Huaiyu Liu,Yuze Fu,Kaikai Pan,Wenyuan Xu,Chenggang Li,Chen Liu

DOI: https://doi.org/10.1109/isgtasia54891.2023.10372698

2023-01-01

Abstract:With the growing focus on reducing carbon emissions, there has been a significant increase in the deployment of distributed photovoltaic generation systems. However, their distributed nature makes them vulnerable to adversarial threats. Moreover, these systems can serve as potential entry points or attack surfaces for targeting the power grid. Existing methods are either designed for specific attacks or intrusive to power terminals (e.g., intelligent terminal, communication device). To tackle this issue, this paper introduces a method for detecting and classifying attacks on distributed PV systems leveraging cyber and power side channel data. The proposed method is capable of detecting various attacks rather than specific ones and is non-intrusive for collecting information from power terminals.

Tao Zhao,Xiaoyu Ji,Wenyuan Xu,Aidong Xu,Yixin Jiang,Yang Cao

DOI: https://doi.org/10.1109/ei247390.2019.9061849

2019-01-01

Abstract:With the increase of power terminal devices and IoT devices which are accessed to the power grid, their security issues are becoming more and more important. While the microgrid controllers are served as the central core of the entire microgrid, the attacks on microgrid controllers and other power end devices have been launched in recent years. It's obvious that the current safety protection measures for power end devices are insufficient. However, microgrid controllers cannot be protected by traditional intrusion detection systems or anti-virus software. Motivated by these concerns, this paper proposes a non-intrusive malicious code security monitoring scheme based on a power side channel. The core idea is to measure the power consumption data of the microgrid controller, to extract the power consumption feature, and to identify the abnormality sample through CWRNN neural network to determine whether the microgrid controller is attacked or not. The advantage of this method is that it can effectively detect unknown attacks without modifying the original software system. What's more, the method is evaluated in the experimental test, and the detection accuracy can reach to 92%.

Zhiyun Wang,Kaikai Pan,Wenyuan Xu

DOI: https://doi.org/10.1109/tii.2024.3463704

IF: 12.3

2024-01-01

IEEE Transactions on Industrial Informatics

Abstract:With the high proportion integration of photovoltaic power, the grid-tie inverter as a power electronic device has become one of the mainstream solutions. Considering that the sensors of the grid-tie inverter are vulnerable to exploitation by cyber and physical attacks, this article conducts a synthetic analysis of sensor attacks from the perspective of locations, strategies, and consequences. We find that sensor attacks in the low-frequency domain can cause a range of damages, including damping the output power, reducing power quality, and even burning out the inverter. To detect sensor attacks in changing environments, we propose a robust detector in the finite frequency domain, while the unknowns of varying system dynamics are decoupled. The detector design is formulated as a tractable optimization problem that can be solved numerically. To support real-time detection, an analytical solution form based on a quadratic programming reformulation with relaxed constraints is constructed. To the best of our knowledge, this is the first attempt to conduct the synthetic analysis of sensor attacks on the grid-tie inverter and address its robust detector design in the finite frequency domain under the parameter-varying model. Numerical simulations show that sensor attacks could bring severe damage but our detector can detect them effectively.

Mehmet Yildirim,Nasir Kenarangui,Robert Balog,Laszlo B. Kish,Chanan Singh

2024-06-27

Abstract:Previous research employing a conceptual approach with a digital twin has demonstrated that (noise-based) dynamic watermarking is incapable of providing unconditional security in smart electrical grid systems. However, the implementation of digital twins can be prohibitively costly or infeasible due to limited available data on critical infrastructure. In this study, we first analyze the spectral properties of dynamic watermarking and its associated protocol. Subsequently, we present a straightforward attack inspired by the digital twin method, which extracts and utilizes the grid noises and completely breaches the security of dynamic watermarking without requiring knowledge of the private watermarking signal. The attacker can fully expose the grid while evading detection by the controller. Our findings indicate that in the absence of secure and authenticated communications, dynamic watermarking offers neither conditional nor unconditional security. Conversely, when communication lines, sensors, and communicators are equipped with tamper-resistant and secure/authenticated links, dynamic watermarking becomes redundant for grid security.

