Feilong Zhang,Liangchao Chen,Bo Zhang,Jianwen Zhang,Qianlin Wang,Pengchao Wang,Jianfeng Yang,Zhan Dou

DOI: https://doi.org/10.1002/prs.12604

2024-04-06

Process Safety Progress

Abstract:The deep integration of information technology and process industry production systems makes system failure increasingly multi‐source and multi‐scale. In contrast to conventional hazard methods, system theoretic process analysis (STPA) can analyze the hazards in system control processes from the perspective of interactions among the system components. Theoretically, this method offers advantages that are better suited for modern production systems. However, as of now, the integration between STPA and process industrial production systems is still lacking. To address this issue, this study improved the original STPA method. First, we propose the "5 flows" concept for the process industrial cyber‐physical systems. The systems are described using multilevel flow modeling (MFM). This leads to the development of the MSTPA method, which is specifically designed to analyze the cyber‐physical hazards in process industrial production systems. Subsequently, the cyber‐physical hazards of a fluidized‐bed catalytic cracking unit are analyzed in detail using the MSTPA method as an example. The results show that MSTPA can identify cyber‐physical hazards in multiple dimensions. It is proved that, compared with the original STPA and traditional hazard methods, the MSTPA method can better identify cyber‐physical hazards in process industrial production systems.

engineering, chemical

Xiaoyu Jiang,Zhiqiang Ge

DOI: https://doi.org/10.1109/tai.2022.3145335

2022-01-01

IEEE Transactions on Artificial Intelligence

Abstract:With the rapid development of information technology, intelligent upgrading of the manufacturing industry has broken the closed environment of traditional industrial control systems (ICS); thus, the information security of ICS has been seriously threatened. As part of ICS, the process monitoring system (PMS) is heavily subject to external risks. Data-driven PMSs have been widely used as initial lines of defense to ensure ICS safety. Once the PMS is under attack, the consequences on the whole ICS will be unimaginable. Unfortunately, the safety issues of the PMS have received inadequate attention. This article reveals PMS’s vulnerabilities through effective attacks. A novel method called subspace transfer network (STN) is proposed to conduct adversarial and poisoning attacks on the PMS simultaneously. Then the attack task flow is defined and explained to make online adversarial attacks and data poisoning on PMS. Meanwhile, aiming at two poisoning goals, targeted and untargeted attacks of STN are designed, respectively. Finally, the PMS’s fragility is verified in two industrial benchmarks.

Jiwei Huang,Yeping Zhu,Bo Cheng,Chuang Lin,Junliang Chen

DOI: https://doi.org/10.3390/s16030382

IF: 3.9

2016-01-01

Sensors

Abstract:With the growing popularity of complex dynamic activities in manufacturing processes, traceability of the entire life of every product has drawn significant attention especially for food, clinical materials, and similar items. This paper studies the traceability issue in cyber-physical manufacturing systems from a theoretical viewpoint. Petri net models are generalized for formulating dynamic manufacturing processes, based on which a detailed approach for enabling traceability analysis is presented. Models as well as algorithms are carefully designed, which can trace back the lifecycle of a possibly contaminated item. A practical prototype system for supporting traceability is designed, and a real-life case study of a quality control system for bee products is presented to validate the effectiveness of the approach.

Wei Lin,Lu Zhang,Haotian Zhang,Kailai Shao,Mingming Zhang,Tao Xie

DOI: https://doi.org/10.1109/ISSRE55969.2022.00012

2022-01-01

Abstract:To address software engineering tasks such as se-curity risk assessment, software change government, and access control in database applications, taint analysis approaches for SQL statements have been commonly adopted for tracking information flows in these applications. However, existing taint analysis approaches cannot track implicit flows (i.e., control dependencies between sources and sinks) for SQL statements, facing the challenges of native/unmanaged code and database management system (DBMS) complexity. To address these chal-lenges, in this paper, we propose TaintSQL, a cell-level dynamic taint analysis (DTA) framework (maintaining a taint tag for each table cell) to track fine-grained implicit flows for SQL statements. Our TaintSQL framework includes two novel techniques, namely MutaIF and MockIF. MutaIF aims to track implicit flows with causal relationships, whereas MockIF aims to dynamically track implicit flows at runtime. We implement the two techniques of TaintSQL and evaluate them on a set of test subjects to assess their effectiveness and efficiency. The evaluation results show that both techniques effectively track fine-grained implicit flows for SQL statements with reasonable runtime overhead. The F1 scores of MutaIF and MockIF are 96.2% and 97.9%, respectively. We also conduct an industrial study of MutaIF in an international IT company (which serves over 1 billion global users and 80 million merchants). The positive feedback from the software engineers also demonstrates the practicability of the TaintSQL framework and the MutaIF technique in industrial settings.

