Noise Resilient Learning for Attack Detection in Smart Grid Pmu Infrastructure

Falsified data from compromised Phasor Measurement Units (PMUs) in a smart grid induce Energy Management Systems (EMS) to have an inaccurate estimation of the state of the grid, disrupting various operations of the power grid. Moreover, the PMUs deployed at the distribution layer of a smart grid show dynamic fluctuations in their data streams, which make it extremely challenging to design effective learning frameworks for anomaly-based attack detection. In this paper, we propose a noise resilient learning framework for anomaly-based attack detection specifically for distribution layer PMU infrastructure, that show real time indicators of data falsifications attacks while offsetting the effect of false alarms caused by the noise. Specifically, we propose a feature extraction framework that uses some Pythagorean Means of the active power from a cluster of PMUs, reducing multi-dimensional nature of the PMU data streams via quick big data summarization. We also propose a robust and noise resilient methodology for learning thresholds based on generalized robust estimation theory of our invariant feature. We experimentally validate our approach and demonstrate improved reliability performance using two completely different datasets collected from real distribution level PMU infrastructures

Active Learning Augmented Folded Gaussian Model for Anomaly Detection in Smart Transportation

Smart transportation networks have become instrumental in smart city applications with the potential to enhance road safety, improve the traffic management system and driving experience. A Traffic Message Channel (TMC) is an IoT device that records the data collected from the vehicles and forwards it to the Roadside Units (RSUs). This data is further processed and shared with the vehicles to inquire the fastest route and incidents that can cause significant delays. The failure of the TMC sensors can have adverse effects on the transportation network. In this paper, we propose a Gaussian distribution-based trust scoring model to identify anomalous TMC devices. Then we propose a semi-supervised active learning approach that reduces the manual labeling cost to determine the threshold to classify the honest and malicious devices. Extensive simulation results using real-world vehicular data from Nashville are provided to verify the accuracy of the proposed method

Impact Assessment, Detection, And Mitigation Of False Data Attacks In Electrical Power Systems

The global energy market has seen a massive increase in investment and capital flow in the last few decades. This has completely transformed the way power grids operate - legacy systems are now being replaced by advanced smart grid infrastructures that attest to better connectivity and increased reliability. One popular example is the extensive deployment of phasor measurement units, which is referred to PMUs, that constantly provide time-synchronized phasor measurements at a high resolution compared to conventional meters. This enables system operators to monitor in real-time the vast electrical network spanning thousands of miles. However, a targeted cyber attack on PMUs can prompt operators to take wrong actions that can eventually jeopardize the power system reliability. Such threats originating from the cyber-space continue to increase as power grids become more dependent on PMU communication networks. Additionally, these threats are becoming increasingly efficient in remaining undetected for longer periods while gaining deep access into the power networks. An attack on the energy sector immediately impacts national defense, emergency services, and all aspects of human life. Cyber attacks against the electric grid may soon become a tactic of high-intensity warfare between nations in near future and lead to social disorder. Within this context, this dissertation investigates the cyber security of PMUs that affects critical decision-making for a reliable operation of the power grid. In particular, this dissertation focuses on false data attacks, a key vulnerability in the PMU architecture, that inject, alter, block, or delete data in devices or in communication network channels. This dissertation addresses three important cyber security aspects - (1) impact assessment, (2) detection, and (3) mitigation of false data attacks. A comprehensive background of false data attack models targeting various steady-state control blocks is first presented. By investigating inter-dependencies between the cyber and the physical layers, this dissertation then identifies possible points of ingress and categorizes risk at different levels of threats. In particular, the likelihood of cyber attacks against the steady-state power system control block causing the worst-case impacts such as cascading failures is investigated. The case study results indicate that false data attacks do not often lead to widespread blackouts, but do result in subsequent line overloads and load shedding. The impacts are magnified when attacks are coordinated with physical failures of generators, transformers, or heavily loaded lines. Further, this dissertation develops a data-driven false data attack detection method that is independent of existing in-built security mechanisms in the state estimator. It is observed that a convolutional neural network classifier can quickly detect and isolate false measurements compared to other deep learning and traditional classifiers. Finally, this dissertation develops a recovery plan that minimizes the consequence of threats when sophisticated attacks remain undetected and have already caused multiple failures. Two new controlled islanding methods are developed that minimize the impact of attacks under the lack of, or partial information on the threats. The results indicate that the system operators can successfully contain the negative impacts of cyber attacks while creating stable and observable islands. Overall, this dissertation presents a comprehensive plan for fast and effective detection and mitigation of false data attacks, improving cyber security preparedness, and enabling continuity of operations

