Haitao Wu,Zhongwei Qiao,Yuepeng Zhang,Xiaoyu Ji

DOI: https://doi.org/10.1109/ei250167.2020.9346879

2020-01-01

Abstract:With the development of ubiquitous electric Internet of things(UEIoT), the number and types of terminal devices in the smart grid have reached an unprecedented level. In order to ensure the stable operation of the smart grid, we need to monitor the operation status of each terminal, detect various software-level or hardware-level attacks in time, and make corresponding decisions. In this paper, we propose a novel detection method based on multi-dimensional information fusion and computer vision, in which power consumption, traffic, message data and security logs generated by terminal equipments are drawn as characteristic graphs, and then we use a convolution neural network(CNN) to recognize them. According to the detection results, we can know whether there is an attack and if so, which kind of attack has occurred. We also use actual measurement data of an DTU to test our method, and it achieves real-time detection and has high precision.

Tao Zhao,Xiaoyu Ji,Wenyuan Xu,Aidong Xu,Yixin Jiang,Yang Cao

DOI: https://doi.org/10.1109/ei247390.2019.9061849

2019-01-01

Abstract:With the increase of power terminal devices and IoT devices which are accessed to the power grid, their security issues are becoming more and more important. While the microgrid controllers are served as the central core of the entire microgrid, the attacks on microgrid controllers and other power end devices have been launched in recent years. It's obvious that the current safety protection measures for power end devices are insufficient. However, microgrid controllers cannot be protected by traditional intrusion detection systems or anti-virus software. Motivated by these concerns, this paper proposes a non-intrusive malicious code security monitoring scheme based on a power side channel. The core idea is to measure the power consumption data of the microgrid controller, to extract the power consumption feature, and to identify the abnormality sample through CWRNN neural network to determine whether the microgrid controller is attacked or not. The advantage of this method is that it can effectively detect unknown attacks without modifying the original software system. What's more, the method is evaluated in the experimental test, and the detection accuracy can reach to 92%.

Yuehan Chi,Yushi Cheng,Xiaoyu Ji

DOI: https://doi.org/10.1088/1742-6596/2242/1/012038

2022-01-01

Journal of Physics Conference Series

Abstract:The application of information technology in many fields is becoming more and more popular, but while bringing about a rapid increase in productivity, it also brings some safety issues, especially in industrial control systems. Since the industrial control system often uses a computer as the control center of some devices, once this computer is attacked, it will cause serious harm. The use of additional security software for security monitoring is not completely credible, after all, security monitoring software will also be attacked and become invalid. Therefore, the method of using some side channels and machine learning is very popular recently, especially the power consumption side channels. However, the power consumption will change with the running time of the device. If the model trained by supervised learning will fail after a few days, this paper proposes a self-learning method based on the power consumption side channel, which can be stable for a long time with a high accuracy of 97%.

Aidong Xu,Yixin Jiang,Yang Cao,Guoming Zhang,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ei247390.2019.9062014

2019-01-01

Abstract:With the rapid development of information technology and the Internet of Things, the common information technologies are being applied to the power grid. It brings about the tremendous improvement in productivity, yet breaks down the safety barrier, which makes the power grid a popular target for attacks. The Distribution Terminal Unit (DTU) is a critical part of the power grid because of the acts as access points in the substation and controls the grid equipment. However, DTUs are vulnerable to different types of attacks, which can cause significant property loss or even casualties To monitor the operation of DTU, we proposed a real-time monitoring system by analyzing the side-channel information of power consumption. To validate this idea, we design 3 types of attacks and collect the power information separately, then we choose representational power features and machine learning algorithm for detecting those attacks. We validate that it is feasible to detect attacks and achieves a detection accuracy above 99%.

