31 research outputs found
Design of Real-Time Simulation Testbed for Advanced Metering Infrastructure (Ami) Network
Conventional power grids are being superseded by smart grids, which have smart meters as
one of the key components. Currently, for the smart metering communication, wireless technologies
have predominantly replaced the traditional Power Line Communication (PLC). Different
vendors manufacture smart meters using different wireless communication technologies. For example,
some vendors use WiMAX, others prefer Low-Power Wireless Personal Area Networks
(Lo-WPAN) for the Media Access Control (MAC) and physical layer of the smart meter network,
also known as Advanced Metering Infrastructure (AMI) network. Different communication techniques
are used in various components of an AMI network. Thus, it is essential to create a testbed
to evaluate the performance of a new wireless technology or a novel protocol to the network. It
is risky to study cyber-security threats in an operational network. Hence, a real-time simulation
testbed is considered as a substitute to capture communication among cyber-physical subsystems.
To design the communication part of our testbed, we explored a Cellular Internet of Things (CIoT)
: Co-operative Ultra NarrowBand (C-UNB) technology for the physical and the MAC layer of
the Neighborhood Area Network (NAN) of the AMI. After successful evaluation of its performance
in a Simpy python simulator, we integrated a module into Network Simulator-3 (NS-3). As NS-3
provides a platform to incorporate real-time traffic to the AMI network, we can inject traffic from
power simulators like Real Time Digital Simulator (RTDS). Our testbed was used to make a comparative
study of different wireless technologies such as IEEE 802.11ah, WiMAX, and Long Term
Evolution (LTE). For the traffic, we used HTTP and Constrained Application Protocol (CoAP),
a widely used protocol in IoT. Additionally, we integrated the NS-3 module of Device Language
Message Specification - Companion Specification for Energy Metering (DLMS-COSEM), that
follows the IEC 62056 standards for electricity metering data exchange. This module which comprises
of application and transport layers works in addition with the physical and MAC layer of the
ii
C-UNB module.
Since wireless communication is prone to eavesdropping and information leakages, it is crucial
to conduct security studies on these networks. Hence, we performed some cyber-attacks such
as Denial of Service (DoS), Address Resolution Protocol (ARP) spoofing and Man-in-the-Middle
(MiTM) attacks in the testbed, to analyze their impact on normal operation of AMI network. Encryption
techniques can alleviate the issue of data hijacking, but makes the network traffic invisible,
which prevents conventional Intrusion Detection Systems (IDS) from undertaking packet-level inspection.
Thus, we developed a Bayesian-based IDS for ARP spoof detection to prevent rogue
smart meters from modifying genuine data or injecting false data.
The proposed real time simulation testbed is successfully utilized to perform delay and throughput
analysis for the existing wireless technologies alongwith the evaluation of the novel features of
C-UNB module in NS-3. This module can be used to evaluate a broad range of traffic. Using the
testbed we also validated our IDS for ARP spoofing attack. This work can be further utilized by
security researchers to study different cyber attacks in the AMI network and propose new attack
prevention and detection solution. Moreover, it can also allow wireless communication researchers
to improve our C-UNB module for NS-3
Papr analysis and channel estimation techniques for 3GPP LTE system
High data rates and secured data communication has become an unavoidable need of every mobile users. 3G technology provided greater data speed and secured networks compared to its predecessor 2G or 2.5G. The highest bit rates in commercially deployed wireless systems are achieved by means of Orthogonal Frequency Division Multiplexing (OFDM) [1]. The next advance in cellular systems, under investigation by Third Generation Partnership Project (3GPP), also anticipates the adoption of OFDMA to achieve high data rates. But a modified form of OFDMA i.e. SCFDMA (Single Carrier FDMA) having similar throughput performance and essentially the same complexity has been implemented as it has an edge over OFDMA having lower PAPR (peak to average power ratio) [2]. SCFDMA is currently a strong candidate for the uplink multiple access in the Long Term Evolution of cellular systems under consideration by the 3GPP. In our project we have worked on PAPR analysis of OFDMA, SCFDMA and various other SCFDMA (with different subcarrier mapping). Though SCFDMA had larger ISI it has lower PAPR which help in avoiding the need of an efficient linear power amplifier. We have analyzed various modulation techniques and implemented various kinds of pulse shaping filters and compared the PAPR for IFDMA, DFDMA and LFDMA (kinds of SCFDMA). Like other communication systems, in SCFDMA we encounter many trade-offs between design parameters (such as roll-off factor) and performance.
