Sheng Xu,Yongxiang Xia,Hui-Liang Shen

DOI: https://doi.org/10.1109/tcsii.2020.2999875

2020-01-01

Abstract:In this brief, we analyze the damage caused by malware-induced cyber attacks in Cyber-Physical Power Systems (CPPSs). Incubation period and detection probability of the malware are considered in our analytical framework. From attacker's perspective, the trade-off between attack effectiveness and detection risk is studied to help choose the best attack timing and obtain the maximum payoff. Moreover, we conduct case studies in CPPSs formed by coupling IEEE 118-Bus System with scale-free communication networks. Simulation results reveal that the maximum expected payoff for the attacker is affected by the coupling pattern and the structure of communication network in CPPSs.

Yinan Wang,Gangfeng Yan,Ronghao Zheng

DOI: https://doi.org/10.3390/app8050768

2018-01-01

Applied Sciences

Abstract:The integration of modern computing and advanced communication with power grids has led to the emergence of electrical cyber-physical systems (ECPSs). However, the massive application of communication technologies makes the power grids become more vulnerable to cyber attacks. In this paper, we study the vulnerability of ECPSs and develop defence strategies against cyber attacks. Detection and protection algorithms are proposed to deal with the emergency of cascading failures. Moreover, we propose a weight adjustment strategy to solve the unbalanced power flows problem which is caused by splitting incidents. A MATLAB-based platform with advantages of easy programming, fast calculation, and no damage to systems is built for the offline simulation and analysis of the vulnerability of ECPSs. We also propose a five-aspect method of vulnerability assessment which includes the robustness, economic costs, degree of damage, vulnerable equipment, and trip point. The study is of significance to decision makers as they can get specific advice and defence strategies about a special power system.

Sheng Xu,Yongxiang Xia,Hui-Liang Shen

DOI: https://doi.org/10.1109/jsyst.2022.3150576

IF: 4.802

2022-01-01

IEEE Systems Journal

Abstract:In this article, we study how to resist malware attacks in cyber-physical power systems (CPPSs) through cyber protection. A model that incorporates the power flow analysis, the cyber monitoring and control, and the factor of cyber protection is proposed to simulate malware attacks in CPPSs. Meanwhile, an evaluation method is also developed to estimate the effectiveness of different cyber protection strategies. Through simulations, we conduct case studies in a test CPPS generated by coupling the IEEE 118 Bus System with a scale-free communication network. The protection effects of three heuristic cyber protection strategies, namely, target protection, random protection, and acquaintance protection are compared and analyzed. Simulation results reveal that compared with the other two strategies, target protection can suppress malware propagation and resist malware attacks more effectively. Moreover, we also investigate the optimal cyber protection problem in CPPSs and formulate it as a zero-one integer programming problem. We solve the problem by genetic algorithm and find that some low-degree cyber nodes also play a significant role in resisting malware attacks in CPPSs, especially when the protection budget is tight.

Haicheng Tu,Hui-Liang Shen,Yongxiang Xia

DOI: https://doi.org/10.1109/iscas45731.2020.9180816

2020-01-01

Abstract:Under the variety of information and communication technologies, the control center can securely and reliably operate power grid during the system disturbances and natural events. Specifically, when the initial failures are detected by cyber monitoring, the system will timely take emergency protecting operations to restrain the spreading of failures. Although cyber network makes the system more robust, they also increase the risk from the cyber network. In this paper, we firstly consider a control strategy into the cascading failures model. Then, we study how the cyber attack - False negatives attack confuses the control center, and makes the control center can not take emergency operation timely, causing the failure continue spreading. We propose an optimization problem to model the above assumptions and, by solving the optimization problem, study the impact of different attack scenarios on power system.

Xiang Ji,Huiqun Yu,Guisheng Fan,Wenhao Fu

DOI: https://doi.org/10.1109/SNPD.2016.7515980

2016-01-01

Abstract:Cyber-physical system (CPS) is the fuse of cyber world and the dynamic physical world and it is being widely used in areas closely related to people's livelihood. Therefore, the security issues of CPS have drawn a global attention and an appropriate risk assessment for CPS is in urgent need. The existing proposals using attack trees for risk assessment mainly focus on depicting the possible intrusions, not for interactions between threats and defenses. In this paper, a risk assessment idea for cyber-physical system with the use of attack-defense tree (ADTree) is proposed, considering the effect of both the attack cost and defense cost. The effectiveness of the proposed approach is evaluated by a set of metrics like probability of success, attack and defense cost and the impact of an attack. In addition, we introduce two economic factors (ROA and ROI) to evaluate the performance of ADTree. Finally, an illustration case of threat risk analysis in SCADA system is given to demonstrate our approach. Overall, our approach provides an effective means of risk assessment and countermeasures evaluation in the evolutional process of security management for cyber-physical system security.

