Ruiwen He,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ei250167.2020.9346835

2020-01-01

Abstract:With the development of information technology and Power Internet of Things, the increasing number of networked terminals presents new network security threats. Industrial control equipment and systems have vulnerabilities in hardware, software and firmware, and advanced persistent threat against ICS has become more complex and diverse. However, most of the research are aimed at the detection of single vulnerability, and lack attack mechanism analysis and threat assessment for attack chain. We proposed a threat assessment method based on vulnerability descriptive text and described the attributes of attack samples according to the classification results in attack targets, methods and consequences. We constructed attack graphs based on attack sample attributes and cyber-physical topology to quantitatively evaluate the feasibility and benefits of each attack path from vulnerability capabilities and the impact of devices in the physical world. Finally, we took the substation device status monitoring system as an example to verify the feasibility of this method.

Yinan Wang,Gangfeng Yan,Ronghao Zheng

DOI: https://doi.org/10.3390/app8050768

2018-01-01

Applied Sciences

Abstract:The integration of modern computing and advanced communication with power grids has led to the emergence of electrical cyber-physical systems (ECPSs). However, the massive application of communication technologies makes the power grids become more vulnerable to cyber attacks. In this paper, we study the vulnerability of ECPSs and develop defence strategies against cyber attacks. Detection and protection algorithms are proposed to deal with the emergency of cascading failures. Moreover, we propose a weight adjustment strategy to solve the unbalanced power flows problem which is caused by splitting incidents. A MATLAB-based platform with advantages of easy programming, fast calculation, and no damage to systems is built for the offline simulation and analysis of the vulnerability of ECPSs. We also propose a five-aspect method of vulnerability assessment which includes the robustness, economic costs, degree of damage, vulnerable equipment, and trip point. The study is of significance to decision makers as they can get specific advice and defence strategies about a special power system.

Erxia Li,Chaoqun Kang,Deyu Huang,Modi Hu,Fangyuan Chang,Lianjie He,Xiaoyong Li

DOI: https://doi.org/10.3390/info10080251

2019-01-01

Information

Abstract:This study focuses on the problem of attack quantification in distribution automation systems (DASs) and proposes a quantitative model of attacks based on the common vulnerability scoring system (CVSS) and attack trees (ATs) to conduct a quantitative and systematic evaluation of attacks on a DAS. In the DAS security architecture, AT nodes are traversed and used to represent the attack path. The CVSS is used to quantify the attack sequence, which is the leaf node in an AT. This paper proposes a method to calculate each attack path probability and find the maximum attack path probability in DASs based on attacker behavior. The AT model is suitable for DAS hierarchical features in architecture. The experimental results show that the proposed model can reduce the influence of subjective factors on attack quantification, improve the probability of predicting attacks on the DASs, generate attack paths, better identify attack characteristics, and determine the attack path and quantification probability. The quantitative results of the model's evaluation can find the most vulnerable component of a DAS and provide an important reference for developing targeted defensive measures in DASs.

Peng Huang,Yinan Wang,Gangfeng Yan

DOI: https://doi.org/10.1109/iecon.2017.8216086

2017-01-01

Abstract:This paper considers a framework of electrical cyber-physical systems (ECPSs) in which each bus and branch in a power grid is equipped with a controller and a sensor. By means of measuring the damages of cyber attacks in terms of cutting off transmission lines, three solution approaches are proposed to assess and deal with the damages caused by faults or cyber attacks. Splitting incident is treated as a special situation in cascading failure propagation. A new simulation platform is built for simulating the protection procedure of ECPSs under faults. The vulnerability of ECPSs under faults is analyzed by experimental results based on IEEE 39-bus system.

