Qiangsheng Dai,Libao Shi,Yixin Ni

DOI: https://doi.org/10.1109/pesgm.2018.8586312

2018-01-01

Abstract:The operating conditions of distribution system can be perceived and optimized rapidly and effectively with the help of information and communication technology. However, some potential cybersecurity risk needs to arouse enough attention. In this paper, a novel and practical cyber-attack method targeting remote terminal unit (RTU) is proposed firstly. Regarding the enormous cyber-physical devices in a distribution system and the high maintenance costs, this paper also introduces a risk index to identify the vulnerability of a distribution system to be studied under cyber-attack. A Bayesian attack graph model is applied to quantify the probability of successfully exploiting known and zero-day vulnerabilities, and the relationship between the attack behavior and the feeder automation action is further analyzed. Simulation results demonstrate the effectiveness and validity of the proposed model and method.

Jun'e Li,Jiaqi Liang,Quanying Liu,Donglian Qi,Jianliang Zhang,Yangrong Chen

DOI: https://doi.org/10.3389/fenrg.2022.971725

IF: 3.4

2022-01-01

Frontiers in Energy Research

Abstract:With the rapid development of integrated energy system, the large-scale and high-permeability access of distributed generations (DGs) is making the distribution networks develop into active distribution networks (ADNs). The increased complexity of ADNs also increases the vulnerabilities for cyberattacks. It is a new challenge how to evaluate the situation of an ADN so as to support the decision-making of grid control policies in the condition of cyberattacks probably occur. Hence, in this paper, we proposed a method of situation assessment for ADNs considering cyberattacks. This method is aggregated by two parts. 1) An index system is presented, which includes the indexes of DGs stability, the indexes of security risk considering cyberattacks along with the traditional safety indexes. 2) The entropy weight method is used to assign weights to each index, and taking the normal operation status of ADNs as the reference scenario, an operating situation assessment method for ADNs is proposed based on grey correlation analysis method. Finally, in order to verify the effectiveness of the proposed index system and assessment method, 12 attack scenarios are established from three categories: attacks on DGs, attacks on controllable loads and attacks on both of them, and the situation of the ADN, a case based on IEEE 33-node standard distribution system, is evaluated under each scenario.

Rong Zeng,Yijia Cao,Yong Li,Sijia Hu,Xia Shao,Liwei Xie,Liang Hou,Long Zhao,Mohammad Shahidehpour

DOI: https://doi.org/10.1109/tsg.2023.3302287

IF: 10.275

2023-01-01

IEEE Transactions on Smart Grid

Abstract:The power system has become the key target of national cyber confrontation. To enhance the risk management capability of the distribution network (DN) while assessing the cyberattack risk quickly and accurately, this paper proposes a general real-time cyberattack risk assessment method for DN involving the influence of distributed feeder automation systems (DFAs). In particular, to clarify the quantitative relationship between cyberattack intrusion and DN state deterioration, we constructed the quantitative model of the cyber physical distribution network (CPDN) under cyberattack, which involves the influence of DFAs’ behavior. In addition, in order to intuitively demonstrate the cyberattack risk, we developed a novel entropy-like risk assessment system upon the quantitative model of CPDN. The real two-feeder test platform with cyberattack simulation devices is used to verify the correctness and practicality of the proposed method. In this process, a digital cyberattack risk assessment unit is created, contributing to the system-level application of risk management.

engineering, electrical & electronic

Yinan Wang,Gangfeng Yan,Ronghao Zheng

DOI: https://doi.org/10.3390/app8050768

2018-01-01

Applied Sciences

Abstract:The integration of modern computing and advanced communication with power grids has led to the emergence of electrical cyber-physical systems (ECPSs). However, the massive application of communication technologies makes the power grids become more vulnerable to cyber attacks. In this paper, we study the vulnerability of ECPSs and develop defence strategies against cyber attacks. Detection and protection algorithms are proposed to deal with the emergency of cascading failures. Moreover, we propose a weight adjustment strategy to solve the unbalanced power flows problem which is caused by splitting incidents. A MATLAB-based platform with advantages of easy programming, fast calculation, and no damage to systems is built for the offline simulation and analysis of the vulnerability of ECPSs. We also propose a five-aspect method of vulnerability assessment which includes the robustness, economic costs, degree of damage, vulnerable equipment, and trip point. The study is of significance to decision makers as they can get specific advice and defence strategies about a special power system.