Zhenyong Zhang,Ke Zuo,Ruilong Deng,Fei Teng,Mingyang Sun

DOI: https://doi.org/10.1109/jiot.2023.3264492

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Machine learning-based intelligent systems enhanced with Internet of Things (IoT) technologies have been widely developed and exploited to enable the real-time stability assessment of a large-scale electricity grid. However, it has been extensively recognized that the IoT-enabled communication network of power systems is vulnerable to cyberattacks. In particular, system operating states, critical attributes that act as input to the data-driven stability assessment, can be manipulated by malicious actors to mislead the system operator into making disastrous decisions and thus cause major blackouts and cascading events. In this article, we explore the vulnerability of the data-driven power system stability assessment, with a special emphasis on decision tree-based stability assessment (DTSA) approaches, and investigate the feasibility of constructing a physics-constrained adversarial attack (PCAA) to undermine the DTSA. The PCAA is formulated as a nonlinear programming problem considering the misclassification constraint, power limits, and bad data detection, computing potential adversarial perturbations that reverse the “stable/unstable” prediction of the real-time input while remaining invisible/stealthy. Extensive experiments based on the IEEE 68-bus system are conducted to evaluate the impact of PCAAs on predictions of DTSA and their transferability.

Leen Al Homoud,Katherine Davis,Shamina Hossain-McKenzie,Nicholas Jacobs

2024-09-05

Abstract:Modern-day power systems have become increasingly cyber-physical due to the ongoing developments to the grid that include the rise of distributed energy generation and the increase of the deployment of many cyber devices for monitoring and control, such as the Supervisory Control and Data Acquisition (SCADA) system. Such capabilities have made the power system more vulnerable to cyber-attacks that can harm the physical components of the system. As such, it is of utmost importance to study both the physical and cyber components together, focusing on characterizing and quantifying the interdependency between these components. This paper focuses on developing an algorithm, named CyberDep, for Bayesian network generation through conditional probability calculations of cyber traffic flows between system nodes. Additionally, CyberDep is implemented on the temporal data of the cyber-physical emulation of the WSCC 9-bus power system. The results of this work provide a visual representation of the probabilistic relationships within the cyber and physical components of the system, aiding in cyber-physical interdependency quantification.

Systems and Control

Buxiang Zhou,Binjie Sun,Tianlei Zang,Yating Cai,Jiale Wu,Huan Luo

DOI: https://doi.org/10.3390/e25010047

IF: 2.738

2022-12-28

Entropy

Abstract:With the increasing digitalization and informatization of distribution network systems, distribution networks have gradually developed into distribution network cyber physical systems (CPS) which are deeply integrated with traditional power systems and cyber systems. However, at the same time, the network risk problems that the cyber systems face have also increased. Considering the possible cyber attack vulnerabilities in the distribution network CPS, a dynamic Bayesian network approach is proposed in this paper to quantitatively assess the security risk of the distribution network CPS. First, the Bayesian network model is constructed based on the structure of the distribution network and common vulnerability scoring system (CVSS). Second, a combination of the fuzzy analytic hierarchy process (FAHP) and entropy weight method is used to correct the selectivity of the attacker to strike the target when cyber attack vulnerabilities occur, and then after considering the defense resources of the system, the risk probability of the target nodes is obtained. Finally, the node loads and node risk rates are used to quantitatively assess the risk values that are applied to determine the risk level of the distribution network CPS, so that defense strategies can be given in advance to counter the adverse effects of cyber attack vulnerabilities.

physics, multidisciplinary

Yu-Chu Tian,Chunjie Zhou,Xiaoya Hu,Bowen Hu,Xin Du

DOI: https://doi.org/10.1109/TII.2022.3168774

IF: 12.3

2023-03-01

IEEE Transactions on Industrial Informatics

Abstract:Advanced cyber-physical power systems (CPPS) has been put forward by the strong integration of energy networks and communication networks. While CPPS brings a promising solution with high efficiency, strong flexibility, great scalability, and improved reliability, it inevitably poses some security challenges. In order to address these challenges, it is essential to accurately describe the attack behavior and system security situation. In this article, a dynamic risk propagation evaluation approach is proposed for accurately predicting attacks and quantitatively analyzing system risk. It is equipped with a partitioned cellular automata model to deal with spatial heterogeneity in the partitioned system. The intentions of targeted attack are also considered for predicting attacks. Then, the cyber-to-physical risk is quantitatively identified from multiple dimensions. Finally, the verification of attack intention is designed to dynamically update and adjust the predicted result. The presented approach is demonstrated through a case study on a CPPS.