Song Deng,Jiantang Zhang,Di Wu,Yi He,Xiangpeng Xie,Xindong Wu

DOI: https://doi.org/10.1109/tii.2022.3169456

IF: 12.3

2022-01-01

IEEE Transactions on Industrial Informatics

Abstract:An accurate and comprehensive risk assessment in a distribution cyber-physical system (DCPS) is essential to ensure its smooth operation, effective control, and exposure of hidden dangers and security implications. Unfortunately, prior risk assessment methods are mostly limited in two aspects. First, the current studies do not respect the complex network topology and intertwined devicewise dependencies, thereby failing to delineate and model the risk propagation mechanism in DCPS accurately. Second, the prior work tends to focus on gauging the risks underlying physical systems independently, overlooking the quantification of risk impact on physical systems incurred by the cyberattack. To fill the gap, in this article, we propose a unified risk assessment model that gauges the comprehensive security implication of DCPS in a Bayesian regime, in which the three key components, namely, the prior probability, posterior probability, and minimum load-loss ratio, are calculated via the cumulative densities, epidemic model, and optimal load shedding, respectively. We benchmark our proposed model on a public testbed, IEEE 39-bus system, with extensive experiments. The results substantiate the viability and effectiveness of our model and suggest that the vulnerability of DCPS is positively correlated with the three components in our Bayesian modeling. We hope this finding can shed some light on future research by providing a plausible apparatus for measuring the security implications of physical systems in DCPS under cyberattacks.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

LI Peikai,LIU Yun,XIN Huanhai,QI Donglian

DOI: https://doi.org/10.7500/AEPS20170705002

2018-01-01

Abstract:Distributed cooperative control mode is an effective approach to overcome the problem of integrating multiple and strongly random distributed generators (DGs) into cyber physical system in distribution network.However,due to the integration between cyber and physical layers,cyber attacks could threat the safe and stable operation of power system through invading the cyber system.A dynamic attack-defense game model based vulnerability assessment of cyber-physical system (CPS)in distribution network is proposed.Firstly,a cooperative control strategy of DGs is described,and its convergence property is analyzed and summarized.Then,a risk assessment of CPS in distribution network is developed,which integrates the risk assessment method,the cooperative control strategy of DGs and strategies of attacker and defender.After that,the dynamic attack-defense game function and its solving steps are designed,which achieves the vulnerability assessment of CPS in distribution network with distributed cooperative control mode.Finally,the effectiveness of the proposed method is verified through simulations involving the IEEE 34-bus distribution network.

Qiangsheng Dai,Libao Shi,Yixin Ni

DOI: https://doi.org/10.1109/pesgm.2018.8586312

2018-01-01

Abstract:The operating conditions of distribution system can be perceived and optimized rapidly and effectively with the help of information and communication technology. However, some potential cybersecurity risk needs to arouse enough attention. In this paper, a novel and practical cyber-attack method targeting remote terminal unit (RTU) is proposed firstly. Regarding the enormous cyber-physical devices in a distribution system and the high maintenance costs, this paper also introduces a risk index to identify the vulnerability of a distribution system to be studied under cyber-attack. A Bayesian attack graph model is applied to quantify the probability of successfully exploiting known and zero-day vulnerabilities, and the relationship between the attack behavior and the feeder automation action is further analyzed. Simulation results demonstrate the effectiveness and validity of the proposed model and method.

Song Deng,Jiantang Zhang,Di Wu,Yi He,Xiangpeng Xie,Xindong Wu

DOI: https://doi.org/10.1109/TII.2022.3169456

IF: 12.3

2023-01-01

IEEE Transactions on Industrial Informatics

Abstract:An accurate and comprehensive risk assessment in a distribution cyber-physical system (DCPS) is essential to ensure its smooth operation, effective control, and exposure of hidden dangers and security implications. Unfortunately, prior risk assessment methods are mostly limited in two aspects. First, the current studies do not respect the complex network topology and intertwined devicewise dependencies, thereby failing to delineate and model the risk propagation mechanism in DCPS accurately. Second, the prior work tends to focus on gauging the risks underlying physical systems independently, overlooking the quantification of risk impact on physical systems incurred by the cyberattack. To fill the gap, in this article, we propose a unified risk assessment model that gauges the comprehensive security implication of DCPS in a Bayesian regime, in which the three key components, namely, the prior probability, posterior probability, and minimum load-loss ratio, are calculated via the cumulative densities, epidemic model, and optimal load shedding, respectively. We benchmark our proposed model on a public testbed, IEEE 39-bus system, with extensive experiments. The results substantiate the viability and effectiveness of our model and suggest that the vulnerability of DCPS is positively correlated with the three components in our Bayesian modeling. We hope this finding can shed some light on future research by providing a plausible apparatus for measuring the security implications of physical systems in DCPS under cyberattacks.