Impact Assessment, Detection, and Mitigation of False Data Attacks in Electrical Power Systems

The global energy market has seen a massive increase in investment and capital flow in the last few decades. This has completely transformed the way power grids operate - legacy systems are now being replaced by advanced smart grid infrastructures that attest to better connectivity and increased reliability. One popular example is the extensive deployment of phasor measurement units, which is referred to PMUs, that constantly provide time-synchronized phasor measurements at a high resolution compared to conventional meters. This enables system operators to monitor in real-time the vast electrical network spanning thousands of miles. However, a targeted cyber attack on PMUs can prompt operators to take wrong actions that can eventually jeopardize the power system reliability. Such threats originating from the cyber-space continue to increase as power grids become more dependent on PMU communication networks. Additionally, these threats are becoming increasingly efficient in remaining undetected for longer periods while gaining deep access into the power networks. An attack on the energy sector immediately impacts national defense, emergency services, and all aspects of human life. Cyber attacks against the electric grid may soon become a tactic of high-intensity warfare between nations in near future and lead to social disorder. Within this context, this dissertation investigates the cyber security of PMUs that affects critical decision-making for a reliable operation of the power grid. In particular, this dissertation focuses on false data attacks, a key vulnerability in the PMU architecture, that inject, alter, block, or delete data in devices or in communication network channels. This dissertation addresses three important cyber security aspects - (1) impact assessment, (2) detection, and (3) mitigation of false data attacks. A comprehensive background of false data attack models targeting various steady-state control blocks is first presented. By investigating inter-dependencies between the cyber and the physical layers, this dissertation then identifies possible points of ingress and categorizes risk at different levels of threats. In particular, the likelihood of cyber attacks against the steady-state power system control block causing the worst-case impacts such as cascading failures is investigated. The case study results indicate that false data attacks do not often lead to widespread blackouts, but do result in subsequent line overloads and load shedding. The impacts are magnified when attacks are coordinated with physical failures of generators, transformers, or heavily loaded lines. Further, this dissertation develops a data-driven false data attack detection method that is independent of existing in-built security mechanisms in the state estimator. It is observed that a convolutional neural network classifier can quickly detect and isolate false measurements compared to other deep learning and traditional classifiers. Finally, this dissertation develops a recovery plan that minimizes the consequence of threats when sophisticated attacks remain undetected and have already caused multiple failures. Two new controlled islanding methods are developed that minimize the impact of attacks under the lack of, or partial information on the threats. The results indicate that the system operators can successfully contain the negative impacts of cyber attacks while creating stable and observable islands. Overall, this dissertation presents a comprehensive plan for fast and effective detection and mitigation of false data attacks, improving cyber security preparedness, and enabling continuity of operations

Opportunistic Spectrum Utilization by Cognitive Radio Networks: Challenges and Solutions

