Chunming Zhang,Fengji Luo,Mingyang Sun,Gianluca Ranzi

DOI: https://doi.org/10.1109/tnse.2020.3015220

IF: 6.6

2021-01-01

IEEE Transactions on Network Science and Engineering

Abstract:Advanced Metering Infrastructure (AMI) is a critical and fundamental component of smart grids. Cyber security of AMI thus has direct implications to smart grid's secure and reliable operations. This paper establishes analytical models for studying AMI system's robustness with presence of Distributed Denial-of-Service (DDoS) attacks. This paper firstly proposes a state transition model for individual smart meter nodes and data collector nodes in an AMI communication network; based on this, a dynamic differential system is formulated to describe the network's state evolution. We analyze the dynamic differential system's stability under DDoS attacks and propose a defending strategy, which optimally allocate defending resources in the AMI network, aiming at mitigating the DDoS's threaten with minimum defending loss and cost. Extensive simulations are conducted to validate the proposed method under different AMI network topologies.

Sheng Xu,Yongxiang Xia,Hui-Liang Shen

DOI: https://doi.org/10.1109/jsyst.2022.3150576

IF: 4.802

2022-01-01

IEEE Systems Journal

Abstract:In this article, we study how to resist malware attacks in cyber-physical power systems (CPPSs) through cyber protection. A model that incorporates the power flow analysis, the cyber monitoring and control, and the factor of cyber protection is proposed to simulate malware attacks in CPPSs. Meanwhile, an evaluation method is also developed to estimate the effectiveness of different cyber protection strategies. Through simulations, we conduct case studies in a test CPPS generated by coupling the IEEE 118 Bus System with a scale-free communication network. The protection effects of three heuristic cyber protection strategies, namely, target protection, random protection, and acquaintance protection are compared and analyzed. Simulation results reveal that compared with the other two strategies, target protection can suppress malware propagation and resist malware attacks more effectively. Moreover, we also investigate the optimal cyber protection problem in CPPSs and formulate it as a zero-one integer programming problem. We solve the problem by genetic algorithm and find that some low-degree cyber nodes also play a significant role in resisting malware attacks in CPPSs, especially when the protection budget is tight.

Sheng Xu,Yongxiang Xia,Hui-Liang Shen

DOI: https://doi.org/10.1109/tcsii.2020.2999875

2020-01-01

Abstract:In this brief, we analyze the damage caused by malware-induced cyber attacks in Cyber-Physical Power Systems (CPPSs). Incubation period and detection probability of the malware are considered in our analytical framework. From attacker's perspective, the trade-off between attack effectiveness and detection risk is studied to help choose the best attack timing and obtain the maximum payoff. Moreover, we conduct case studies in CPPSs formed by coupling IEEE 118-Bus System with scale-free communication networks. Simulation results reveal that the maximum expected payoff for the attacker is affected by the coupling pattern and the structure of communication network in CPPSs.

Haicheng Tu,Hui-Liang Shen,Yongxiang Xia

DOI: https://doi.org/10.1109/iscas45731.2020.9180816

2020-01-01

Abstract:Under the variety of information and communication technologies, the control center can securely and reliably operate power grid during the system disturbances and natural events. Specifically, when the initial failures are detected by cyber monitoring, the system will timely take emergency protecting operations to restrain the spreading of failures. Although cyber network makes the system more robust, they also increase the risk from the cyber network. In this paper, we firstly consider a control strategy into the cascading failures model. Then, we study how the cyber attack - False negatives attack confuses the control center, and makes the control center can not take emergency operation timely, causing the failure continue spreading. We propose an optimization problem to model the above assumptions and, by solving the optimization problem, study the impact of different attack scenarios on power system.