Yanmiao Zhang,Xiaoyu Ji,Yushi Cheng,Wenyuan Xu

DOI: https://doi.org/10.23919/ChiCC.2019.8866144

2019-01-01

Abstract:As a modern power transmission network, smart grid connects abundant terminal devices and plays an important role in our daily life. However, along with its growth are the security threats. Different from the separated environment previously, an adversary nowadays can destroy the power system by attacking its terminal devices. As a result, it's critical to ensure the security and safety of terminal devices. To achieve it, detecting the pre-existing vulnerabilities in the terminal program and enhancing its security, are of great importance and necessity. In this paper. we introduce Cker, a novel vulnerability detection tool for smart grid devices, which generates an program model based on device sources and sets rules to perform model checking. We utilize the static analysis to extract necessary information and build corresponding program models. By further checking the model with pre-defined vulnerability patterns, we achieve security detection and error reporting. The evaluation results demonstrate that our method can effectively detect vulnerabilities in smart devices with an acceptable accuracy and false positive rate. In addition, as Cker is realized by pure python. it can be easily scaled to other platforms.

Jiachang Wen,Chen Yan,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/eeet58130.2022.00019

2022-01-01

Abstract:With the widespread use of new technologies such as mobile Internet, cloud computing, and Internet of Things in power systems, the number of terminal devices in power systems has increased dramatically, and the ensuing security vulnerabilities have increased, making terminal devices increasingly vulnerable to cyber attacks such as ransomware viruses. In this paper, we focus on the security of terminal devices in power systems and realize security monitoring of power terminals by collecting power consumption side channel information of power terminal devices in normal and abnormal states, using training device abnormality identification models using supervised learning algorithms with some time-domain frequency-domain feature information of power consumption as power consumption features of the devices.

Huan Ying,Yanmiao Zhang,Lifang Han,Yushi Cheng,Jiyuan Li,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ITNEC.2019.8729362

2019-01-01

Abstract:As a modern power transmission network, smart grid connects plenty of terminal devices. However, along with the growth of devices are the security threats. Different from the previous separated environment, an adversary nowadays can destroy the power system by attacking these devices. Therefore, it’s critical to ensure the security and safety of terminal devices. To achieve this goal, detecting the pre-existing vulnerabilities of the device program and enhance the terminal security, are of great importance and necessity. In this paper, we propose a novel approach that detects existing buffer-overflow vulnerabilities of terminal devices via automatic static analysis (ASA). We utilize the static analysis to extract the device program information and build corresponding program models. By further matching the generated program model with pre-defined vulnerability patterns, we achieve vulnerability detection and error reporting. The evaluation results demonstrate that our method can effectively detect buffer-overflow vulnerabilities of smart terminals with a high accuracy and a low false positive rate.

Huaiyu Liu,Yuze Fu,Kaikai Pan,Wenyuan Xu,Chenggang Li,Chen Liu

DOI: https://doi.org/10.1109/isgtasia54891.2023.10372698

2023-01-01

Abstract:With the growing focus on reducing carbon emissions, there has been a significant increase in the deployment of distributed photovoltaic generation systems. However, their distributed nature makes them vulnerable to adversarial threats. Moreover, these systems can serve as potential entry points or attack surfaces for targeting the power grid. Existing methods are either designed for specific attacks or intrusive to power terminals (e.g., intelligent terminal, communication device). To tackle this issue, this paper introduces a method for detecting and classifying attacks on distributed PV systems leveraging cyber and power side channel data. The proposed method is capable of detecting various attacks rather than specific ones and is non-intrusive for collecting information from power terminals.

Yanjie Li,Ruiwen He,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ei247390.2019.9061783

2019-01-01

Abstract:Security threats of smart grid terminals continue to increase. In order to realize non-invasive intrusion detection of power distribution terminal devices in smart grid, we propose a novel anomaly-based intrusion detection approach that use power side-channel. The approach monitors programs running in the terminals by collecting and analyzing the power consumption data of terminal devices. We run three abnormal programs and one normal program in the distribution terminal units (DTUs), and then extract feature values of the power consumption data and lastly conducted anomaly-based intrusion detection through LSTM neural network. Our evaluation results demonstrate that a false positive rate is less than 2% and an accuracy rate is more than 90%.