Qiangsheng Dai,Libao Shi

DOI: https://doi.org/10.1109/pesgm41954.2020.9281583

2020-01-01

Abstract:The intelligent electronic devices widely deployed across the distribution network are inevitably making the feeder automation (FA) system more vulnerable to cyber-attacks, which would lead to disastrous socio-economic impacts. This paper proposes a three-stage game-theoretic framework that the defender allocates limited security resources to minimize the economic impacts on FA system while the attacker deploys limited attack resources to maximize the corresponding impacts. Meanwhile, the probability of successful attack is calculated based on the Bayesian attack graph, and a fault-tolerant location technique for centralized FA system is elaborately considered during analysis. The proposed game-theoretic framework is converted into a two-level zero-sum game model and solved by the particle swarm optimization (PSO) combined with a generalized reduced gradient algorithm. Finally, the proposed model is validated on distribution network for RBTS bus 2.

Ruiwen He,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ei250167.2020.9346835

2020-01-01

Abstract:With the development of information technology and Power Internet of Things, the increasing number of networked terminals presents new network security threats. Industrial control equipment and systems have vulnerabilities in hardware, software and firmware, and advanced persistent threat against ICS has become more complex and diverse. However, most of the research are aimed at the detection of single vulnerability, and lack attack mechanism analysis and threat assessment for attack chain. We proposed a threat assessment method based on vulnerability descriptive text and described the attributes of attack samples according to the classification results in attack targets, methods and consequences. We constructed attack graphs based on attack sample attributes and cyber-physical topology to quantitatively evaluate the feasibility and benefits of each attack path from vulnerability capabilities and the impact of devices in the physical world. Finally, we took the substation device status monitoring system as an example to verify the feasibility of this method.

Qiangsheng Dai,Libao Shi,Yixin Ni

DOI: https://doi.org/10.1109/pesgm40551.2019.8973850

2019-01-01

Abstract:Occurrences of cyber intrusion into intelligent electronic devices deployed for feeder automation (FA) system have been gaining more attention in smart grid. However, existing works seldom discuss how attackers optimize their attack strategy in order to implement maximum effect at minimum cost. This paper proposes a multi-objective optimal cyber-attack strategy in a centralized FA system. Two objectives that maximizing the expected damage risk and minimizing the probability of being caught or detected are established under fully automatic FA operation constraint. Regarding some important items relevant to probability in the proposed attack strategy, the corresponding derivations and calculations are discussed elaborately. Moreover, the relationship between the organized cyber-attack behavior and the fault-tolerant FA action is further analyzed. An enhanced multi-objective particle swarm optimization (PSO) algorithm is applied to obtain the Pareto optimal solutions of this problem. The modified IEEE 33-bus distribution system is provided to demonstrate the validity and effectiveness of proposed cyber-attack strategy.

Qiangsheng Dai,Libao Shi,Yixin Ni

DOI: https://doi.org/10.1109/TSG.2019.2938203

IF: 10.275

2020-01-01

IEEE Transactions on Smart Grid

Abstract:The rapid deployment of intelligent electronic devices and the development of information and communication technology have improved distribution network (DN) reliability with feeder automation. Thus, the operation of DNs has become more dependent on the cyber-physical components. As the cyber security of smart grid has drawn increasing attention in recent years, this paper proposes a simple yet powerful type of attack targeting the remote terminal units. The proposed attack policy can manipulate the feeder automation operation with the aim of cutting off important power consumers. Regarding the realistic cyber-attacks that previously occurred, an optimal attack model is established for analyzing the attack policy. This optimization model aims to minimize the attack cost and the penalty of being caught or detected while maximizing the remuneration. A Bayesian attack graph model is adopted to quantify the successful probability of exploiting known and zero-day vulnerabilities. The probability of a cyber-attack being caught or detected is modeled based on search theory. Next, an enhanced self-adaptive evolutionary programming is developed to achieve satisfactory solutions for practical applications. Finally, the proposed model and corresponding solution strategies are verified using the RBTS bus 2 DN and the modified IEEE 123-node test feeder.

LI Peikai,LIU Yun,XIN Huanhai,QI Donglian

DOI: https://doi.org/10.7500/AEPS20170705002

2018-01-01

Abstract:Distributed cooperative control mode is an effective approach to overcome the problem of integrating multiple and strongly random distributed generators (DGs) into cyber physical system in distribution network.However,due to the integration between cyber and physical layers,cyber attacks could threat the safe and stable operation of power system through invading the cyber system.A dynamic attack-defense game model based vulnerability assessment of cyber-physical system (CPS)in distribution network is proposed.Firstly,a cooperative control strategy of DGs is described,and its convergence property is analyzed and summarized.Then,a risk assessment of CPS in distribution network is developed,which integrates the risk assessment method,the cooperative control strategy of DGs and strategies of attacker and defender.After that,the dynamic attack-defense game function and its solving steps are designed,which achieves the vulnerability assessment of CPS in distribution network with distributed cooperative control mode.Finally,the effectiveness of the proposed method is verified through simulations involving the IEEE 34-bus distribution network.