Yirui Zhao,Yong Li,Yijia Cao,Mingyu Yan

DOI: https://doi.org/10.1016/j.apenergy.2023.121551

IF: 11.2

2023-07-22

Applied Energy

Abstract:Substation with various communication and control devices has become a major target of cyber-attacks. In general, two main types of cyber-attacks can be performed on substations through direct intelligent electronic device connections from remote accesses or via compromising local substation supervisory control center and data acquisition systems, thus respectively resulting in different damage to the power systems. In this paper, the combination of two types of cyber-attacks on the power systems are considered. The generalized stochastic Petri net is utilized to simulate dynamic intrusion processes of these two types of cyber-attacks. Furthermore, the successful attack probabilities of cyber-attacks are calculated based on simulation results. Then, a probabilistic bi-level optimization model is proposed to identify critical components with the maximum cyber risk and the types of cyber-attacks. The two types of cyber-attacks initiated from substation space to individual components are particularly modeled in the proposed model. Finally, a two-stage algorithm using the network flow is proposed to solve the proposed model more efficiently. Simulation results tested on the IEEE RTS 24-bus and the 118-bus systems validate the effectiveness of the proposed model. Results also show that the devised algorithm can improve the computation performance in dealing with larger-scale power systems.

energy & fuels,engineering, chemical

Boyu Gao,Libao Shi

DOI: https://doi.org/10.1109/access.2020.2973030

IF: 3.9

2020-01-01

IEEE Access

Abstract:The rapid development of advanced information and communication technology has made modern power systems evolve into more complicated cyber-physical power systems (CPPSs) with mutual coupling characteristics between cyber systems and power systems, and at the same time, the CPPSs have to confront some newly emerged risks owing to cyber system unreliability or cyberattacks. In this paper, regarding the cyber and physical attacks in a CPPS, the operation risks and vulnerabilities of transmission lines are discussed in detail by building relevant game-theoretic models. Under two possible cyberattack scenarios, namely time delay of system recovery and distributed denial of service, a three-stage defender-attacker-defender tri-level mathematical programming model is proposed based on dynamic game theory of complete information. In particular, the objective functions and corresponding constraint conditions in each level are analyzed and constructed elaborately. For the solution of this proposed tri-level programming model, a solution method based on an improved particle swarm optimization approach combined with sequential quadratic programming technique is applied during analysis. Finally, the proposed model is validated through two case studies, and some preliminary concluding remarks are summarized.

Yingjun Wu,R. Fu,Xiaojuan Huang,Yusheng Xue,D. Yue,Yi Tang

DOI: https://doi.org/10.1109/ACCESS.2018.2855752

IF: 3.9

IEEE Access

Abstract:A cyber physical distribution power system (CPDS) is a large and complex infrastructure that coordinates the cyber communication system and the physical distribution power system. Because of the increasingly advanced information communication technology, the development of cyber physical distribution power system has caused key cyber security issues related to system operation. This paper is focused on realizing a unified system attack modeling and security assessment of an active distribution power system. In this paper, first we present an overview of the system operation from the fusion system perspective. The significant effects of network intrusion attacks on operational security are evaluated. A new unified cyber physical network model is established using a limited stochastic Petri net graph theory that considers refined firewalls and password components. Then, a security effectiveness evaluation method is proposed to analyze channel throughput variation and system robustness. Overall CPDS security risk values are determined based on physical influence coefficients. Finally, simulations of an improved IEEE-33 bus distribution power system and security assessment under intrusion attacks are described. The research work could raise awareness of the cyber intrusion threats and provide the basis for security defense.

Engineering,Computer Science

Yirui Zhao,Yijia Cao,Yong Li,Zhiyi Li,Wenxuan Yao,Xingyu Shi

DOI: https://doi.org/10.1109/tii.2023.3295417

IF: 12.3

2023-01-01

IEEE Transactions on Industrial Informatics

Abstract:Developing efficient defensive strategies against cyber-attacks is a major concern of modern power system research. With the goal of minimizing the expected load loss, this article proposes a robust probabilistic substation-based defender-attacker-defender (DAD) model to allocate the substation's defensive resources. The proposed model aims to minimize the risk of cyber-attacks on intelligent electronic devices (IEDs). The game between the defender and the attacker concerning multiple substations, IEDs, and their connected lines is particularly modeled. In addition, we extend the proposed probabilistic DAD model to an observability-ensured DAD model where the existing phasor measurement units in the power grids are considered in the defensive resource allocation. Integrated with the logarithmic transformation and piecewise linearization techniques, a customized column-and-constraint generation algorithm is developed to solve the proposed model. Finally, the numerical results on IEEE RTS 24-bus and 118-bus systems validate the proposed model.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