Ruochen Zhou,Zhiyun Wang,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ei250167.2020.9347104

2020-01-01

Abstract:Programmable logic controller (PLC) is one of the critical infrastructure in industrial control system, which is therefore vulnerable to a variety of cyber-attacks. To mitigate this issue, we design an anomaly detection system, a novel non-invasive intrusion detection method for PLC. Our system utilizes the magnetic side-channel information around the power supply module of PLC and analyzes the running status rely on the fact that different programs will result in various magnetic characteristic. We design a classification algorithm which can extract representational features from the raw signal, as well as avoid the interference of environmental noise. To validate the idea, we design 3 types of attacks and implement on the prototype of thermal power plant in laboratory. The evaluation shows our system is feasible to detect attacks and achieve an overall detection accuracy above 90%.

Diqing Cen,Yunfu Xie,Jifeng Yang,Shijun Chen,Changyu Chen,Guangchao Geng

DOI: https://doi.org/10.1109/cieec50170.2021.9510812

2021-01-01

Abstract:With the increasing demand for electrical data analysis, close proximity of computational resources to the terminal side has become a priority in modern power systems considering extant weaknesses with regard to operational efficiency, data security and the increasing burden of the cloud. Nevertheless, smart meters lacks local resources as modern terminals of smart grids. On the other hand, the alternative solutions based on edge computing may be inadequate in flexibility. To this end, a device aiming to enable terminal-side intelligence for smart meters is proposed in this work. First the functional design of the device is elaborated and a prototype of it is then introduced. Finally, two typical applications of this device are illustrated respectively. In addition to the traditional functions of smart meters, the proposed device is endowed with the capability of local computing whereby it has broad application prospects in the future.

Hong Wen,Xiaochun Zhang,Lei Cai,Jie Tang,Xiping Zhu,Yixin Jiang,Xiaobin Guo

DOI: https://doi.org/10.1109/cns.2013.6682737

2013-01-01

Abstract:In this paper, we introduce a novel malicious nodes detection scheme in the smart meter system by the channel responses between nodes. By extraction the channel information of the different nodes and comparison them, the rough position of the nodes can be distinguished. When we detect the nodes located in the different position along with one ID or several nodes with different ID located in the same position, the malicious node attacks happened. The proposed schemes aim at achieving fast detection and minimizing the data transmission cost by taking advantage of temporal and spatial uniqueness in physical layer channel responses.

Guoming Zhang,Xiaoyu Ji,Yanjie Li,Wenyuan Xu

DOI: https://doi.org/10.3390/s20133635

2020-06-28

Abstract:As a critical component in the smart grid, the Distribution Terminal Unit (DTU) dynamically adjusts the running status of the entire smart grid based on the collected electrical parameters to ensure the safe and stable operation of the smart grid. However, as a real-time embedded device, DTU has not only resource constraints but also specific requirements on real-time performance, thus, the traditional anomaly detection method cannot be deployed. To detect the tamper of the program running on DTU, we proposed a power-based non-intrusive condition monitoring method that collects and analyzes the power consumption of DTU using power sensors and machine learning (ML) techniques, the feasibility of this approach is that the power consumption is closely related to the executing code in CPUs, that is when the execution code is tampered with, the power consumption changes accordingly. To validate this idea, we set up a testbed based on DTU and simulated four types of imperceptible attacks that change the code running in ARM and DSP processors, respectively. We generate representative features and select lightweight ML algorithms to detect these attacks. We finally implemented the detection system on the windows and ubuntu platform and validated its effectiveness. The results show that the detection accuracy is up to 99.98% in a non-intrusive and lightweight way.