Cryptography and Security

Siddhartha Deb Roy,Ankush Sharma,Saikat Chakrabarti,Sanjoy Debbarma

DOI: https://doi.org/10.1109/tsg.2024.3370892

IF: 10.275

2024-01-01

IEEE Transactions on Smart Grid

Abstract:Modern power systems rely on Wide Area Network (WAN) for real-time data transmission and control. However, integrating WAN introduces vulnerabilities that adversaries can exploit, leading to inaccurate information, compromised decisions, and potential grid instability. The Automatic Generation Control (AGC) system, responsible for maintaining power balance, is an attractive target for attackers due to its reliance on WANs for critical signal transmission. Traditional security mechanisms like encryption, multi-factor authentication, antivirus, etc., may not be suitable for power systems due to system priorities, processing limitations, and compatibility issues. To address this, we propose a novel digital text watermarking-based approach that ensures data integrity and detects replay attacks. The watermarking technique dynamically embeds a unique timestamped watermark into sensor data, enabling detection of unauthorised modifications. The algorithm confirms data integrity by comparing the extracted and expected watermark utilizing Damerau-Levenshtein index. Timestamp analysis is employed to assist in identifying replay attacks. Notably, our technique is independent of system scale, making it practical for real-world implementation. Furthermore, the framework can be extended to secure other power system applications, enhancing overall cyber resilience. Experimental results demonstrate the efficacy of our algorithm in AGC systems while ensuring almost zero performance loss to system operations.

engineering, electrical & electronic

Bharadwaj Satchidanandan,P. R. Kumar

DOI: https://doi.org/10.48550/arXiv.1606.08741

2016-06-27

Abstract:The coming decades may see the large scale deployment of networked cyber-physical systems to address global needs in areas such as energy, water, healthcare, and transportation. However, as recent events have shown, such systems are vulnerable to cyber attacks. Being safety critical, their disruption or misbehavior can cause economic losses or injuries and loss of life. It is therefore important to secure such networked cyber-physical systems against attacks. In the absence of credible security guarantees, there will be resistance to the proliferation of cyber-physical systems, which are much needed to meet global needs in critical infrastructures and services. This paper addresses the problem of secure control of networked cyber-physical systems. This problem is different from the problem of securing the communication network, since cyber-physical systems at their very essence need sensors and actuators that interface with the physical plant, and malicious agents may tamper with sensors or actuators, as recent attacks have shown. We consider physical plants that are being controlled by multiple actuators and sensors communicating over a network, where some sensors could be "malicious," meaning that they may not report the measurements that they observe. We address a general technique by which the actuators can detect the actions of malicious sensors in the system, and disable closed-loop control based on their information. This technique, called "watermarking," employs the technique of actuators injecting private excitation into the system which will reveal malicious tampering with signals. We show how such an active defense can be used to secure networked systems of sensors and actuators.

Systems and Control,Dynamical Systems

Mohammad Ghiasi,Moslem Dehghani,Taher Niknam,Abdollah Kavousi-Fard,Pierluigi Siano,Hassan Haes Alhelou

DOI: https://doi.org/10.1109/access.2021.3059042

IF: 3.9

2021-01-01

IEEE Access

Abstract:Due to the simultaneous development of DC-microgrids (DC-MGs) and the use of intelligent control, monitoring and operation methods, as well as their structure, these networks can be threatened by various cyber-attacks. Overall, a typical smart DC-MG includes battery, supercapacitors and power electronic devices, fuel cell, solar Photovoltaic (PV) systems, and loads such as smart homes, plug-in hybrid electrical vehicle (PHEV), smart sensors and network communication like fiber cable or wireless to send and receive data. Given these issues, cyber-attack detection and securing data exchanged in smart DC-MGs like CPS has been considered by experts as a significant subject in recent years. In this study, in order to detect false data injection attacks (FDIAs) in a MG system, Hilbert-Huang transform methodology along with blockchain-based ledger technology is used for enhancing the security in the smart DC-MGs with analyzing the voltage and current signals in smart sensors and controllers by extracting the signal details. Results of simulation on the different cases are considered with the objective of verifying the efficacy of the proposed model. The results offer that the suggested model can provide a more precise and robust detection mechanism against FDIA and improve the security of data exchanging in a smart DC-MG.