Zedong Li,Xin Chen,Yuqi Chen,Shijie Li,Hangyu Wang,Shichao Lv,Limin Sun

DOI: https://doi.org/10.1109/jiot.2024.3358798

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:The era of the Industrial Internet of Things has led to an escalating menace of Cyber-Physical Manufacturing Systems (CPMS) to cyber-attacks. Presently, the field of intrusion detection for CPMS has significant advancements. However, current methodologies require significant costs for collecting historical data to train detection models, which are tailored to specific machining scenarios. Evolving machining scenarios in the real world challenge the adaptability of these methods. In this paper, We found that the machining code of the CPMS contains a complete machining process, which is an excellent detection basis. Therefore we propose MPI-CNC, an intrusion detection approach based on Machining Process Invariant in the machining code. Specifically, MPI-CNC automates the analysis of the machining codes to extract machining process rules and key parameter rules, which serve as essential detection rules. Then, MPI-CNC actively acquires runtime status from the CPMS and matches the detection rules to identify cyber-attacks behavior. MPI-CNC was evaluated using two FANUC CNC machine tools across ten real machining scenarios. The experiment demonstrated the exceptional adaptability capability of MPI-CNC. Furthermore, MPI-CNC showed superior accuracy in detecting cyber-attacks against CPMS compared to existing state-of-the-art detection methods while ensuring normal machining operations.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yiyu Zhang,Tianyi Liu,Yueyang Wang,Yun Qi,Kai Ji,Jian Tang,Xiaoliang Wang,Xuandong Li,Zhiqiang Zuo

2024-02-27

Abstract:Dynamic taint analysis (DTA), as a fundamental analysis technique, is widely used in security, privacy, and diagnosis, etc. As DTA demands to collect and analyze massive taint data online, it suffers extremely high runtime overhead. Over the past decades, numerous attempts have been made to lower the overhead of DTA. Unfortunately, the reductions they achieved are marginal, causing DTA only applicable to the debugging/testing scenarios. In this paper, we propose and implement HardTaint, a system that can realize production-run dynamic taint tracking. HardTaint adopts a hybrid and systematic design which combines static analysis, selective hardware tracing and parallel graph processing techniques. The comprehensive evaluations demonstrate that HardTaint introduces only around 9% runtime overhead which is an order of magnitude lower than the state-of-the-arts, while without sacrificing any taint detection capability.

Cryptography and Security,Programming Languages,Software Engineering

Kumar Saurabh,Deepak Gajjala,Krishna Kaipa,Ranjana Vyas,O. P. Vyas,Rahamatullah Khondoker

DOI: https://doi.org/10.1007/s13369-023-08600-3

IF: 2.807

2024-06-19

Arabian Journal for Science and Engineering

Abstract:Industrial cyber-physical systems (ICPS) are gradually integrating Information Technology (IT) and automating industrial processes, leading systems to become more vulnerable to malicious actors. Thus, to deploy secure Industrial Control and Production Systems (ICPS) in smart factories, cyber threats and risks must be addressed. To identify all possible threats, "Threat Modeling" is a promising solution. Despite the existence of numerous methodological solutions for threat modeling in Cyber-Physical Systems (CPS), current approaches are ad hoc and inefficient in providing clear insights to researchers and organizations involved in Industrial Internet of Things (IIoT) technologies. These approaches lack a comprehensive analysis of cyber threats and fail to facilitate effective path analysis across the ICPS lifecycle, incorporating smart manufacturing technologies and tools. To address these gaps, a novel quantitative threat modeling approach is proposed, aiming to identify probable attack vectors, assess the path of attacks, and evaluate the magnitude of each vector. This manuscript also explains the execution of the proposed approach through two case studies: the industrial manufacturing line, referred to as the Internet of Manufacturing (IoM), and the power industry, known as the Internet of Production (IoP).

