Optimal Attack against Cyber-Physical Control Systems with Reactive Attack Mitigation

This paper studies the performance and resilience of a cyber-physical control system (CPCS) with attack detection and reactive attack mitigation. It addresses the problem of deriving an optimal sequence of false data injection attacks that maximizes the state estimation error of the system. The results provide basic understanding about the limit of the attack impact. The design of the optimal attack is based on a Markov decision process (MDP) formulation, which is solved efficiently using the value iteration method. Using the proposed framework, we quantify the effect of false positives and mis-detections on the system performance, which can help the joint design of the attack detection and mitigation. To demonstrate the use of the proposed framework in a real-world CPCS, we consider the voltage control system of power grids, and run extensive simulations using PowerWorld, a high-fidelity power system simulator, to validate our analysis. The results show that by carefully designing the attack sequence using our proposed approach, the attacker can cause a large deviation of the bus voltages from the desired setpoint. Further, the results verify the optimality of the derived attack sequence and show that, to cause maximum impact, the attacker must carefully craft his attack to strike a balance between the attack magnitude and stealthiness, due to the simultaneous presence of attack detection and mitigation

Modeling and Detecting False Data Injection Attacks against Railway Traction Power Systems

Modern urban railways extensively use computerized sensing and control technologies to achieve safe, reliable, and well-timed operations. However, the use of these technologies may provide a convenient leverage to cyber-attackers who have bypassed the air gaps and aim at causing safety incidents and service disruptions. In this paper, we study false data injection (FDI) attacks against railways' traction power systems (TPSes). Specifically, we analyze two types of FDI attacks on the train-borne voltage, current, and position sensor measurements - which we call efficiency attack and safety attack -- that (i) maximize the system's total power consumption and (ii) mislead trains' local voltages to exceed given safety-critical thresholds, respectively. To counteract, we develop a global attack detection (GAD) system that serializes a bad data detector and a novel secondary attack detector designed based on unique TPS characteristics. With intact position data of trains, our detection system can effectively detect the FDI attacks on trains' voltage and current measurements even if the attacker has full and accurate knowledge of the TPS, attack detection, and real-time system state. In particular, the GAD system features an adaptive mechanism that ensures low false positive and negative rates in detecting the attacks under noisy system measurements. Extensive simulations driven by realistic running profiles of trains verify that a TPS setup is vulnerable to the FDI attacks, but these attacks can be detected effectively by the proposed GAD while ensuring a low false positive rate.Comment: IEEE/IFIP DSN-2016 and ACM Trans. on Cyber-Physical System

Cost-Benefit Analysis of Moving-Target Defense in Power Grids

We study moving-target defense (MTD) that actively perturbs transmission line reactances to thwart stealthy false data injection (FDI) attacks against state estimation in a power grid. Prior work on this topic has proposed MTD based on randomly selected reactance perturbations, but these perturbations cannot guarantee effective attack detection. To address the issue, we present formal design criteria to select MTD reactance perturbations that are truly effective. However, based on a key optimal power flow (OPF) formulation, we find that the effective MTD may incur a non-trivial operational cost that has not hitherto received attention. Accordingly, we characterize important tradeoffs between the MTD's detection capability and its associated required cost. Extensive simulations, using the MATPOWER simulator and benchmark IEEE bus systems, verify and illustrate the proposed design approach that for the first time addresses both key aspects of cost and effectiveness of the MTD.Comment: IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) - 201

Trade-offs in Data-Driven False Data Injection Attacks Against the Power Grid

We address the problem of constructing false data injection (FDI) attacks that can bypass the bad data detector (BDD) of a power grid. The attacker is assumed to have access to only power flow measurement data traces (collected over a limited period of time) and no other prior knowledge about the grid. Existing related algorithms are formulated under the assumption that the attacker has access to measurements collected over a long (asymptotically infinite) time period, which may not be realistic. We show that these approaches do not perform well when the attacker has a limited number of data samples only. We design an enhanced algorithm to construct FDI attack vectors in the face of limited measurements that can nevertheles bypass the BDD with high probability. Furthermore, we characterize an important trade-off between the attack\u27s BDD-bypass probability and its sparsity, which affects the spatial extent of the attack that must be achieved. Extensive simulations using data traces collected from the MATPOWER simulator and benchmark IEEE bus systems validate our findings

Analysis of Moving Target Defense Against False Data Injection Attacks on Power Grid