computer science, information systems,telecommunications,engineering, electrical & electronic

Lei Ma,Zhong Chu,Chunyu Yang,Guoqing Wang,Wei Dai

DOI: https://doi.org/10.1109/tifs.2023.3251857

IF: 7.231

2023-03-11

IEEE Transactions on Information Forensics and Security

Abstract:The subject of attack detection for industrial cyber-physical systems (IPCSs) is covered in this paper, which addresses threats from transient covert attacks (TCAs), also referred to as the second version of replay attacks with a specific frequency and short duration. A comprehensive model of the TCAs is built using the active instant and period of the attacks, as well as the dynamics of a virtual system to replicate IPCS function and produce attack signals. Though watermarking-based detection algorithms have been shown to be effective in detecting TCAs, the induced system performance loss is too significant, and as such, our primary goal is to minimize system performance degradation while maintaining the detection rate. Because the active periods of TCAs are substantially shorter than their sleep ones, or even because they are practically always silent, it makes sense that reducing superfluous watermarking will facilitate system performance. So, using an "event-triggered" strategy, a unique recursive watermarking-based detection algorithm is proposed. Here, the trigger modes of watermarking are divided into three types: forced, high probability, and low probability. The design principles are proven via algorithms and criteria, and a theoretical analysis of the detection rate and the system performance loss is also supplied. The advantages of the suggested algorithms are finally demonstrated by numerical simulations of a quadruple-water-tank system and experiments with a permanent magnet synchronous motor on the dSpace platform.

computer science, theory & methods,engineering, electrical & electronic

Shuyu Jia,Qinglai Guo

DOI: https://doi.org/10.1109/jiot.2023.3332366

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:The real-time control of modern power systems faces cyber risks owing to the deep coupling of cyber systems and physical systems. Attack detection plays an important role in cybersecurity issues. In load frequency control systems, for example, detecting whether malicious data are injected guarantees the stability of the frequency. As an effective active attack detection algorithm, the dynamic watermarking algorithm faces challenge of parameter uncertainty in real-world applications. Here, we quantitatively analyze the influence of uncertain parameters for the dynamic-watermarking-based detection algorithm. By introducing the parameter identification algorithm, we propose an active attack detection framework for LFC systems with uncertain parameters, which is constructed for an online application. The proposed framework is validated in a real-world three-region power system simulation. The results show that the introduction of the parameter identification steps ensures the validity of the detection algorithm and can effectively avoid the malfunction of the detection mechanism caused by uncertain parameters.

Sha Peng,Mengxiang Liu,Li Chai,Ruilong Deng

DOI: https://doi.org/10.1109/tsg.2024.3445113

IF: 10.275

2024-01-01

IEEE Transactions on Smart Grid

Abstract:The increasing deployment of solar photovoltaic (PV) systems in the electric grid, aimed at addressing the energy crisis and surging power demands, has expanded the potential vulnerability to cyberattacks due to the inter-networking of the grid-connected power electronics converters. In this paper, we propose a dynamic spatiotemporal graph neural network (DST-GNN) for cyberattack detection in grid-tied PV systems. Specifically, to exploit the inherent graph topology of the grid-tied PV system, we start by employing a GNN with a dynamic weighted adjacency matrix to capture the latent spatial correlations within signal data. Then, a one-dimensional convolution neural network (1D-CNN) is utilized to extract the underlying temporal patterns. Notably, we leverage the system dynamics to determine the dynamic graph weights and the number of graph convolution layers, while the hyper-parameters of 1D-CNN are designed based on the periodicity of input signals. Finally, the integration of the priori physical system knowledge further enhances the interpretability and improves the detection performance of DST-GNN. To the best of our knowledge, this is the first work that embeds the grid-tied PV system into a graph structure for cyberattack detection. The effectiveness of DST-GNN is evaluated through comprehensive case studies on a hardware-in-the-loop (HIL) grid-tied PV testbed, and numerical results demonstrate its superiority over baseline methods.

