are vulnerable to targeted attacks on the most connected nodes and robust to random failure. In this respect there are only a few works that propose strategies to improve robustness such as intentional islanding, restricted link addition, microgrids and smart grids, for which novel studies suggest that small-world networks seem to be the best topology.This work has been partially supported by the project TIN2014-54583-C2-2-R from the Spanish Ministerial Commission of Science and Technology (MICYT), by the project S2013/ICE-2933 from Comunidad de Madrid and by the project FUTURE GRIDS-2020 from the Basque Government

Vulnerability and Resilience Assessment of Power Systems: From Deterioration to Recovery via a Topological Model based on Graph Theory

Traditionally, vulnerability is the level of degradation caused by failures or disturbances, and resilience is the ability to recover after a high-impact event. This paper presents a topological procedure based on graph theory to evaluate the vulnerability and resilience of power grids. A cascading failures model is developed by eliminating lines both deliberately and randomly, and four restoration strategies inspired by the network approach are proposed. In the two cases, the degradation and recovery of the electrical infrastructure are quantified through four centrality measures. Here, an index called flow-capacity is proposed to measure the level of network overload during the iterative processes. The developed sequential framework was tested on a graph of 600 nodes and 1196 edges built from the 400 kV high-voltage power system in Spain. The conclusions obtained show that the statistical graph indices measure different topological aspects of the network, so it is essential to combine the results to obtain a broader view of the structural behaviour of the infrastructure