LI Peikai,LIU Yun,XIN Huanhai,QI Donglian

DOI: https://doi.org/10.7500/AEPS20170705002

2018-01-01

Abstract:Distributed cooperative control mode is an effective approach to overcome the problem of integrating multiple and strongly random distributed generators (DGs) into cyber physical system in distribution network.However,due to the integration between cyber and physical layers,cyber attacks could threat the safe and stable operation of power system through invading the cyber system.A dynamic attack-defense game model based vulnerability assessment of cyber-physical system (CPS)in distribution network is proposed.Firstly,a cooperative control strategy of DGs is described,and its convergence property is analyzed and summarized.Then,a risk assessment of CPS in distribution network is developed,which integrates the risk assessment method,the cooperative control strategy of DGs and strategies of attacker and defender.After that,the dynamic attack-defense game function and its solving steps are designed,which achieves the vulnerability assessment of CPS in distribution network with distributed cooperative control mode.Finally,the effectiveness of the proposed method is verified through simulations involving the IEEE 34-bus distribution network.

Han Qin,Jiaming Weng,Dong Liu,Donglian Qi,Yufei Wang

DOI: https://doi.org/10.17775/cseejpes.2020.04550

IF: 6.014

2024-01-01

CSEE Journal of Power and Energy Systems

Abstract:With the help of advanced information technology, real-time monitoring and control levels of cyber-physical distribution systems (CPDS) have been significantly improved. However due to the deep integration of cyber and physical systems, attackers could still threaten the stable operation of CPDS by launching cyber-attacks, such as denial-of-service (DoS) attacks. Thus, it is necessary to study the CPDS risk assessment and defense resource allocation methods under DoS attacks. This paper analyzes the impact of DoS attacks on the physical system based on the CPDS fault self-healing control. Then, considering attacker and defender strategies and attack damage, a CPDS risk assessment framework is established. Furthermore, risk assessment and defense resource allocation methods, based on the Stackelberg dynamic game model, are proposed under conditions in which the cyber and physical systems are launched simultaneously. Finally, a simulation based on an actual CPDS is performed, and the calculation results verify the effectiveness of the algorithm.

Jun'e Li,Jiaqi Liang,Quanying Liu,Donglian Qi,Jianliang Zhang,Yangrong Chen

DOI: https://doi.org/10.3389/fenrg.2022.971725

IF: 3.4

2022-01-01

Frontiers in Energy Research

Abstract:With the rapid development of integrated energy system, the large-scale and high-permeability access of distributed generations (DGs) is making the distribution networks develop into active distribution networks (ADNs). The increased complexity of ADNs also increases the vulnerabilities for cyberattacks. It is a new challenge how to evaluate the situation of an ADN so as to support the decision-making of grid control policies in the condition of cyberattacks probably occur. Hence, in this paper, we proposed a method of situation assessment for ADNs considering cyberattacks. This method is aggregated by two parts. 1) An index system is presented, which includes the indexes of DGs stability, the indexes of security risk considering cyberattacks along with the traditional safety indexes. 2) The entropy weight method is used to assign weights to each index, and taking the normal operation status of ADNs as the reference scenario, an operating situation assessment method for ADNs is proposed based on grey correlation analysis method. Finally, in order to verify the effectiveness of the proposed index system and assessment method, 12 attack scenarios are established from three categories: attacks on DGs, attacks on controllable loads and attacks on both of them, and the situation of the ADN, a case based on IEEE 33-node standard distribution system, is evaluated under each scenario.

Yingshuai Hao,Meng Wang,Joe Chow

DOI: https://doi.org/10.48550/arXiv.1512.05008

2015-12-15

Systems and Control

Abstract:Cyber data attacks are the worst-case interacting bad data to power system state estimation and cannot be detected by existing bad data detectors. In this paper, we for the first time analyze the likelihood of cyber data attacks by characterizing the actions of a malicious intruder. We propose to use Markov decision process to model an intruder's strategy, where the objective is to maximize the cumulative reward across time. Linear programming method is employed to find the optimal attack policy from the intruder's perspective. Numerical experiments are conducted to study the intruder's attack strategy in test power systems.