multidisciplinary sciences

Jiazhou Wang,Jue Tian,Yang Liu,Dong Yang,Ting Liu

DOI: https://doi.org/10.1109/jiot.2023.3245628

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:In recent studies, moving target defense (MTD) has been applied to detect false data injection (FDI) attacks using distributed flexible AC transmission system (D-FACTS) devices. However, the inherent conflict between the security goals of MTD (i.e., detecting FDI attacks) and the economic goals of D-FACTS devices (i.e., reducing power losses) would impede the application of MTD in real systems. Moreover, the detection capabilities of existing MTDs are often insufficient. This paper proposes a multi-stage MTD (MMTD) approach to resolve these two issues by adding a group of designed security-oriented schemes before D-FACTS’ economy-oriented scheme to detect FDI attacks. We keep these security-oriented schemes for a very short time interval and then revert to the economy-oriented scheme for the remaining time to ensure the economic requirements. We prove that a designed MMTD can significantly improve the detection capability compared to existing one-stage MTDs. We find the supremum of MMTD’s detection capability and study its relationship with system topology and D-FACTS deployment. Meanwhile, a greedy algorithm is proposed to search the MMTD strategy to reach this supremum. Simulation results show that the proposed MMTD can achieve the supremum against FDI attacks while outperforming current MTD strategies on economic indicators.

computer science, information systems,telecommunications,engineering, electrical & electronic

Xinmin Zhang,Xuerui Zhang,Zhihuan Song,Qinyuan Ren,Chihang Wei

DOI: https://doi.org/10.1109/DDCLS58216.2023.10165830

2023-01-01

Abstract:In modern industry, data-driven process monitoring systems (PMS), as the initial defense line of industrial control system security, have been widely used in all walks of life. However, the privacy security of the data-driven PMS itself has rarely or never received serious attention. Once the data-driven PMS suffers from intrusion and malicious attacks, it will not only interfere with the normal operation of the industrial control system, but also lead to the disclosure of industrial confidential and privacy information and major economic losses. To handle this issue, this work proposes a novel pioneering study on the inference attack and privacy security problem in the data-driven PMS. Firstly, the potential attack and privacy violation risks of data-driven PMS are investigated. Second, a novel industrial inference attack and privacy security benchmark on data-driven PMS is presented, in which a series of membership inference attack and defense experiments are designed and conducted. Third, we provided a detailed discussion about which member reasoning attacks are the most potential threats to the data-driven PMS and which defense technologies are most suitable for mitigating the attack. The experimental results will provide researchers and practitioners with a new perspective when designing a novel data-driven PMS with more robust and privacy protection performance.

Jiazhou Wang,Jue Tian,Yang Liu,Xiaohong Guan,Dong Yang,Ting Liu

DOI: https://doi.org/10.48550/arxiv.2206.01051

2022-01-01

Abstract: In recent studies, moving target defense (MTD) has been applied to detect false data injection (FDI) attacks using distributed flexible AC transmission system (D-FACTS) devices. However, the inherent conflict between the security goals of MTD (i.e., detecting FDI attacks) and the economic goals of D-FACTS devices (i.e., reducing power losses) would impede the application of MTD in real systems. Moreover, the detection capabilities of existing MTDs are often insufficient. This paper proposes a multi-stage MTD (MMTD) approach to resolve these two issues by adding a group of designed security-oriented schemes before D-FACTS' economic-oriented scheme to detect FDI attacks. We keep these security-oriented schemes for a very short time interval and then revert to the economic-oriented scheme for the remaining time to ensure the economic requirements. We prove that a designed MMTD can significantly improve the detection capability compared to existing one-stage MTDs. We find the supremum of MMTD's detection capability and study its relationship with system topology and D-FACTS deployment. Meanwhile, a greedy algorithm is proposed to search the MMTD strategy to reach this supremum. Simulation results show that the proposed MMTD can achieve the supremum against FDI attacks while outperforming current MTD strategies on economic indicators.