Cognitive Radio Network (CRN) is an emerging paradigm that makes use of Dynamic Spectrum Access (DSA) to communicate opportunistically, in the un-licensed Industrial, Scientific and Medical bands or frequency bands otherwise licensed to incumbent users such as TV broadcast. Interest in the development of CRNs is because of severe under-utilization of spectrum bands by the incumbent Primary Users (PUs) that have the license to use them coupled with an ever-increasing demand for unlicensed spectrum for a variety of new mobile and wireless applications. The essence of Cognitive Radio (CR) operation is the cooperative and opportunistic utilization of licensed spectrum bands by the Secondary Users (SUs) that collectively form the CRN without causing any interference to PUs\u27 communications. CRN operation is characterized by factors such as network-wide quiet periods for cooperative spectrum sensing, opportunistic/dynamic spectrum access and non-deterministic operation of PUs. These factors can have a devastating impact on the overall throughput and can significantly increase the control overheads. Therefore, to support the same level of QoS as traditional wireless access technologies, very closer interaction is required between layers of the protocol stack. Opportunistic spectrum utilization without causing interference to the PUs is only possible if the SUs periodically sense the spectrum for the presence of PUs\u27 signal. To minimize the effects of hardware capabilities, terrain features and PUs\u27 transmission ranges, DSA is undertaken in a collaborative manner where SUs periodically carry out spectrum sensing in their respective geographical locations. Collaborative spectrum sensing has numerous security loopholes and can be favorable to malicious nodes in the network that may exploit vulnerabilities associated with DSA such as launching a spectrum sensing data falsification (SSDF) attack. Some CRN standards such as the IEEE 802.22 wireless regional area network employ a two-stage quiet period mechanism based on a mandatory Fast Sensing and an optional Fine Sensing stage for DSA. This arrangement is meant to strike a balance between the conflicting goals of proper protection of incumbent PUs\u27 signals and optimum QoS for SUs so that only as much time is spent for spectrum sensing as needed. Malicious nodes in the CRN however, can take advantage of the two-stage spectrum sensing mechanism to launch smart denial of service (DoS) jamming attacks on CRNs during the fast sensing stage. Coexistence protocols enable collocated CRNs to contend for and share the available spectrum. However, most coexistence protocols do not take into consideration the fact that channels of the available spectrum can be heterogeneous in the sense that they can vary in their characteristics and quality such as SNR or bandwidth. Without any mechanism to enforce fairness in accessing varying quality channels, ensuring coexistence with minimal contention and efficient spectrum utilization for CRNs is likely to become a very difficult task. The cooperative and opportunistic nature of communication has many challenges associated with CRNs\u27 operation. In view of the challenges described above, this dissertation presents solutions including cross-layer approaches, reputation system, optimization and game theoretic approaches to handle (1) degradation in TCP\u27s throughput resulting from packet losses and disruptions in spectrum availability due non-deterministic use of spectrum by the PUs (2) presence of malicious SUs in the CRN that may launch various attacks on CRNs\u27 including SSDF and jamming and (3) sharing of heterogeneous spectrum resources among collocated CRNs without a centralized mechanism to enforce cooperation among otherwise non-cooperative CRN

Cyber-Physical Security of Power Distribution Systems

Smart grids have been witnessing continuous and rapid radical developments in the recent years. With the aim towards a more sustainable energy system, the share of distributed generation resources is ever-increasing and transforming the traditional operations of the power grids. Along with these allocated resources, an ensemble of smart measurement devices, multiple communication layers, sophisticated distributed control techniques and interconnection of system equipment represent the pillars that support the modernization of these power networks. This progress has undoubtedly enabled a more efficient and accurate operation of the power networks. At the same time, it has created vulnerability points and challenges that endanger the safety and security of the smart grids operation. The cyber-physical security of smart grids has consequently become a priority and a major challenge to ensure a reliable and safe operation of the power grid. The resiliency of the grid depends on our ability to design smart grid that can withstand threats and be able to mitigate against different attack scenarios. Cyber-physical security is currently an active area of research, and threats that target critical operation components have been classified and investigated in the literature. However, many of the research efforts have focused on the threats on the transmission level, with the intention of extending the protection, detection and mitigation strategies to the distribution level. Nevertheless, many of the performed analysis is not suitable for Power Distribution Systems (PDS) due to the inherently different characteristics of these systems. This thesis first investigates and addresses the stealthy False Data Injection (FDI) attacks on the PDS, which target the Distribution Systems Optimal Power (DSOPF) Flow and are not detectable by traditional Bad Data Detection (BDD) methods. The attacks formulation is based on the Branch Current State Estimation (BCSE), which allows separation of the phases, thus full analysis on the unbalanced three-phase system is performed. In specific, it is shown how an adversary, having access to system measurements and topology, is able to maximize the system losses. By launching FDI attacks that target the Distribution Systems State Estimation (DSSE), the adversary constructs the attack vectors that drive the objective function in the opposite direction of optimality. Optimal attack strategy effects is investigated. The results demonstrate the increase in system losses after corrupting the measurements. Second, a machine learning technique is proposed as a protection measure against the cyber-physical threats to detect the FDI attacks. Although FDI vectors cannot be detected by conventional BDD techniques, exploiting the historical data enables a more thorough analysis and a better detection advantage of anomalies in the measurements. Recurrent Neural Networks (RNN) is applied on the stream of data measurements to identify any anomaly, which represents a compromised measurement, by analyzing multiple points across the measurement vector and multiple time steps. The temporal correlation of data points is the basis of identifying attack vectors. The results of the RNN model indicate an overall strong ability to detect the stealthy attacks