Recent studies have considered thwarting false data injection (FDI) attacks against state estimation in power grids by proactively perturbing branch susceptances. This approach is known as moving target defense (MTD). However, despite of the deployment of MTD, it is still possible for the attacker to launch stealthy FDI attacks generated with former branch susceptances. In this paper, we prove that, an MTD has the capability to thwart all FDI attacks constructed with former branch susceptances only if (i) the number of branches $l$ in the power system is not less than twice that of the system states $n$ (i.e., $l \geq 2n$, where $n + 1$ is the number of buses); (ii) the susceptances of more than $n$ branches, which cover all buses, are perturbed. Moreover, we prove that the state variable of a bus that is only connected by a single branch (no matter it is perturbed or not) can always be modified by the attacker. Nevertheless, in order to reduce the attack opportunities of potential attackers, we first exploit the impact of the susceptance perturbation magnitude on the dimension of the \emph{stealthy attack space}, in which the attack vector is constructed with former branch susceptances. Then, we propose that, by perturbing an appropriate set of branches, we can minimize the dimension of the \emph{stealthy attack space} and maximize the number of covered buses. Besides, we consider the increasing operation cost caused by the activation of MTD. Finally, we conduct extensive simulations to illustrate our findings with IEEE standard test power systems

Hamiltonian 2-forms in Kahler geometry, III Extremal metrics and stability

This paper concerns the explicit construction of extremal Kaehler metrics on total spaces of projective bundles, which have been studied in many places. We present a unified approach, motivated by the theory of hamiltonian 2-forms (as introduced and studied in previous papers in the series) but this paper is largely independent of that theory. We obtain a characterization, on a large family of projective bundles, of those `admissible' Kaehler classes (i.e., the ones compatible with the bundle structure in a way we make precise) which contain an extremal Kaehler metric. In many cases, such as on geometrically ruled surfaces, every Kaehler class is admissible. In particular, our results complete the classification of extremal Kaehler metrics on geometrically ruled surfaces, answering several long-standing questions. We also find that our characterization agrees with a notion of K-stability for admissible Kaehler classes. Our examples and nonexistence results therefore provide a fertile testing ground for the rapidly developing theory of stability for projective varieties, and we discuss some of the ramifications. In particular we obtain examples of projective varieties which are destabilized by a non-algebraic degeneration.Comment: 40 pages, sequel to math.DG/0401320 and math.DG/0202280, but largely self-contained; partially replaces and extends math.DG/050151

Short-term tissue decomposition alters stable isotope values and C:N ratio, but does not change relationships between lipid content, C:N ratio, and Δδ13C in marine animals

Measures (e.g. δ15N, δ13C, %C, %N and C:N) derived from animal tissues are commonlyused to estimate diets and trophic interactions. Since tissue samples are often exposed toair or kept chilled in ice over a short-term during sample preparation, they may degrade.Herein, we hypothesize that tissue decomposition will cause changes in these measures. Inthis study, we kept marine fish, crustacean and mollusc tissues in air or ice over 120 h (5days). We found that tissue decomposition in air enriched δ15N (range 0.6½ to 1.3½) andδ13C (0.2½ to 0.4½), decreased %N (0.47 to 3.43 percentage points from staring values of~13%) and %C (4.53 to 8.29 percentage points from starting values of ~43%), and subsequentlyincreased C:N ratio (0.14 to 0.75). In air, while such changes to δ13C were relativelyminor and therefore likely tolerable, changes in δ15N, %N, %C and C:N ratio should be interpretedwith caution. Ice effectively reduced the extent to which decomposition enrichedδ15N ( 0.4½) and δ13C ( 0.2½), and eliminated decomposition in C:N ratio, %N and %C.In our second experiment, for fish tissues in either air or ice over 120 h, we observed noeffects of decomposition on relationships between lipid content, C:N ratio, and Δδ13C(change in δ13C after lipid removal), which are employed to correct δ13C for samples containinglipid. We also confirmed that lipid in tissues caused large errors when estimatingδ13C (mean ± standard error = -1.8½ ± 0.1½, range -0.6½ to -3.8½), and showed both lipidextraction and mathematical correction performed equally well to correct for lipids when estimatingδ13C. We, therefore, recommend that specimens of marine animals should be keptin ice during sample preparation for a short-term, as it is an effective means for minimizingchanges of the stable isotope measures in their tissue