The project report also constitutes the channel estimation techniques implemented in OFDM systems. Due to multipath fading the channel impulse response fluctuates for different subcarriers in different time slots. But with channel estimation OFDM systems can use coherent detection instead of differential. For MIMO system like OFDM channel information is vital for diversity combining and interference suppression [3]. So we need to estimate the channel as accurately as possible. As we have taken a slow Rayleigh fading channel in our study we used block type pilot arrangement channel estimation which uses LS (least square), MMSE (minimum mean square error) estimator. Due to higher complexity of the MMSE estimator, modified MMSE is implemented where tradeoff is made with performance. Here we have compared various channel estimation techniques used in OFDM systems. There are various other adaptive estimation techniques like LMS and RLS for estimating blind channels and comb type pilot arrangement estimation techniques for fast fading channels
A Firewall Optimization for Threat-Resilient Micro-Segmentation in Power System Networks
Electric power delivery relies on a communications backbone that must be
secure. SCADA systems are essential to critical grid functions and include
industrial control systems (ICS) protocols such as the Distributed Network
Protocol-3 (DNP3). These protocols are vulnerable to cyber threats that power
systems, as cyber-physical critical infrastructure, must be protected against.
For this reason, the NERC Critical Infrastructure Protection standard CIP-005-5
specifies that an electronic system perimeter is needed, accomplished with
firewalls. This paper presents how these electronic system perimeters can be
optimally found and generated using a proposed meta-heuristic approach for
optimal security zone formation for large-scale power systems. Then, to
implement the optimal firewall rules in a large scale power system model, this
work presents a prototype software tool that takes the optimization results and
auto-configures the firewall nodes for different utilities in a cyber-physical
testbed. Using this tool, firewall policies are configured for all the
utilities and their substations within a synthetic 2000-bus model, assuming two
different network topologies. Results generate the optimal electronic security
perimeters to protect a power system's data flows and compare the number of
firewalls, monetary cost, and risk alerts from path analysis.Comment: 12 pages, 22 figure
Multi-Source Data Fusion for Cyberattack Detection in Power Systems
Cyberattacks can cause a severe impact on power systems unless detected
early. However, accurate and timely detection in critical infrastructure
systems presents challenges, e.g., due to zero-day vulnerability exploitations
and the cyber-physical nature of the system coupled with the need for high
reliability and resilience of the physical system. Conventional rule-based and
anomaly-based intrusion detection system (IDS) tools are insufficient for
detecting zero-day cyber intrusions in the industrial control system (ICS)
networks. Hence, in this work, we show that fusing information from multiple
data sources can help identify cyber-induced incidents and reduce false
positives. Specifically, we present how to recognize and address the barriers
that can prevent the accurate use of multiple data sources for fusion-based
detection. We perform multi-source data fusion for training IDS in a
cyber-physical power system testbed where we collect cyber and physical side
data from multiple sensors emulating real-world data sources that would be
found in a utility and synthesizes these into features for algorithms to detect
intrusions. Results are presented using the proposed data fusion application to
infer False Data and Command injection-based Man-in- The-Middle (MiTM) attacks.
Post collection, the data fusion application uses time-synchronized merge and
extracts features followed by pre-processing such as imputation and encoding
before training supervised, semi-supervised, and unsupervised learning models
to evaluate the performance of the IDS. A major finding is the improvement of
detection accuracy by fusion of features from cyber, security, and physical
domains. Additionally, we observed the co-training technique performs at par
with supervised learning methods when fed with our features
Addressing Uncertainty in Cyber-Physical Power Systems - Modeling to Integration in a Cyber-Physical Energy Management System
Energy infrastructures are mission critical cyber-physical systems that are targets of persistent cyber attacks. While introducing new computing technologies and networks in power systems adds new capabilities for monitoring and control, dealing with the vast quantity of diverse devices with unknown trustworthiness and origin that can connect to the network and whose impact on operational reliability is also unknown is a frightening prospect. The threat landscape today is ex-tensive and constantly changing. Hence, to design resilient power systems it is inherent to develop cyber-physical models that can provide a platform to study the impact of cyber threats in a large scale interconnected grid as well as to propose a defense mechanism to operate them resiliently.