An Approach to Guide Users Towards Less Revealing Internet Browsers

When browsing the Internet, HTTP headers enable both clients and servers send extra data in their requests or responses such as the User-Agent string. This string contains information related to the sender’s device, browser, and operating system. Previous research has shown that there are numerous privacy and security risks result from exposing sensitive information in the User-Agent string. For example, it enables device and browser fingerprinting and user tracking and identification. Our large analysis of thousands of User-Agent strings shows that browsers differ tremendously in the amount of information they include in their User-Agent strings. As such, our work aims at guiding users towards using less exposing browsers. In doing so, we propose to assign an exposure score to browsers based on the information they expose and vulnerability records. Thus, our contribution in this work is as follows: first, provide a full implementation that is ready to be deployed and used by users. Second, conduct a user study to identify the effectiveness and limitations of our proposed approach. Our implementation is based on using more than 52 thousand unique browsers. Our performance and validation analysis show that our solution is accurate and efficient. The source code and data set are publicly available and the solution has been deployed

Improving Security for the Internet of Things: Applications of Blockchain, Machine Learning and Inter-Pulse Interval

The Internet of Things (IoT) is a concept where physical objects of various sizes can seamlessly connect and communicate with each other without human intervention. The concept covers various applications, including healthcare, utility services, automotive/vehicular transportation, smart agriculture and smart city. The number of interconnected IoT devices has recently grown rapidly as a result of technological advancement in communications and computational systems. Consequently, this trend also highlights the need to address issues associated with IoT, the biggest risk of which is commonly known to be security. This thesis focuses on three selected security challenges from the IoT application areas of connected and autonomous vehicles (CAVs), Internet of Flying Things (IoFT), and human body interface and control systems (HBICS). For each of these challenges, a novel and innovative solution is proposed to address the identified problems. The research contributions of this thesis to the literature can be summarised as follows: • A blockchain-based conditionally anonymised pseudonym management scheme for CAVs, supporting multi-jurisdictional road networks. • A Sybil attack detection scheme for IoFT using machine learning carried out on intrinsically generated physical layer data of radio signals. • A potential approach of using inter-pulse interval (IPI) biometrics for frequency hopping to mitigate jamming attacks on HBICS devices

DRONE DELIVERY OF CBNRECy – DEW WEAPONS Emerging Threats of Mini-Weapons of Mass Destruction and Disruption (WMDD)

Drone Delivery of CBNRECy – DEW Weapons: Emerging Threats of Mini-Weapons of Mass Destruction and Disruption (WMDD) is our sixth textbook in a series covering the world of UASs and UUVs. Our textbook takes on a whole new purview for UAS / CUAS/ UUV (drones) – how they can be used to deploy Weapons of Mass Destruction and Deception against CBRNE and civilian targets of opportunity. We are concerned with the future use of these inexpensive devices and their availability to maleficent actors. Our work suggests that UASs in air and underwater UUVs will be the future of military and civilian terrorist operations. UAS / UUVs can deliver a huge punch for a low investment and minimize human casualties.https://newprairiepress.org/ebooks/1046/thumbnail.jp