Computer Science,Engineering

Kang-Di Lu,Zheng-Guang Wu

DOI: https://doi.org/10.1109/icarm54641.2022.9959185

2022-01-01

Abstract:The cyber-physical power system (CPPS) is evolved from the traditional power system by the deployment of information networks with control systems, computational units, and communication networks. However, their integration into CPPS introduces new challenges in maintaining security. Various malicious cyber-attacks are drawn much attention recently after the discovery of the impact on CPPS state estimation. Thus, it is of great significance for operators to detect cyber-attacks and identify the types of attacks in CPPS to make decisions appropriately. This problem can be viewed as a multi-class classification problem from the perspective of machine learning. Accordingly, this paper proposes an ensemble learning-based cyber-attacks detection model for CPPS state estimation. In the proposed model, we use the subspace features and then send the data to the classifier for ensemble, where decision trees and random vector functional link networks are introduced as the basic classifier. The proposed model is validated by employing simulated data on IEEE 14-bus and 30-bus systems. Simulation results demonstrate the performance of the proposed cyber-attacks detection model.

Kaixing Huang,Chunjie Zhou,Yu-Chu Tian,Shuanghua Yang,Yuanqing Qin

DOI: https://doi.org/10.1109/tie.2018.2798605

IF: 7.7

2018-10-01

IEEE Transactions on Industrial Electronics

Abstract:Industrial cyber-physical systems (ICPSs) are widely applied in critical infrastructures such as chemical plants, water distribution networks, and power grids. However, they face various cyberattacks, which may cause physical damage to these industrial facilities. Therefore, ensuring the security of ICPSs is of paramount importance. For this purpose, a new risk assessment method is presented in this paper to quantify the impact of cyberattacks on the physical system of ICPSs. This method helps carry out appropriate attack mitigation measures. The method uses a Bayesian network to model the attack propagation process and infers the probabilities of sensors and actuators to be compromised. These probabilities are fed into a stochastic hybrid system (SHS) model to predict the evolution of the physical process being controlled. Then, the security risk is quantified by evaluating the system availability with the SHS model. The effectiveness of the proposed method is demonstrated with a case study on a hardware-in-the-loop simulation test bed.

automation & control systems,engineering, electrical & electronic,instruments & instrumentation

Yuhang Zhang,Ming Ni

DOI: https://doi.org/10.3390/app132011569

2023-10-23

Applied Sciences

Abstract:With the increasing deployment of advanced sensing and measurement devices, the modern distribution system is evolved into a cyber-physical power distribution system (CPPDS). Due to the extensive application of information and communication technology, CPPDS is prevalently exposed to a wide range of cybersecurity threats. In this paper, a novel security-oriented cyber-physical risk assessment method for CPPDS is proposed. Based on the information model composed of logical nodes, an attack graph of privilege promotion by exploiting the cyber vulnerabilities is constructed. The physical consequence caused by cyberattack is analyzed in detail. By using the Markov decision process (MDP) theory, the cyber-physical risk index (CPRI) is calculated. Furthermore, considering the allocation of the finite defense resource, the modified MDP approach with an attack–defense game is presented. The effectiveness of the proposed method is demonstrated with case studies on a four-feeder IEEE-RTBS test system.

materials science, multidisciplinary,engineering,chemistry,physics, applied

Song Deng,Jiantang Zhang,Di Wu,Yi He,Xiangpeng Xie,Xindong Wu

DOI: https://doi.org/10.1109/tii.2022.3169456

IF: 12.3

2022-01-01

IEEE Transactions on Industrial Informatics

Abstract:An accurate and comprehensive risk assessment in a distribution cyber-physical system (DCPS) is essential to ensure its smooth operation, effective control, and exposure of hidden dangers and security implications. Unfortunately, prior risk assessment methods are mostly limited in two aspects. First, the current studies do not respect the complex network topology and intertwined devicewise dependencies, thereby failing to delineate and model the risk propagation mechanism in DCPS accurately. Second, the prior work tends to focus on gauging the risks underlying physical systems independently, overlooking the quantification of risk impact on physical systems incurred by the cyberattack. To fill the gap, in this article, we propose a unified risk assessment model that gauges the comprehensive security implication of DCPS in a Bayesian regime, in which the three key components, namely, the prior probability, posterior probability, and minimum load-loss ratio, are calculated via the cumulative densities, epidemic model, and optimal load shedding, respectively. We benchmark our proposed model on a public testbed, IEEE 39-bus system, with extensive experiments. The results substantiate the viability and effectiveness of our model and suggest that the vulnerability of DCPS is positively correlated with the three components in our Bayesian modeling. We hope this finding can shed some light on future research by providing a plausible apparatus for measuring the security implications of physical systems in DCPS under cyberattacks.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Huifeng Li,Jiangfeng Zhang,Xiangxing Kong,Zhigang Lu,Xiaoqiang Guo