This work proposes a synthetic communication network model for synthetic electric grid with a novel contribution of designing optimized firewall model that follows NERC-CIP-005 standards. The proposed cyber model for the electric grid is validated through creation of a cyber physical testbed RESLab which integrates multiple simulators, emulators and hardware devices to implement threat models targeting critical operations. A multi-sensor multi-domain fusion methodology is proposed to integrate sensor data from physical, cyber and security emulators. Given the un-certainty and untrustworthiness of these sensors under the compromised state, the real-time data generated in the testbed is treated with a theory of uncertainty called Dempster Shafer Theory of Evidence, to improve the inferencing of intrusion for better detection. This approach improved the performance in comparison to the conventional supervised and semi-supervised learning techniques. But a major limitation of this approach is that it does not easily support utilization of the existing domain knowledge. Hence, a Bayesian Approach is undertaken for inferencing and learning the structure of a novel cyber attack model, called Bayesian Attack Graph. The outcome of this approach is considered for risk assessment in Cyber Physical Dynamic Situational Awareness, necessary for state-estimation as well as partially observable control problem.
Controlling the grid operations under uncertainty is another big challenge which is currently addressed with various data-driven approaches from the machine learning fraternity. In the work, we have developed environment for making uncertain MDP models, called Partially Observable MDPs, for the power system cases and solve the control problem using Bayesian Reinforcement Learning that follows the principles of Bayesian Inferencing. A challenge for the control problem is selection of an appropriate metric to optimize, as resilience is time, situation, and state dependent. Hence, an adaptive resilience metric quantification mechanism using Inverse Reinforcement Learning is proposed that not only learns a resilience metric but improves the performance of learning an optimal policy for resilient control.
The proposed algorithms for communication network modeling, inferencing under uncertainty, and integration with the testbed are validated by developing software applications and incorporating them with the CYPRES Energy Management System
Design of Real-Time Simulation Testbed for Advanced Metering Infrastructure (Ami) Network
Conventional power grids are being superseded by smart grids, which have smart meters as
one of the key components. Currently, for the smart metering communication, wireless technologies
have predominantly replaced the traditional Power Line Communication (PLC). Different
vendors manufacture smart meters using different wireless communication technologies. For example,
some vendors use WiMAX, others prefer Low-Power Wireless Personal Area Networks
(Lo-WPAN) for the Media Access Control (MAC) and physical layer of the smart meter network,
also known as Advanced Metering Infrastructure (AMI) network. Different communication techniques
are used in various components of an AMI network. Thus, it is essential to create a testbed
to evaluate the performance of a new wireless technology or a novel protocol to the network. It
is risky to study cyber-security threats in an operational network. Hence, a real-time simulation
testbed is considered as a substitute to capture communication among cyber-physical subsystems.
To design the communication part of our testbed, we explored a Cellular Internet of Things (CIoT)
: Co-operative Ultra NarrowBand (C-UNB) technology for the physical and the MAC layer of
the Neighborhood Area Network (NAN) of the AMI. After successful evaluation of its performance
in a Simpy python simulator, we integrated a module into Network Simulator-3 (NS-3). As NS-3
provides a platform to incorporate real-time traffic to the AMI network, we can inject traffic from
power simulators like Real Time Digital Simulator (RTDS). Our testbed was used to make a comparative
study of different wireless technologies such as IEEE 802.11ah, WiMAX, and Long Term
Evolution (LTE). For the traffic, we used HTTP and Constrained Application Protocol (CoAP),
a widely used protocol in IoT. Additionally, we integrated the NS-3 module of Device Language
Message Specification - Companion Specification for Energy Metering (DLMS-COSEM), that
follows the IEC 62056 standards for electricity metering data exchange. This module which comprises
of application and transport layers works in addition with the physical and MAC layer of the
ii
C-UNB module.