Yihao Guo,Chuangxin Guo,Jie Yang

DOI: https://doi.org/10.1049/gtd2.12758

2023-01-01

IET Generation Transmission & Distribution

Abstract:AbstractTo seek the optimal defense strategy against malicious attacks, this paper proposes a novel defender–attacker–operator model applicable to the cyber‐physical power system. The proposed model considers the interdependence in functionality and topology of the cyber network and the power network as well as the cyber network's constraints. The defender aims to minimize the load curtailment caused by the attacker, while the latter intends to maximize the power loss. The operator in the bottom level takes corrective action to minimize the attack consequence. This tri‐level model is decomposed into a master problem and a subproblem, based on which the column‐and‐constraint generation algorithm is implemented to obtain the optimal solution. Comparative case studies based on IEEE RTS‐79 system are carried out to demonstrate the advantage of the proposed method, and to investigate the impact of the energy coupling strength, the topologically independent link and the defensive resource. The effectiveness of this model is validated by the sensitivity analysis.

Kang-Di Lu,Zheng-Guang Wu

DOI: https://doi.org/10.1109/tcsii.2022.3181827

2022-01-01

Abstract:In cyber-physical power systems (CPPSs), false data injection attack (FDIA) has drawn much attention due to its stealthiness. It is of great importance to investigate the potential behaviors of attackers to improve the cyber-security of CPPSs. However, most FDIA models are often constructed separately on the effect of attackers or the impact of attacks. Accordingly, this brief proposes a multi-objective stealthy FDIA scheme in AC grid model. The attack model is described as a multi-objective optimization problem, where minimization of contaminated measurements and maximization of the attack impact are considered as two objectives while remaining stealthy. To deal with the established attack model, a non-dominated sorting genetic algorithm II (NSGAII) is introduced as the solver. To improve the efficiency of generating attack vector, a new representation mechanism is proposed to describe locations and values of injected states. Additionally, during the evolutionary process, we propose a mutation operation to balance the sparsity and impact of FDIA. Simulation results on the IEEE 14-bus, 30-bus, and 118-bus systems demonstrate the feasibility of the NSGAII-based FDIA model.

Li Ma,Lingfeng Wang,Zhaoxi Liu

DOI: https://doi.org/10.1109/tpwrs.2022.3165169

IF: 7.326

2023-01-01

IEEE Transactions on Power Systems

Abstract:Cyberattacks are increasingly threatening the normal operation of electric power grids. The purpose of this study is to develop an optimization model for planning and operation of distribution systems to enhance the resilience to cyberattacks. A new distribution system planning method is presented utilizing a Defender-Attacker-Defender (DAD) tri-level model to improve the system resilience to withstand potential disruptions from cyberattacks. In the first level of the model, the system planner optimizes the Soft Open Points (SOPs) installation in the planning stage. The attacker’s objective in the second level of the model is to change the status of the network circuit breakers and jam the communication maximizing disruption of the system. The optimization of Distribution Generators’ (DGs’) outputs, SOPs’ power flow, and topology reconfiguration are comprehensively considered in the third level. The novel model presented in this paper considers hardening measures of the SOPs in response to the attacks on distribution systems. The Column and Constraint Generation (C&CG) algorithm is utilized to solve the proposed DAD model. A procedure is devised to solve the two-layer subproblem (the Attacker-Defender model), with the bottom layer being a Mixed Integer Second Order Cone Programming (MISOCP) problem. Finally, the proposed models are validated in 33-bus and 135-bus test systems. The results show that the installation of SOPs significantly improves the service restoration under cyberattacks. Both the number and location of SOPs influence the extent of restored service, and differing SOP allocation schemes may lead to similar restoration outcomes. The proposed models and techniques could also be extended to deal with other similar problems in industrial cyber-physical systems.

Jianmin Zhang,Hang Mu,Ji Xu,Yutao Qiu,Kangyi Li,Naizheng Jin

DOI: https://doi.org/10.1109/ei259745.2023.10512919

2023-01-01

Abstract:IEC 61850 provides an excellent physical-cyber-logic model for substation networked automation, to describe the data and logic relationships between atomic elements of physical power system as well as communication network and automation system. As a fact, cyber-attack and corresponding cyber security protection belong to information and communication technology whose behaviors are all automated, and targeting substation networked automation. Therefore, unified modeling of physical-cyber-logic-attack-protection for digital substation becomes necessary and possible. The existing cyber security protection system does not model functions according to 61850 logical nodes and logical devices, and IEC 61850 does not model function-based logical nodes for cyber security protection and attack behavior, which makes the security system not transparent. In this paper, the basic functions of cyber-attack and corresponding cyber security protection are decomposed into atomic scale, which are modeled as logical nodes to establish a unified 61850 logic space model for digital substations in the future.