Han Qin,Jiaming Weng,Dong Liu,Donglian Qi,Yufei Wang

DOI: https://doi.org/10.17775/cseejpes.2020.04550

IF: 6.014

2024-01-01

CSEE Journal of Power and Energy Systems

Abstract:With the help of advanced information technology, real-time monitoring and control levels of cyber-physical distribution systems (CPDS) have been significantly improved. However due to the deep integration of cyber and physical systems, attackers could still threaten the stable operation of CPDS by launching cyber-attacks, such as denial-of-service (DoS) attacks. Thus, it is necessary to study the CPDS risk assessment and defense resource allocation methods under DoS attacks. This paper analyzes the impact of DoS attacks on the physical system based on the CPDS fault self-healing control. Then, considering attacker and defender strategies and attack damage, a CPDS risk assessment framework is established. Furthermore, risk assessment and defense resource allocation methods, based on the Stackelberg dynamic game model, are proposed under conditions in which the cyber and physical systems are launched simultaneously. Finally, a simulation based on an actual CPDS is performed, and the calculation results verify the effectiveness of the algorithm.

Junjun Xu,Han Miao,Tengfei Zhang,Qinran Hu,Zaijun Wu

DOI: https://doi.org/10.1109/TIA.2024.3399690

IF: 4.079

2024-01-01

IEEE Transactions on Industry Applications

Abstract:Owing to the advancements in industry information technology, the traditional distribution network has evolved into a cyber-physical distribution system (CPDS), thereby introducing new challenges in quantifying the vulnerability of the system to cyber attacks. In addressing this issue, this paper proposes a novel risk assessment model with the example of cyber attacks on SCADA systems. To begin with, a risk propagation model is employed to construct a node network diagram for the SCADA system, facilitating the analysis of attack pathways and probabilities. Subsequently, physical metrics on the power side of the distribution network are established to quantify the physical consequences. Furthermore, defense costs against cyber attacks are computed, forming the basis for the development of a multi-objective optimization model for defense resources tailored to measurement devices, in conjunction with the proposed risk assessment model. Case studies and results demonstrate the performance of the proposed risk assessment model and defense resource optimization approach by contrast with existing ones.

QIAN Sheng,WANG Qi,YAN Yunsong,FENG Ke,XIA Haifeng

DOI: https://doi.org/10.12158/j.2096-3203.2022.03.002

2022-01-01

Abstract:The security and stability control system is an important defense line to ensure the reliable operation of the power grid. Serious physical consequences can be caused by cyber attacks against the security and stability control system. In order to quantitatively evaluate the impact of cyber attacks on security and stability control system and solve the problem that the existing risk assessment methods do not fully consider the susceptibility of cyber attacks,a risk assessment method of security and stability control system considering the impact of cyber attacks is proposed. Firstly,the hierarchical structure of the security and stability control system is analyzed. Then,the risk points of cyber attacks on the stability control device body and device's inter-station communication from the three perspectives of attack object,attack methods,and attack consequences are analyzed. Secondly,the susceptibility of cyber attacks is quantified based on the fuzzy analytic hierarchy process,and a successful probability model of cyber attacks for security and stability control system is established combined with the defense unit model of cyber attacks built by Petri nets. Finally,the risk assessment is carried out on the standard and actual systems combined with the physical consequences and the probability of successful attacks. The risk values under two conditions of normal operation and cyber attack are calculated to verify the validity of the proposed model.

Qiangsheng Dai,Libao Shi,Yixin Ni

DOI: https://doi.org/10.1109/tpwrs.2019.2899983

IF: 7.326

2019-01-01

IEEE Transactions on Power Systems

Abstract:The extensive application of information and communication technology (ICT) can effectively improve the operational performance of active distribution systems (ADSs). On the other hand, the use of ICT may expose the systems to cyberattacks. Since feeder automation (FA) in advanced ADS provides fast-responding self-healing capability to restore service during an outage, the potential effect of cyberattacks on ADS becomes more devastating. In this paper, two simple yet powerful cyberattack methods targeting remote terminal units (RTUs) are proposed. The physical response of ADS to malicious cyberattacks on FA is elaborately investigated considering the output fluctuation of distributed generators. The impact of this specific cyberattack on ADS is quantified by a risk assessment index measured in scale and in duration to full restoration. The probability of RTU potentially being attacked is modeled based on search theory. Furthermore, a Bayesian attack graph model is applied and designed to quantify the probability of successfully exploiting the currently known and zero-day vulnerabilities. The proposed methodology is tested and validated via using a modified three-feeder ADS and the IEEE 123 Node Test Feeder.