Yuhang Zhang,Ming Ni

DOI: https://doi.org/10.3390/app132011569

2023-10-23

Applied Sciences

Abstract:With the increasing deployment of advanced sensing and measurement devices, the modern distribution system is evolved into a cyber-physical power distribution system (CPPDS). Due to the extensive application of information and communication technology, CPPDS is prevalently exposed to a wide range of cybersecurity threats. In this paper, a novel security-oriented cyber-physical risk assessment method for CPPDS is proposed. Based on the information model composed of logical nodes, an attack graph of privilege promotion by exploiting the cyber vulnerabilities is constructed. The physical consequence caused by cyberattack is analyzed in detail. By using the Markov decision process (MDP) theory, the cyber-physical risk index (CPRI) is calculated. Furthermore, considering the allocation of the finite defense resource, the modified MDP approach with an attack–defense game is presented. The effectiveness of the proposed method is demonstrated with case studies on a four-feeder IEEE-RTBS test system.

materials science, multidisciplinary,engineering,chemistry,physics, applied

Xiaming Ye,Junhua Zhao,Yan Zhang,Fushuan Wen

DOI: https://doi.org/10.3390/en8065266

IF: 3.2

2015-01-01

Energies

Abstract:The distribution automation system (DAS) is vulnerable to cyber-attacks due to the widespread use of terminal devices and standard communication protocols. On account of the cost of defense, it is impossible to ensure the security of every device in the DAS. Given this background, a novel quantitative vulnerability assessment model of cyber security for DAS is developed in this paper. In the assessment model, the potential physical consequences of cyber-attacks are analyzed from two levels: terminal device level and control center server level. Then, the attack process is modeled based on game theory and the relationships among different vulnerabilities are analyzed by introducing a vulnerability adjacency matrix. Finally, the application process of the proposed methodology is illustrated through a case study based on bus 2 of the Roy Billinton Test System (RBTS). The results demonstrate the reasonability and effectiveness of the proposed methodology.

Yirui Zhao,Yong Li,Yijia Cao,Mingyu Yan

DOI: https://doi.org/10.1016/j.apenergy.2023.121551

IF: 11.2

2023-07-22

Applied Energy

Abstract:Substation with various communication and control devices has become a major target of cyber-attacks. In general, two main types of cyber-attacks can be performed on substations through direct intelligent electronic device connections from remote accesses or via compromising local substation supervisory control center and data acquisition systems, thus respectively resulting in different damage to the power systems. In this paper, the combination of two types of cyber-attacks on the power systems are considered. The generalized stochastic Petri net is utilized to simulate dynamic intrusion processes of these two types of cyber-attacks. Furthermore, the successful attack probabilities of cyber-attacks are calculated based on simulation results. Then, a probabilistic bi-level optimization model is proposed to identify critical components with the maximum cyber risk and the types of cyber-attacks. The two types of cyber-attacks initiated from substation space to individual components are particularly modeled in the proposed model. Finally, a two-stage algorithm using the network flow is proposed to solve the proposed model more efficiently. Simulation results tested on the IEEE RTS 24-bus and the 118-bus systems validate the effectiveness of the proposed model. Results also show that the devised algorithm can improve the computation performance in dealing with larger-scale power systems.

energy & fuels,engineering, chemical

Han Qin,Jiaming Weng,Dong Liu,Donglian Qi,Yufei Wang

DOI: https://doi.org/10.17775/cseejpes.2020.04550

IF: 6.014

2024-01-01

CSEE Journal of Power and Energy Systems

Abstract:With the help of advanced information technology, real-time monitoring and control levels of cyber-physical distribution systems (CPDS) have been significantly improved. However due to the deep integration of cyber and physical systems, attackers could still threaten the stable operation of CPDS by launching cyber-attacks, such as denial-of-service (DoS) attacks. Thus, it is necessary to study the CPDS risk assessment and defense resource allocation methods under DoS attacks. This paper analyzes the impact of DoS attacks on the physical system based on the CPDS fault self-healing control. Then, considering attacker and defender strategies and attack damage, a CPDS risk assessment framework is established. Furthermore, risk assessment and defense resource allocation methods, based on the Stackelberg dynamic game model, are proposed under conditions in which the cyber and physical systems are launched simultaneously. Finally, a simulation based on an actual CPDS is performed, and the calculation results verify the effectiveness of the algorithm.