DOI: https://doi.org/10.1109/TR.2023.3294264

IF: 5.883

2024-03-01

IEEE Transactions on Reliability

Abstract:With the further development of the smart grid, the modern power system has evolved into a cyber-physical power system (CPPS). In order to accurately quantify the resilience of a CPPS under cyber attacks, in this article, a resilience evaluation method for the CPPS considering the whole process of cyber attacks is proposed. First, the calculation model of successful attack probability is proposed based on the Markov node transition probability matrix and depth-first search algorithm. Second, based on the idea of nonsequential Monte-Carlo simulation, a mixed sampling method is proposed to determine the fault occurrence time and repair time of each circuit breaker in the fault set. In order to describe the change process of load after a successful attack, the response model of the power system is proposed using the optimal load reduction model based on the dc power flow. Four resilience evaluation indices for attack risk resistance, system adaptability, repair rate, and comprehensive weighted index are proposed to evaluate the resilience of CPPS considering cyber attacks. Finally, a case study is carried out based on the IEEE RTS 79 system to verify the effectiveness of the proposed resilience evaluation method.

Environmental Science,Engineering,Computer Science

Keren Chen,Fushuan Wen,Chung-Li Tseng,Minghui Chen,Zeng Yang,Hongwei Zhao,Huiyu Shang

DOI: https://doi.org/10.3390/en12153002

IF: 3.2

2019-01-01

Energies

Abstract:In a Cyber-Physical Power System (CPPS), the interaction between the power cyber system and the power physical system becomes more extensive and more in-depth. The failure of a cyber component could have an impact on the security and reliability of the power physical system. Existing publications have focused on the impacts of the power cyber network on the power physical network, while a general CPPS model considering the mutual impacts of these two networks is less studied. Given this background, a game-theoretic approach for a cyber-physical power system vulnerability analysis is proposed. First, a CPPS interactive model framework is structured, consisting of five types of elements: P-nodes, PP-links, C-nodes, CC-links and CP-links. The interactions among these elements are considered. On this basis, the system cascading failure under potential attacks is analyzed, followed with an optimal load curtailment operation when in an emergency. To further illustrate the system vulnerability, a bi-level optimization model under a game-theoretic framework is presented to describe the interactions between a CPPS attacker and a system defender. Optimal resource allocation by the system defender for maintaining system reliability can be obtained by solving the problem. The feasibility and effectiveness of the proposed method are demonstrated by a revised version of the IEEE 14-bus power system.

Song Deng,Jiantang Zhang,Di Wu,Yi He,Xiangpeng Xie,Xindong Wu

DOI: https://doi.org/10.1109/TII.2022.3169456

IF: 12.3

2023-01-01

IEEE Transactions on Industrial Informatics

Abstract:An accurate and comprehensive risk assessment in a distribution cyber-physical system (DCPS) is essential to ensure its smooth operation, effective control, and exposure of hidden dangers and security implications. Unfortunately, prior risk assessment methods are mostly limited in two aspects. First, the current studies do not respect the complex network topology and intertwined devicewise dependencies, thereby failing to delineate and model the risk propagation mechanism in DCPS accurately. Second, the prior work tends to focus on gauging the risks underlying physical systems independently, overlooking the quantification of risk impact on physical systems incurred by the cyberattack. To fill the gap, in this article, we propose a unified risk assessment model that gauges the comprehensive security implication of DCPS in a Bayesian regime, in which the three key components, namely, the prior probability, posterior probability, and minimum load-loss ratio, are calculated via the cumulative densities, epidemic model, and optimal load shedding, respectively. We benchmark our proposed model on a public testbed, IEEE 39-bus system, with extensive experiments. The results substantiate the viability and effectiveness of our model and suggest that the vulnerability of DCPS is positively correlated with the three components in our Bayesian modeling. We hope this finding can shed some light on future research by providing a plausible apparatus for measuring the security implications of physical systems in DCPS under cyberattacks.