Mengxiang Liu,Xin Zhang,Hengye Zhu,Zhenyong Zhang,Ruilong Deng

DOI: https://doi.org/10.1109/tifs.2024.3447235

IF: 7.231

2024-09-04

IEEE Transactions on Information Forensics and Security

Abstract:The physics-aware watermarking-based detection method has shown great potential in detecting stealthy False Data Injection Attacks (FDIAs) by adding appropriate watermarks to control commands or sensor measurements, especially in industrial control systems and grid-tied Distributed Energy Resources (DERs). However, existing watermarking-based detection methods have limitations in either handling the intricate physical couplings among DERs or characterising the fast changing power electronics dynamics, and thus cannot be directly applied to microgrids. Inspired by the methodology of Unknown Input Observer (UIO), which can be employed for the distributed anomaly monitoring in cyber-physical microgrids but would be easily bypassed once the adversary has the knowledge of certain electrical parameters, this paper makes the first attempt to investigate the physics-aware watermarking embedded in UIOs such that the stealthy FDIAs would be intentionally disrupted by the watermarking scheme. Based on the theoretical analysis of the detection enhancement and performance degradation under watermarking-enhanced UIOs, the watermark strengths, UIO parameters, and control gains are optimally co-designed to significantly enhance the detection effectiveness while not degrading the control performance. The robustness of the watermarking-enhanced UIO to Time Synchronisation Errors (TSEs) is improved by employing a sliding time window with appropriate length. The performance of the proposed method is validated through Matlab/Simulink studies and cyber-physical co-simulation experiments, and the sensitivities of the detection latency and TSE robustness to watermark strength and detection window's length are comprehensively studied.

computer science, theory & methods,engineering, electrical & electronic

Subham Sahoo,Yongheng Yang,Frede Blaabjerg

DOI: https://doi.org/10.1109/tpel.2020.3005208

IF: 5.967

2021-01-01

IEEE Transactions on Power Electronics

Abstract:Although distributed control in microgrids is well known for reliability and scalability, the absence of a global monitoring entity makes it highly vulnerable to cyber attacks. Considering that the detection of cyber attacks becomes fairly easy for distributed observers, a well-planned set of balanced attacks, commonly termed as stealth attack, can always bypass these observers with the control objectives being successfully met. In this letter, a mitigation technique is thus introduced to remove stealth attack on the frequency control input in ac microgrids. The mitigation is carried out using a novel event-driven attack-resilient controller for N cooperative grid-forming converters, which guarantees resilient synchronization for up to N - 1 attacked units. Finally, the resilience capabilities and robustness of the proposed controller are discussed and verified under various scenarios.

Hao Liu,Yuzhe Li,Qing-Long Han,Tarek Rassi,Tarek Ra

DOI: https://doi.org/10.1109/tac.2022.3184396

IF: 6.549

2022-01-01

IEEE Transactions on Automatic Control

Abstract:In this article, a novel proactive attack defense strategy is proposed to deal with the secure remote estimation issue in cyber-physical systems with unknown-but-bounded noises in the presence of man-in-the-middle attacks. It is assumed that the residue calculated by the smart sensor is sent to the remote estimator and the abnormal intrusion detector via a wireless network, and the watermark is assumed to belong to a zonotope. In order to guarantee the detection rate, the data processes and the watermark are time-varying and secret to an adversary. Moreover, the effect on system performance caused by the watermark can be removed when the system is attack free. Furthermore, four different attack scenarios are discussed to analyze the detection ability of the proposed defense approach, and the designed strategy can be applied to detect replay attacks. Finally, an unmanned aircraft system subject to malicious attacks is leveraged to illustrate the effectiveness of the proposed proactive defense strategy.