Since wireless communication is prone to eavesdropping and information leakages, it is crucial
to conduct security studies on these networks. Hence, we performed some cyber-attacks such
as Denial of Service (DoS), Address Resolution Protocol (ARP) spoofing and Man-in-the-Middle
(MiTM) attacks in the testbed, to analyze their impact on normal operation of AMI network. Encryption
techniques can alleviate the issue of data hijacking, but makes the network traffic invisible,
which prevents conventional Intrusion Detection Systems (IDS) from undertaking packet-level inspection.
Thus, we developed a Bayesian-based IDS for ARP spoof detection to prevent rogue
smart meters from modifying genuine data or injecting false data.
The proposed real time simulation testbed is successfully utilized to perform delay and throughput
analysis for the existing wireless technologies alongwith the evaluation of the novel features of
C-UNB module in NS-3. This module can be used to evaluate a broad range of traffic. Using the
testbed we also validated our IDS for ARP spoofing attack. This work can be further utilized by
security researchers to study different cyber attacks in the AMI network and propose new attack
prevention and detection solution. Moreover, it can also allow wireless communication researchers
to improve our C-UNB module for NS-3
Inferring adversarial behaviour in cyber‐physical power systems using a Bayesian attack graph approach
Abstract Highly connected smart power systems are subject to increasing vulnerabilities and adversarial threats. Defenders need to proactively identify and defend new high‐risk access paths of cyber intruders that target grid resilience. However, cyber‐physical risk analysis and defense in power systems often requires making assumptions on adversary behaviour, and these assumptions can be wrong. Thus, this work examines the problem of inferring adversary behaviour in power systems to improve risk‐based defense and detection. To achieve this, a Bayesian approach for inference of the Cyber‐Adversarial Power System (Bayes‐CAPS) is proposed that uses Bayesian networks (BNs) to define and solve the inference problem of adversarial movement in the grid infrastructure towards targets of physical impact. Specifically, BNs are used to compute conditional probabilities to queries, such as the probability of observing an event given a set of alerts. Bayes‐CAPS builds initial Bayesian attack graphs for realistic power system cyber‐physical models. These models are adaptable using collected data from the system under study. Then, Bayes‐CAPS computes the posterior probabilities of the occurrence of a security breach event in power systems. Experiments are conducted that evaluate algorithms based on time complexity, accuracy and impact of evidence for different scales and densities of network. The performance is evaluated and compared for five realistic cyber‐physical power system models of increasing size and complexities ranging from 8 to 300 substations based on computation and accuracy impacts
Inter-Domain Fusion for Enhanced Intrusion Detection in Power Systems: An Evidence Theoretic and Meta-Heuristic Approach
False alerts due to misconfigured or compromised intrusion detection systems (IDS) in industrial control system (ICS) networks can lead to severe economic and operational damage. However, research using deep learning to reduce false alerts often requires the physical and cyber sensor data to be trustworthy. Implicit trust is a major problem for artificial intelligence or machine learning (AI/ML) in cyber-physical system (CPS) security, because when these solutions are most urgently needed is also when they are most at risk (e.g., during an attack). To address this, the Inter-Domain Evidence theoretic Approach for Inference (IDEA-I) is proposed that reframes the detection problem as how to make good decisions given uncertainty. Specifically, an evidence theoretic approach leveraging Dempster–Shafer (DS) combination rules and their variants is proposed for reducing false alerts. A multi-hypothesis mass function model is designed that leverages probability scores obtained from supervised-learning classifiers. Using this model, a location-cum-domain-based fusion framework is proposed to evaluate the detector’s performance using disjunctive, conjunctive, and cautious conjunctive rules. The approach is demonstrated in a cyber-physical power system testbed, and the classifiers are trained with datasets from Man-In-The-Middle attack emulation in a large-scale synthetic electric grid. For evaluating the performance, we consider plausibility, belief, pignistic, and general Bayesian theorem-based metrics as decision functions. To improve the performance, a multi-objective-based genetic algorithm is proposed for feature selection considering the decision metrics as the fitness function. Finally, we present a software application to evaluate the DS fusion approaches with different parameters and architectures