Buxiang Zhou,Binjie Sun,Tianlei Zang,Yating Cai,Jiale Wu,Huan Luo

DOI: https://doi.org/10.3390/e25010047

IF: 2.738

2022-12-28

Entropy

Abstract:With the increasing digitalization and informatization of distribution network systems, distribution networks have gradually developed into distribution network cyber physical systems (CPS) which are deeply integrated with traditional power systems and cyber systems. However, at the same time, the network risk problems that the cyber systems face have also increased. Considering the possible cyber attack vulnerabilities in the distribution network CPS, a dynamic Bayesian network approach is proposed in this paper to quantitatively assess the security risk of the distribution network CPS. First, the Bayesian network model is constructed based on the structure of the distribution network and common vulnerability scoring system (CVSS). Second, a combination of the fuzzy analytic hierarchy process (FAHP) and entropy weight method is used to correct the selectivity of the attacker to strike the target when cyber attack vulnerabilities occur, and then after considering the defense resources of the system, the risk probability of the target nodes is obtained. Finally, the node loads and node risk rates are used to quantitatively assess the risk values that are applied to determine the risk level of the distribution network CPS, so that defense strategies can be given in advance to counter the adverse effects of cyber attack vulnerabilities.

physics, multidisciplinary

Yuhang Zhang,Ming Ni

DOI: https://doi.org/10.3390/app132011569

2023-10-23

Applied Sciences

Abstract:With the increasing deployment of advanced sensing and measurement devices, the modern distribution system is evolved into a cyber-physical power distribution system (CPPDS). Due to the extensive application of information and communication technology, CPPDS is prevalently exposed to a wide range of cybersecurity threats. In this paper, a novel security-oriented cyber-physical risk assessment method for CPPDS is proposed. Based on the information model composed of logical nodes, an attack graph of privilege promotion by exploiting the cyber vulnerabilities is constructed. The physical consequence caused by cyberattack is analyzed in detail. By using the Markov decision process (MDP) theory, the cyber-physical risk index (CPRI) is calculated. Furthermore, considering the allocation of the finite defense resource, the modified MDP approach with an attack–defense game is presented. The effectiveness of the proposed method is demonstrated with case studies on a four-feeder IEEE-RTBS test system.

materials science, multidisciplinary,engineering,chemistry,physics, applied

Rong Zeng,Yijia Cao,Yong Li,Sijia Hu,Xia Shao,Liwei Xie,Liang Hou,Long Zhao,Mohammad Shahidehpour

DOI: https://doi.org/10.1109/tsg.2023.3302287

IF: 10.275

2023-01-01

IEEE Transactions on Smart Grid

Abstract:The power system has become the key target of national cyber confrontation. To enhance the risk management capability of the distribution network (DN) while assessing the cyberattack risk quickly and accurately, this paper proposes a general real-time cyberattack risk assessment method for DN involving the influence of distributed feeder automation systems (DFAs). In particular, to clarify the quantitative relationship between cyberattack intrusion and DN state deterioration, we constructed the quantitative model of the cyber physical distribution network (CPDN) under cyberattack, which involves the influence of DFAs’ behavior. In addition, in order to intuitively demonstrate the cyberattack risk, we developed a novel entropy-like risk assessment system upon the quantitative model of CPDN. The real two-feeder test platform with cyberattack simulation devices is used to verify the correctness and practicality of the proposed method. In this process, a digital cyberattack risk assessment unit is created, contributing to the system-level application of risk management.

engineering, electrical & electronic

Jun'e Li,Jiaqi Liang,Quanying Liu,Donglian Qi,Jianliang Zhang,Yangrong Chen

DOI: https://doi.org/10.3389/fenrg.2022.971725

IF: 3.4

2022-01-01

Frontiers in Energy Research

Abstract:With the rapid development of integrated energy system, the large-scale and high-permeability access of distributed generations (DGs) is making the distribution networks develop into active distribution networks (ADNs). The increased complexity of ADNs also increases the vulnerabilities for cyberattacks. It is a new challenge how to evaluate the situation of an ADN so as to support the decision-making of grid control policies in the condition of cyberattacks probably occur. Hence, in this paper, we proposed a method of situation assessment for ADNs considering cyberattacks. This method is aggregated by two parts. 1) An index system is presented, which includes the indexes of DGs stability, the indexes of security risk considering cyberattacks along with the traditional safety indexes. 2) The entropy weight method is used to assign weights to each index, and taking the normal operation status of ADNs as the reference scenario, an operating situation assessment method for ADNs is proposed based on grey correlation analysis method. Finally, in order to verify the effectiveness of the proposed index system and assessment method, 12 attack scenarios are established from three categories: attacks on DGs, attacks on controllable loads and attacks on both of them, and the situation of the ADN, a case based on IEEE 33-node standard distribution system, is evaluated under each scenario.