automation & control systems,engineering, electrical & electronic

Kate Davis,Laszlo B. Kish,Chanan Singh

DOI: https://doi.org/10.1142/S0219477524500433

2024-03-06

Abstract:Unconditional security for smart grids is defined. Cryptanalyses of the watermarked security of smart grids indicate that watermarking cannot guarantee unconditional security unless the communication within the grid system is unconditionally secure. The successful attack against the dynamically watermarked smart grid remains valid even with the presence of internal noise from the grid. An open question arises: if unconditionally authenticated secure communications within the grid, together with tamper resistance of the critical elements, are satisfactory conditions to provide unconditional security for the grid operation.

Cryptography and Security,Systems and Control

Hao Cui,Xiaorui Dong,Hongyan Deng,Moslem Dehghani,Khalid Alsubhi,Hani Moaiteq Abdullah Aljahdali

DOI: https://doi.org/10.1109/jsen.2020.3027778

IF: 4.3

2021-07-15

IEEE Sensors Journal

Abstract:In this article, a new procedure is proposed on the basis of Hilbert-Huang Transform and deep learning for cyber-attacks detection in direct current (DC) micro-grids (MGs) as well as detection of the attacks in distributed generation (DG) units and its sensors. An advanced elective group deep learning method with Krill Herd Optimization (KHO) algorithm is proposed. At first, Hilbert-Huang Transform is used with the aim of extracting the signals feature and next these features are applied as the multiple deep input basis models are made with the aim of capturing automatically sentient traits from raw fluctuation signals. At third, to make sure the variety of the basis patterns, linear decoder, denoising autoencoder and sparse autoencoder are applied to make various deep autoencoders, respectively. Further, Bootstrap is applied with the aim of designing separate educational data subsets for any base model. Fourth, for implementing selective ensemble learning, a combination strategy of enhanced weighted voting (EWV) with class-particular thresholds is studied. Eventually, KHO algorithm is applied with the aim of adaptive selecting the optimal class-specific thresholds. In the offered tactic, firstly, a DC micro-grid is functioned and controlled with the lack of any false data injection attacks (FDIAs) to collect adequate information within the usual operation needed for the educating of deep learning networks. It is noteworthy that, in the procedure of datum production, load variable is also determined with the aim of having distinctive datasets for cyber-attack scenarios and load variables. Also, to provide more realistic method, the smart plug-in electric vehicle is also considered in the model. Outcomes of Simulation in various scenarios are applied with the aim of verifying the benefit of the offered procedure. The outcomes propose that the offered procedure is able to more accurate and robust know various type of false data injection attack over than 93.76% accur-cy detection of true rate.

C. Wanigasekara,V. Logeeshan,M. Dayarathne,M. Jayathilaka,R. Bandara,S. Kumarawadu

DOI: https://doi.org/10.1109/AIIoT61789.2024.10578979

2024-05-29

Abstract:As renewable energy sources are integrated into power grids worldwide, the vulnerability to cyber-attacks increases, necessitating robust detection mechanisms to ensure system integrity and stability. In this paper, we propose a novel approach for cyber-attack detection in power grids, specifically based on the conditions of the Sri Lankan power system. Using the concept of wide area network monitoring and utilizing Ceylon Electricity Board generation data, as well as a PSCAD model representing real-time solar farms, synthetic datasets resembling actual demand-supply curves are generated. By analyzing well-known cyber-attack methodologies such as fault data injection, replay attacks, man-in-the-middle, and spoofing, we create attack datasets. Subsequently, we train neural network models including Convolutional Neural Networks (CNNs), Transformer models, and Long Short-Term Memory (LSTM) networks. Through comprehensive comparative analysis of model effectiveness using various parameters, our objective is to swiftly identify cyber-attacks as they occur within the system. The proposed methodology aims to address two primary objectives of cyber-attacks on power grids: energy theft and destabilization. By preemptively detecting and mitigating such attacks, the integrity and stability of the power grid can be safeguarded effectively. Our research contributes to the advancement of cyber-security measures in power systems, particularly in regions experiencing increased penetration of renewable energy sources like Sri Lanka.