Pengchao Yao,Weijie Hao,Bingjing Yan,Tao Yang,Jinming Wang,Qiang Yang

DOI: https://doi.org/10.1109/ei252483.2021.9712960

2021-01-01

Abstract:Cyber-Physical Power Systems (CPPSs) currently face an increasing number of security attacks and lack methods for optimal proactive security decisions to defend the attacks. This paper proposed an optimal defensive method based on game theory to minimize the system performance deterioration of CPPSs under cyberspace attacks. The reinforcement learning algorithmic solution is used to obtain the Nash equilibrium and a set of metrics of system vulnerabilities are adopted to quantify the cost of defense against cyber-attacks. The minimax-Q algorithm is utilized to obtain the optimal defense strategy without the availability of the attacker's information. The proposed solution is assessed through experiments based on a realistic power generation microsystem testbed and the numerical results confirmed its effectiveness.

Yuhang Zhang,Ming Ni

DOI: https://doi.org/10.3390/app132011569

2023-10-23

Applied Sciences

Abstract:With the increasing deployment of advanced sensing and measurement devices, the modern distribution system is evolved into a cyber-physical power distribution system (CPPDS). Due to the extensive application of information and communication technology, CPPDS is prevalently exposed to a wide range of cybersecurity threats. In this paper, a novel security-oriented cyber-physical risk assessment method for CPPDS is proposed. Based on the information model composed of logical nodes, an attack graph of privilege promotion by exploiting the cyber vulnerabilities is constructed. The physical consequence caused by cyberattack is analyzed in detail. By using the Markov decision process (MDP) theory, the cyber-physical risk index (CPRI) is calculated. Furthermore, considering the allocation of the finite defense resource, the modified MDP approach with an attack–defense game is presented. The effectiveness of the proposed method is demonstrated with case studies on a four-feeder IEEE-RTBS test system.

materials science, multidisciplinary,engineering,chemistry,physics, applied

Zhiyuan Yang,Chee-Wooi Ten

DOI: https://doi.org/10.48550/arXiv.1801.08408

2018-01-09

Abstract:Once critical substations are compromised, attack agents can coordinate among their peers to plot for maximizing disruption using local control devices. For defenders, it is critical to enumerate and identify all digital relays to determine the systemic risks. Any combination of disruptive switching via the compromised relays can result in misoperation or immediate effect to the system. The resulting consequence of these attack's initial events would possibly incur cascading failure to a grid. This paper quantifies the criticality of substation protective relays with the combination of the outage level and its corresponding severity risk index. The proposed hypothesized outages are based on the type of protective relaying, bus configuration of a substation, and commonly implemented relaying schemes, such as bus differential, directional overcurrent, and distance relays, are studied. This preliminary work also provides three approaches of determination in probabilities for sensitivity analysis. The proposed risk indices are evaluated using IEEE test systems.

Signal Processing

Lingfeng Wang,Zhaoxi Liu

DOI: https://doi.org/10.1109/TPWRS.2022.3222309

IF: 7.326

2023-11-01

IEEE Transactions on Power Systems

Abstract:The cybersecurity of electric power grids is emerging as a critical challenge for the power industry in the transformation of modern power systems towards the future smart grid. It is of great importance to enhance the resilience of power systems against potential cyber threats. In this paper, a distributionally robust recovery resource allocation method based on the tri-level defender-attacker-defender (D-A-D) model is proposed to enhance the resilience of power systems in the face of malicious cyberattacks. The proposed recovery resource allocation method is able to optimally distribute the recovery resources among the substations in the grid to mitigate the impacts of successful cyberattacks during the recovery process, and improve the resilience performance of power systems against the attacks. In the proposed model, the recovery resource represents the available resource that can be expended to support the recovery efforts of the cyber-physical power system. It is expected to accelerate the recovery process of the system after successful attacks. The recovery resource may include necessary software, hardware, and labor force. Meanwhile, a distributionally robust optimization (DRO) model is proposed to address the uncertainty of the power system operation conditions, e.g., renewable energy resources (RESs). In order to verify the proposed system defense method, case studies were conducted on the IEEE Reliability Test System RTS-79. The results of the case studies show that the proposed method can provide a robust solution to recovery resource allocation for mitigating the risk of potential cyberattacks.

Computer Science,Environmental Science,Engineering