Buxiang Zhou,Binjie Sun,Tianlei Zang,Yating Cai,Jiale Wu,Huan Luo

DOI: https://doi.org/10.3390/e25010047

IF: 2.738

2022-12-28

Entropy

Abstract:With the increasing digitalization and informatization of distribution network systems, distribution networks have gradually developed into distribution network cyber physical systems (CPS) which are deeply integrated with traditional power systems and cyber systems. However, at the same time, the network risk problems that the cyber systems face have also increased. Considering the possible cyber attack vulnerabilities in the distribution network CPS, a dynamic Bayesian network approach is proposed in this paper to quantitatively assess the security risk of the distribution network CPS. First, the Bayesian network model is constructed based on the structure of the distribution network and common vulnerability scoring system (CVSS). Second, a combination of the fuzzy analytic hierarchy process (FAHP) and entropy weight method is used to correct the selectivity of the attacker to strike the target when cyber attack vulnerabilities occur, and then after considering the defense resources of the system, the risk probability of the target nodes is obtained. Finally, the node loads and node risk rates are used to quantitatively assess the risk values that are applied to determine the risk level of the distribution network CPS, so that defense strategies can be given in advance to counter the adverse effects of cyber attack vulnerabilities.

physics, multidisciplinary

Song Deng,Jiantang Zhang,Di Wu,Yi He,Xiangpeng Xie,Xindong Wu

DOI: https://doi.org/10.1109/tii.2022.3169456

IF: 12.3

2022-01-01

IEEE Transactions on Industrial Informatics

Abstract:An accurate and comprehensive risk assessment in a distribution cyber-physical system (DCPS) is essential to ensure its smooth operation, effective control, and exposure of hidden dangers and security implications. Unfortunately, prior risk assessment methods are mostly limited in two aspects. First, the current studies do not respect the complex network topology and intertwined devicewise dependencies, thereby failing to delineate and model the risk propagation mechanism in DCPS accurately. Second, the prior work tends to focus on gauging the risks underlying physical systems independently, overlooking the quantification of risk impact on physical systems incurred by the cyberattack. To fill the gap, in this article, we propose a unified risk assessment model that gauges the comprehensive security implication of DCPS in a Bayesian regime, in which the three key components, namely, the prior probability, posterior probability, and minimum load-loss ratio, are calculated via the cumulative densities, epidemic model, and optimal load shedding, respectively. We benchmark our proposed model on a public testbed, IEEE 39-bus system, with extensive experiments. The results substantiate the viability and effectiveness of our model and suggest that the vulnerability of DCPS is positively correlated with the three components in our Bayesian modeling. We hope this finding can shed some light on future research by providing a plausible apparatus for measuring the security implications of physical systems in DCPS under cyberattacks.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Ge Cao,Wei Gu,Peixin Li,Wanxing Sheng,Keyan Liu,Lijing Sun,Zhihuang Cao,Jing Pan

DOI: https://doi.org/10.1109/tii.2019.2939346

IF: 12.3

2020-06-01

IEEE Transactions on Industrial Informatics

Abstract:A deeper coupling of information and power would make active distribution networks (ADNs) evolve into typical cyber-physical systems (CPSs). The unreliability of cyber systems can affect the security of ADNs. In this article, a methodology based on cyber-power joint analysis is presented to quantitatively evaluate the operational risk of ADNs caused by cyber contingencies. First, a typical CPS structure of ADNs is demonstrated and the influence ways of cyber contingencies are discussed. Then, a CPS modeling framework is proposed to analyze the information flow and cyber contingencies of cyber systems. To determine the best data transmission paths in cyber networks, a routing algorithm based on the link-state protocol is presented. Furthermore, in view of the response of ADNs to physical failures, an optimization model is developed to minimize the load shedding that results from the over-limited voltage. Finally, the expected load curtailment and the expected fault coverage used to quantify potential system losses are calculated using Monte Carlo simulation. The simulation results explain the effectiveness and practicability of the proposed models and methods.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Yirui Zhao,Yijia Cao,Yong Li,Zhiyi Li,Wenxuan Yao,Xingyu Shi