Computer Science,Environmental Science,Engineering

Jiahao Huang,Daniel W.C. Ho,Fangfei Li,Wen Yang,Yang Tang

DOI: https://doi.org/10.1016/j.automatica.2020.109182

IF: 6.4

2020-01-01

Automatica

Abstract:In this paper, an attack defense method is proposed to address the secure remote state estimation problem caused by linear man-in-the-middle attacks in cyber–physical systems (CPS). We utilize the pseudo-random number as a watermarking to encrypt and decrypt the data transmitted through the wireless network. Via the proposed method, the transmitted data in the normal operation can be recovered. Since the data modified by the attacker can be marked with the watermarking, the χ2 detector is capable of detecting the attack. For three different attack scenarios, we analyze the evolution of the remote estimation error covariances and the detection performance, respectively. In the sense of minimizing the estimation error covariance, the optimal parameter set of the watermarking is derived. Furthermore, the proposed method can even be extended to detect the false data injection attack and the replay attack. Finally, several examples are provided to illustrate the derived results.

El-Nasser S. Youssef,Fabrice Labeau,Marthe Kassouf

DOI: https://doi.org/10.3390/en15207807

IF: 3.2

2022-10-22

Energies

Abstract:The rapid adoption of the smart grid's nascent load-management capabilities, such as demand-side management and smart home systems, and the emergence of new classes of controllable high-wattage loads, such as energy storage systems and electric vehicles, magnify the smart grid's exposure to load-altering cyberattacks. These attacks aim at disrupting power grid services by staging a synchronized activation/deactivation of numerous customers' high-wattage appliances. A proper defense plan is needed to respond to such attacks and maintain the stability of the grid, and would include prevention, detection, mitigation, incident response, and/or recovery strategies. In this paper, we propose a solution to detect load-altering cyberattacks using a time-delay neural network that monitors the grid's load profile. As a case study, we consider a cyberattack scenario against demand-side management programs that control the loads of residential electrical water heaters in order to perform peak shaving. The proposed solution can be adapted to other load-altering attacks involving different demand-side management programs or other classes of loads. Experiments verify the proposed solution's efficacy in detecting load-altering attacks with high precision and low false alarm and latency.

energy & fuels

Huaizhi Wang,Jiaqi Ruan,Bin Zhou,Canbing Li,Qiuwei Wu,Muhammad Qamar Raza,Guang-Zhong Cao

DOI: https://doi.org/10.1109/tii.2019.2902163

IF: 12.3

2019-01-01

IEEE Transactions on Industrial Informatics

Abstract:Understanding potential behaviors of attackers is of paramount importance for improving the cybersecurity of power systems. However, the attack behaviors in existing studies are often modeled statically on a single snapshot, which neglects the reality of a dynamically time-evolving power system. Accordingly, a dynamic cyber-attack model with local network information is proposed to characterize the typical data injection attack with the integration of potential dynamic behaviors of an attacker. The proposed model collaboratively alters the meter measurement in a stealthy way to illegally contaminate the system state, thus posing severe threats to cyber physical power systems. We then develop a novel anomaly detection countermeasure from the perspective of state estimation to effectively recognize the dynamic injection attack. In this countermeasure, an interval state forecasting method is proposed to approximate the possible largest variation bounds of each state variable based on a worst-case analysis considering the forecasting uncertainties of renewable energy sources, electric loads, and network parameter perturbations. In addition, the kernel quantile regression is introduced and implemented to formulate the uncertainties in renewable energy and electric load forecast as a series of confidence intervals. When any state variable falls outside its preforecasted intervals, the proposed countermeasure detects the anomaly and sets an alarm condition indicating the possibility of data contamination. Finally, the results from our extensive studies on several IEEE standard test systems have been presented to demonstrate the feasibility of the dynamic attack and the effectiveness of the detection countermeasure.