Jue Tian,Rui Tan,Xiaohong Guan,Zhanbo Xu,Ting Liu

DOI: https://doi.org/10.1109/tsg.2019.2921245

IF: 10.275

2020-01-01

IEEE Transactions on Smart Grid

Abstract:Recent cybersecurity incidents such as Stuxnet and Irongate alert us to the threats faced by critical cyber-physical systems. These attacks compromise the control signals to push the system to unsafe regions and meanwhile, inject fake sensor measurements to cover the ongoing attack. Detecting these Stuxnet-like (SL) attacks still remains an open research issue. This paper analyzes the taxonomy, construction, and implication of SL attacks in CPS control loops. We propose to apply the moving target defense (MTD) approach that actively changes the system configuration to detect SL attacks, since these attacks are generally constructed based on the knowledge about the system's configuration. We analyze the basic conditions for MTD to be successful. Finally, as a case study, we apply MTD for the secondary voltage control of power grids and present simulation results based on the IEEE 39-bus test system under realistic settings.

engineering, electrical & electronic

Heping Jia,Yi Ding,Rui Peng

DOI: https://doi.org/10.1109/icsrs.2018.8688837

2018-01-01

Abstract:With the deep integration of cyber physical systems, data storage systems might suffer from both physical failures and cyber attacks which significantly impact the systems' reliability. The data can be partitioned into several data parts to enhance data security and multiple replications can be created for each data part in the storage systems. In this paper, both the failures of data storage devices and cyber attacks including data theft and data corruption are considered in the proposed system model. Moreover, the multi-valued decision diagram (MDD) technique is developed for considering chronological characteristics of sequential events to achieve the quantitative reliability assessment. A numerical example is provided to validate the proposed model and method.

Chengxu Yang,Yuanchun Li,Mengwei Xu,Zhenpeng Chen,Yunxin Liu,Gang Huang,Xuanzhe Liu

DOI: https://doi.org/10.1145/3468264.3468532

2021-01-01

Abstract:Big data has become valuable property for enterprises and enabled various intelligent applications. Today, it is common to host data in big data platforms (e.g., Spark), where developers can submit scripts to process the original and intermediate data tables. Meanwhile, it is highly desirable to manage the data to comply with various privacy requirements. To enable flexible and automated privacy policy enforcement, we propose TaintStream, a fine-grained taint tracking framework for Spark-like big data platforms. TaintStream works by automatically injecting taint tracking logic into the data processing scripts, and the injected scripts are dynamically translated to maintain a taint tag for each cell during execution. The dynamic translation rules are carefully designed to guarantee non-interference in the original data operation. By defining different semantics of taint tags, TaintStream can enable various data management applications such as access control, data retention, and user data erasure. Our experiments on a self-crafted benchmarksuite show that TaintStream is able to achieve accurate cell-level taint tracking with a precision of 93.0% and less than 15% overhead. We also demonstrate the usefulness of TaintStream through several real-world use cases of privacy policy enforcement.

z zhang,y tian,r deng,j ma

DOI: https://doi.org/10.1109/JIOT.2022.3161790

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:The smart grid (SG), as one of the largest evolutionary critical infrastructures, witnesses the deep integration of electricity facilities and Internet of Things (IoT). But recent events show that the vulnerabilities exposed in IoT devices can be exploited by adversaries to construct the cyberattacks on SG. To address this threat, plenty of countermeasures have been proposed to enhance the SG’s security. However, the additional costs introduced by some countermeasures make the utilities hesitate to implement them practically. To alleviate this concern, in this article, we propose a double-benefit moving target defense (dB-MTD) to protect the SG from cyber–physical attacks (CPAs) and also gain generation-cost benefits. The dB-MTD enables the prevention of stealthy CPAs on the transmission lines by perturbing the reactances with the distributed flexible AC transmission system (D-FACTS). To reduce the infrastructure cost, we minimize the number of required D-FACTS devices for a specific protection goal. Although it needs investment on D-FACTS, we find that the utility can make profits from the generation costs by appropriately setting the reactance perturbations. Therefore, we formulate an optimization problem to compute the optimal reactance perturbations to maximize the generation-cost benefits, without sacrificing the protection performance of dB-MTD. Finally, using the real-world load profiles, we conduct extensive simulations to evaluate the impact of CPA on the system operation and the benefits obtained by the dB-MTD from the aspects of the D-FACTS deployment and the generation-cost profits.