DOI: https://doi.org/10.1109/tii.2023.3295417

IF: 12.3

2023-01-01

IEEE Transactions on Industrial Informatics

Abstract:Developing efficient defensive strategies against cyber-attacks is a major concern of modern power system research. With the goal of minimizing the expected load loss, this article proposes a robust probabilistic substation-based defender-attacker-defender (DAD) model to allocate the substation's defensive resources. The proposed model aims to minimize the risk of cyber-attacks on intelligent electronic devices (IEDs). The game between the defender and the attacker concerning multiple substations, IEDs, and their connected lines is particularly modeled. In addition, we extend the proposed probabilistic DAD model to an observability-ensured DAD model where the existing phasor measurement units in the power grids are considered in the defensive resource allocation. Integrated with the logarithmic transformation and piecewise linearization techniques, a customized column-and-constraint generation algorithm is developed to solve the proposed model. Finally, the numerical results on IEEE RTS 24-bus and 118-bus systems validate the proposed model.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Rong Zeng,Yong Li,Sijia Hu,Jiayan Liu,Huidi Wu,Jie Chen,Yong Xu,Xusheng Yang,Yijia Cao

DOI: https://doi.org/10.1109/TSG.2024.3439751

IF: 10.275

2024-01-01

IEEE Transactions on Smart Grid

Abstract:Distributed feeder automation system (DFAs), as a promising protection technology for power distribution system (PDS) with distributed generation, its vulnerability to cyberattacks and hybrid attacks (contains both physical and cyberattacks) is gradually recognized and haunts utilities, creating potential risks for its large-scale applications. This paper proposes a novel bilevel resilient control solution (BRCS) deployed to DFAs without hardware burden. Two key modules are developed: 1) Lightweight distributed cyberattack detection module (DCDM), deployed into agents of DFAs, based on unsupervised learning to realize the quick detection and reporting of cyberattacks; 2) Robust centralized fault section localization module (CFSLM), installed in DFAs’ host workstation located in control center, achieving the correctly fault section localization and the high dimensionally awareness of attack events in cyberattack and hybrid attack scenarios. By adopting BRCS, outages and load losses caused by cyberattacks can be 100% avoided, and faults caused by physical attacks can be correctly isolated at once. Finally, the effectiveness and performance of the proposal are verified and conducted by the real two-feeder test platform with DFAs. In this process, a digital high-dimensional awareness and control unit is created against cyber and hybrid attacks, contributing to the system-level application of risk management and resilient control.

Yingjun Wu,R. Fu,Xiaojuan Huang,Yusheng Xue,D. Yue,Yi Tang

DOI: https://doi.org/10.1109/ACCESS.2018.2855752

IF: 3.9

IEEE Access

Abstract:A cyber physical distribution power system (CPDS) is a large and complex infrastructure that coordinates the cyber communication system and the physical distribution power system. Because of the increasingly advanced information communication technology, the development of cyber physical distribution power system has caused key cyber security issues related to system operation. This paper is focused on realizing a unified system attack modeling and security assessment of an active distribution power system. In this paper, first we present an overview of the system operation from the fusion system perspective. The significant effects of network intrusion attacks on operational security are evaluated. A new unified cyber physical network model is established using a limited stochastic Petri net graph theory that considers refined firewalls and password components. Then, a security effectiveness evaluation method is proposed to analyze channel throughput variation and system robustness. Overall CPDS security risk values are determined based on physical influence coefficients. Finally, simulations of an improved IEEE-33 bus distribution power system and security assessment under intrusion attacks are described. The research work could raise awareness of the cyber intrusion threats and provide the basis for security defense.

Engineering,Computer Science

Chunyu Chen,Yang Chen,Kaifeng Zhang,Wenjun Bi,Meng Tian

DOI: https://doi.org/10.48550/arXiv.2003.05661

2020-03-12

Abstract:Security is one of the biggest concern in power system operation. Recently, the emerging cyber security threats to operational functions of power systems arouse high public attention, and cybersecurity vulnerability thus become an emerging topic to evaluate compromised operational performance under cyber attack. In this paper, vulnerability of cyber security of load frequency control (LFC) system, which is the key component in energy manage system (EMS), is assessed by exploiting the system response to attacks on LFC variables/parameters. Two types of attacks: 1) injection attack and 2) scale attack are considered for evaluation. Two evaluation criteria reflecting the damage on system stability and power generation are used to quantify system loss under cyber attacks. Through a sensitivity-based method and attack tree models, the vulnerability of different LFC components is ranked. In addition, a post-intrusion cyber attack detection scheme is proposed. Classification-based schemes using typical classification algorithms are studied and compared to identify different attack scenarios.

Systems and Control