Salim Chehida,Eric Rutten,Guillaume Giraud,Stéphane Mocanu

DOI: https://doi.org/10.1016/j.sysarc.2024.103118

IF: 5.836

2024-03-24

Journal of Systems Architecture

Abstract:Security risk assessment is an important challenge in the design of Cyber Physical Systems (CPS). Even more importantly, the intrinsically dynamical nature of these systems, due to changes in their environment, as well as evolutions in their infrastructures, makes them self-adaptive systems, where security aspects have to be considered in terms of management of detections and reactions for self-protection. In this work, we propose an approach to autonomously mitigate the threats in each reconfiguration at application or infrastructure levels of CPS. We propose and implement a framework for self-adaptive security: software architecture, design method, and integration with model-based decision. We use Attack-Defense Trees for modeling threats, and our approach involves security risk assessment, taking into account its balancing and coordination with quality-of-service aspects. We formulate and formalize the on-line decision problem to be solved at each cycle of the self-adaptation control loop in terms of Constraint Programming (CP) modeling and resolution. The CP model implements a set of constraints that allow to specify secure configurations, evaluated regarding their impact on system performance to pinpoint the most relevant one portraying a good balance between the security and quality of service. We perform validation of our approach with its application to Smart Grids, more particularly to an industrial case study from RTE (the French Energy Transmission company).

computer science, software engineering, hardware & architecture

Fabio Pasqualetti,Florian Dörfler,Francesco Bullo

DOI: https://doi.org/10.48550/arXiv.1103.2795

2011-03-15

Abstract:Future power networks will be characterized by safe and reliable functionality against physical malfunctions and cyber attacks. This paper proposes a unified framework and advanced monitoring procedures to detect and identify network components malfunction or measurements corruption caused by an omniscient adversary. We model a power system under cyber-physical attack as a linear time-invariant descriptor system with unknown inputs. Our attack model generalizes the prototypical stealth, (dynamic) false-data injection and replay attacks. We characterize the fundamental limitations of both static and dynamic procedures for attack detection and identification. Additionally, we design provably-correct (dynamic) detection and identification procedures based on tools from geometric control theory. Finally, we illustrate the effectiveness of our method through a comparison with existing (static) detection algorithms, and through a numerical study.

Optimization and Control,Systems and Control

Xindong Liu,Mohammad Shahidehpour,Zuyi Li,Xuan Liu,Yijia Cao,Zhiyi Li

DOI: https://doi.org/10.1109/tsg.2016.2545683

IF: 10.275

2017-01-01

IEEE Transactions on Smart Grid

Abstract:This paper presents a risk assessment method for evaluating the cyber security of power systems considering the role of protection systems. This paper considers the impact of bus and transmission line protection systems located in substations on the cyber-physical performance of power systems. The proposed method simulates the physical response of power systems to malicious attacks on protection system settings and parameters. The relationship among settings of protection devices, protection logics, and circuit breaker logics is analyzed. The expected load curtailment (ELC) index is used in this paper to quantify potential system losses due to cyber attacks. The Monte Carlo simulation is applied to calculate ELC for assessing attackers’ capabilities as bus arrangements are altered. The effectiveness of the proposed risk assessment method is demonstrated using a 9-bus system and the IEEE 68-bus system.

Sungmoon Kwon,Hyunguk Yoo,Taeshik Shon

DOI: https://doi.org/10.1109/access.2020.2989770

IF: 3.9

2020-01-01

IEEE Access

Abstract:The introduction of the cyber-physical system (CPS) into power systems has created a variety of communication requirements and functions that existing legacy systems do not support. To this end, the IEEE 1815.1 standard defines the mapping between existing distributed network protocol networks and IEC 61850 networks that reflect new requirements. However, advanced CPS cyberattacks have been reported, and in order to address cyberattacks, security research on new power systems that use network devices and heterogeneous communication is necessary. In this study, we propose an intrusion detection system for an IEEE 1815.1-based power system using CPS. We 1) analyze an IEEE 1815.1-based power system network and propose a suitable application method for an intrusion detection system, 2) suggest a bidirectional recurrent neural network-based anomaly detection system for an IEEE 1815.1-based network, and 3) demonstrate the verification of the proposed technique using various power system-specific attack data, including real power system using CPS network traffic, CPS malware behavior (CMB), false data injection (FDI), and disabling reassembly (DR) attacks. Proposed technique successfully detected five types of CMB attacks, three types of FDI and DR attacks.

computer science, information systems,telecommunications,engineering, electrical & electronic