Yingjun Wu,R. Fu,Xiaojuan Huang,Yusheng Xue,D. Yue,Yi Tang

DOI: https://doi.org/10.1109/ACCESS.2018.2855752

IF: 3.9

IEEE Access

Abstract:A cyber physical distribution power system (CPDS) is a large and complex infrastructure that coordinates the cyber communication system and the physical distribution power system. Because of the increasingly advanced information communication technology, the development of cyber physical distribution power system has caused key cyber security issues related to system operation. This paper is focused on realizing a unified system attack modeling and security assessment of an active distribution power system. In this paper, first we present an overview of the system operation from the fusion system perspective. The significant effects of network intrusion attacks on operational security are evaluated. A new unified cyber physical network model is established using a limited stochastic Petri net graph theory that considers refined firewalls and password components. Then, a security effectiveness evaluation method is proposed to analyze channel throughput variation and system robustness. Overall CPDS security risk values are determined based on physical influence coefficients. Finally, simulations of an improved IEEE-33 bus distribution power system and security assessment under intrusion attacks are described. The research work could raise awareness of the cyber intrusion threats and provide the basis for security defense.

Engineering,Computer Science

Jie Yang,Yihao Guo,Chuangxin Guo,Zhe Chen,Shenghan Wang

DOI: https://doi.org/10.1109/access.2021.3101896

IF: 3.9

2021-01-01

IEEE Access

Abstract:Assessing cross-space risk of cyber-physical distribution system under integrated attack is investigated in this paper. Firstly, a hierarchical structure of cyber-physical distribution network according to IEC 61850 is established and a deliberate attack scenario with limited adversarial knowledge and stealth requirement is developed based on a general linear model for state estimation. Then, we formulate two optimization problems to describe the attack implementation and propagation process and obtain the likelihood of attacks including a robust solution and a risk solution in a fuzzy Bayesian network (BN). On this basis, a physical impact metric is defined as the integrated deviation of system states and measurements. Thus, the cross-space risk assessment can be performed. Finally, the simulation results of case studies demonstrate that the proposed method is effective and provides a broad and clear view of cyber-physical distribution system security situation.

Sheng Qian,Shibin Bai,Qi Wang

DOI: https://doi.org/10.1109/ispec53008.2021.9736063

2021-01-01

Abstract:With the construction of the security and stability control system(SSCS) in the cross-regional AC and DC power system, the SSCS presents a larger, wider and more complicated trend. Due to the large number of control nodes and long control chain, if the security and stability services encounters cyber attacks, it will cause serious harm to the operation of the power network. Firstly, the hierarchical structure of security device ontology is analyzed. Secondly, the risk points of cyber attack between security device ontology and security device station are analyzed from the Angle of attack channel, attack object and attack consequence. Then, the probability model of FDIA attack success is established by using fuzzy analytic hierarchy process and Petri net. Finally, a standard system example is given to verify the effectiveness of the risk assessment model.

Kang Yan,Xuan Liu,Yidan Lu,Fanglu Qin

DOI: https://doi.org/10.1109/jsyst.2022.3215591

IF: 4.802

2023-01-01

IEEE Systems Journal

Abstract:With the integration of cyber devices into power systems, such as information communication technology devices and intelligent electronic devices, there are currently a large number of software vulnerabilities (SVs) in cyber devices, which are probably used to obtain the authority of cyber devices for malicious attackers and be carried out subsequently severe attacks on power systems. Thus, it is inappropriate to only consider the power risks as the risk assessment for the system with the strong coupling between cyber systems and power systems. In this article, we investigate a dynamic risk assessment model for the cyber-physical power system (CPPS) against cyberattacks, combining the network security vulnerability of the supervisory control and data acquisition (SCADA) system in a substation and physical consequences in power systems caused by it under malicious control. By construction, a dynamic network security vulnerability assessment method for the SCADA system is well studied by considering SVs and deployed network security defense measures, which is also corrected by the propagation characteristics. Moreover, we estimate physical consequences by minimum shedding loads in N-1 contingencies caused by the SCADA system in a substation under malicious control. Finally, simulations on modified IEEE 14-bus and IEEE 118-bus systems verify the proposed model's effectiveness, highlighting the importance of network security in CPPS.