Qianmu Li,Yaozong Liu,Shunmei Meng,Hanrui Zhang,Haiyuan Shen,Huaqiu Long

DOI: https://doi.org/10.1186/s13638-020-01734-0

2020-06-03

EURASIP Journal on Wireless Communications and Networking

Abstract:Abstract The safety of the Industrial Internet Control Systems has been a hotspot in the information security. To meet the needs of communication, a large variety of proprietary protocols have emerged in the field of industrial control. The protocol field is often trusted in the implementation of industrial control terminal code. If attackers modify the data of these fields using the protocol defect, the operation of the program can be controlled and the entire system will be affected. To cope with such security threats, academia and industry generally adopt fuzz test methods. However, the current industrial control protocol fuzz test methods generally have low code coverage, where unified description models are missing and test cases are not targeted. A method of fuzzification processing combined with dynamic multi-modal sensor communication data is proposed. To track the program execution, the dynamic pollution analysis is used to search for the input fields that affect the execution of the conditional branch and capture the dependencies between the conditional branches to guide the grammar generation of test cases, which can increase the chances of executing deep code. The experimental results show that the proposed method improves the validity and code coverage of test cases to a certain extent and greatly increases the probability of anomaly detection in the protocol implementation.

telecommunications,engineering, electrical & electronic

Efe C. Balta,Michael Pease,James Moyne,Kira Barton,Dawn M. Tilbury

DOI: https://doi.org/10.1109/tase.2023.3243147

IF: 6.636

2023-01-01

IEEE Transactions on Automation Science and Engineering

Abstract:Smart manufacturing (SM) systems utilize run-time data to improve productivity via intelligent decision-making and analysis mechanisms on both machine and system levels. The increased adoption of cyber-physical systems in SM leads to the comprehensive framework of cyber-physical manufacturing systems (CPMS) where data-enabled decision-making mechanisms are coupled with cyber-physical resources on the plant floor. Due to their cyber-physical nature, CPMS are susceptible to cyber-attacks that may cause harm to the manufacturing system, products, or even the human workers involved in this context. Therefore, detecting cyber-attacks efficiently and timely is a crucial step toward implementing and securing high-performance CPMS in practice. This paper addresses two key challenges to CPMS cyber-attack detection. The first challenge is distinguishing expected anomalies in the system from cyber-attacks. The second challenge is the identification of cyber-attacks during the transient response of CPMS due to closed-loop controllers. Digital twin (DT) technology emerges as a promising solution for providing additional insights into the physical process (twin) by leveraging run-time data, models, and analytics. In this work, we propose a DT framework for detecting cyber-attacks in CPMS during controlled transient behavior as well as expected anomalies of the physical process. We present a DT framework and provide details on structuring the architecture to support cyber-attack detection. Additionally, we present an experimental case study on off-the-shelf 3D printers to detect cyber-attacks utilizing the proposed DT framework to illustrate the effectiveness of our proposed approach. Note to Practitioners—This work is motivated by developing a general-purpose and extensible digital twin-enabled cyber-attack detection framework for manufacturing systems. Existing works in the field consider specialized attack scenarios and models that may not be extensible in practical manufacturing scenarios. We utilize digital twin (DT) technology as a key enabler to develop a systematic and extensible framework where we identify the abnormality of a resource and detect if the abnormality is due to an attack or an expected anomaly. We provide several remarks on how our proposed framework can extend existing industrial control systems (ICS) and can accommodate further extensions. The presented DTs utilize data-driven machine learning models, physics-based models, and subject matter expert knowledge to perform detection and differentiation tasks in the context of expected anomalies and model-based controllers that control the manufacturing process between multiple setpoints. We utilize a model predictive controller on an off-the-shelf 3D printer to run the process, and stage anomalies and cyber-attacks that are successfully detected by the proposed framework.

automation & control systems

Jie Wang,Yunguang Wu,Gang Zhou,Yiming Yu,Zhenyu Guo,Yingfei Xiong

DOI: https://doi.org/10.1145/3368089.3417059

2020-11-07

Abstract:In Alibaba, we have seen a growing demand for tracing data flow for scenarios such as data leak detection, change governance, and data consistency checking. Static taint analysis is a technique for such problems, and many approaches are proposed for high scalability and precision. This paper shares our experience in applying taint analysis in Alibaba. In particular, we find that the state-of-the-art taint analysis tool, FlowDroid, does not work well in our cases because our applications make heavy use of libraries, native methods and enterprise-specific frameworks, which impose two major challenges, scalability and implicit dependency, to FlowDroid. This paper presents ANTaint to address these problems. ANTaint improves scalability by expanding the call graph and applying taint propagation on demand for libraries, which account for majority of the program execution but only a small fraction propagates taints. To improve accuracy, we ensure to build a sound call graph with its core part having certain accuracy, and providing a more precise taint propagation model. The practice of applying ANTaint in the company workload validates the idea. According to an experiment on 60 production cases, ANTaint is correct for 95% of the cases (precision: 95%, recall: 98%) while FlowDroid is 13%. ANTaint takes 65% less time and none of the cases run out of memory with 32 GB limitation.

YANG Zhi,YIN Li-Hua,DUAN Mi-Yi,WU Jin-Yu,JIN Shu-Yuan,GUO Li

DOI: https://doi.org/10.3724/sp.j.1001.2012.04083

2012-01-01

Journal of Software

Abstract:Dynamically adjusting the security label of each subject is a main approach to improving the availability of MAC models.It includes the method of security label range and the method of taint propagation.The former lacks the support for a less proviledge subject,and the latter has a known covert channels.In this paper,a model called generalized taint propagation model(GTPM) is proposed to protect the confidentiality and integrity of operating systems.It inherits the least privilege characteristic of taint propagation model(TPM),expands the semantics of TPM to close the known covert channels,and introduces declassification and decontamination capacities of subjects to avoid accumulating contamination.The paper also introduces its specification using communicating sequential processes(CSP) language to clear the formal semantics of a GTPM operating system's behaviors of information flow control;Moreover,the study noninterference with declassification in CSP verification model of process equivalence,and proves that abstract GTPM system have the security property of noninterference with declassification in virtue of FDR tool.Finally,this paper uses an example to demonstrate its improvement of availability.

Zhangyue Shi,Boris Oskolkov,Wenmeng Tian,Chen Kan,Chenang Liu

DOI: https://doi.org/10.1115/1.4063859

IF: 2.3

2023-10-20

Journal of Computing and Information Science in Engineering

Abstract:Abstract The advancement of sensing technology enables efficient data collection from manufacturing systems for monitoring and control. Furthermore, with the rapid development of the Internet of Things (IoT) and information technologies, more and more manufacturing systems become cyber-enabled, facilitating real-time data sharing and information exchange, which significantly improves the flexibility and efficiency of manufacturing systems. However, the cyber-enabled environment may pose the collected sensor data under high risks of cyber-physical attacks during the data and information sharing. Specifically, cyber-physical attacks could target the manufacturing process and/or the data transmission process to maliciously tamper the sensor data, resulting in false alarms or failures in anomaly detection in monitoring. In addition, the cyber-physical attacks may also enable illegal data access without authorization and cause the leakage of key product/process information. Therefore, it becomes critical to develop an effective approach to protect data from these attacks so that the cyber-physical security of the manufacturing systems could be assured in the cyber-enabled environment. To achieve this goal, this paper proposes an integrative blockchain-enabled data protection method by leveraging camouflaged asymmetry encryption. A real-world case study that protects cyber-physical security of collected sensor data in additive manufacturing is presented to demonstrate the effectiveness of the proposed method. The results demonstrate that malicious tampering could be detected in a relatively short time (less than 0.05ms) and the risk of unauthorized data access is significantly reduced as well.

engineering, manufacturing,computer science, interdisciplinary applications

Yifan Hu,Peidong Zhu,Peng Xun,Bo Liu,Wenjie Kang,Yinqiao Xiong,Weiheng Shi

DOI: https://doi.org/10.1016/j.cose.2021.102465

2021-12-01

Abstract:Cyber-physical system (CPS) like smart grid deeply integrated with communication networks are often subjected to sophisticated cyber-attacks like false data injection attack (FDIA) with a strong capability of strategic reconnaissance required to learn the environment, where the static characteristics of the system enable easier profiling of the critical infrastructure resources by the adversary. In this paper, we propose a cyber-physical moving target defense (CPMTD) mechanism that focuses on both attack prevention and detection to mitigate such static vulnerabilities and provide combined protections for power system. For attack prevention, we design the Cyber-MTD strategy to disrupt and mislead attack preparation by randomizing data acquisitions with controlled change across multiple system dimensions based on protocol oblivious forwarding (POF) among trusted peer devices in SCADA networks. For attack detection, we design the Physical-MTD strategy to improve the detection probability of FDIAs by periodically changing the measurement matrix of state estimation based on the D-FACTS devices' capability of perturbing the transmission line susceptances in power grids and explore the optimal perturbation in transmission line susceptances based on a cost-benefit analysis. Finally, we discuss two attack cases for network security analysis and evaluate the impact on network performance. Simulations on IEEE 14-bus and 57-bus systems verify the improvement of FDIA detection without significantly increasing operation cost.

computer science, information systems