Kang-Di Lu,Zheng-Guang Wu

DOI: https://doi.org/10.1109/tii.2021.3129487

IF: 12.3

2022-01-01

IEEE Transactions on Industrial Informatics

Abstract:As the next-generation power grids, smart grids are integrated with advanced information and communication technology (ICT) to make the grid more efficient and stable than conventional power systems. Given the mounting cyber-attack threats, these critical ICT systems create great security issues for smart grids. Additionally, the clever attackers have the ability to not only access and monitor the smart grid, but also hack it by launching well-established cyber-attacks. Thus, this article is devoted to understanding the potential stealthy cyber-attack and its countermeasure. First, this article proposes a stealthy sparse cyber-attack model in an ac smart grid by considering both the residual test-based detector and the interval-state-estimation-based detector, which is not considered in previous studies. The design model is formulated as a constrained optimization problem by minimizing the number of contaminated meters, where the characteristics of two types of detector are considered simultaneously as the constraints for the first time. A constrained differential evolution (CDE) is proposed as the solver because the optimization problem is NP-hard. Then, a generalized-cumulative-sum-based detector is developed to detect the proposed cyber-attacks, where a fractional-order state transition matrix is originally introduced into the estimator to describe the dynamics of the power system. Numerical studies illustrate the feasibility of CDE-based stealthy sparse cyber-attacks and the effectiveness of the proposed countermeasure.

Jichao Bi,Shibo He,Fengji Luo,Jiming Chen,Da -Wen Huang,Mingyang Sun

DOI: https://doi.org/10.1109/trustcom56396.2022.00024

2022-01-01

Abstract:Backboned by smart meter networks, Advanced Metering Infrastructures (AMIs) play a critical role in smart grids. This paper studies a new False Data Injection Attack (FDIA) scenario targeting AMIs, in which the attacker injects and propagates computer worms (i.e., false data codes) to maliciously increase the readings of networked smart meters and create economic loss to the end customers. This paper establishes the false data code propagation and attack models in such a scenario; based on this, this paper proposes a differential game model for describing the attack and defense process for FDIA against AMIs. A computationally efficient algorithm is developed to solve the proposed differential model and obtain the potential Nash equilibrium (NE) strategy pair. Extensive numerical simulations are conducted to validate the effectiveness of the proposed method under different energy tariff structures.

Rebeca P. Díaz Redondo,Ana Fernández Vilas,Gabriel Fernández dos Reis

DOI: https://doi.org/10.3390/s20143977

2023-12-13

Abstract:Smart meters are of the basic elements in the so-called Smart Grid. These devices, connected to the Internet, keep bidirectional communication with other devices in the Smart Grid structure to allow remote readings and maintenance. As any other device connected to a network, smart meters become vulnerable to attacks with different purposes, like stealing data or altering readings. Nowadays, it is becoming more and more popular to buy and plug-and-play smart meters, additionally to those installed by the energy providers, to directly monitor the energy consumption at home. This option inherently entails security risks that are under the responsibility of householders. In this paper, we focus on an open solution based on Smartpi 2.0 devices with two purposes. On the one hand, we propose a network configuration and different data flows to exchange data (energy readings) in the home. These flows are designed to support collaborative among the devices in order to prevent external attacks and attempts of corrupting the data. On the other hand, we check the vulnerability by performing two kind of attacks (denial of service and stealing and changing data by using a malware). We conclude that, as expected, these devices are vulnerable to these attacks, but we provide mechanisms to detect both of them and to solve, by applying cooperation techniques

Cryptography and Security,Networking and Internet Architecture

Mahmoud M. Badr,Mohamed I. Ibrahem,Mohamed Mahmoud,Mostafa M. Fouda,Waleed Alasmary

DOI: https://doi.org/10.48550/arXiv.2012.01983

2020-12-02

Cryptography and Security

Abstract:In smart grid, malicious customers may compromise their smart meters (SMs) to report false readings to achieve financial gains illegally. Reporting false readings not only causes hefty financial losses to the utility but may also degrade the grid performance because the reported readings are used for energy management. This paper is the first work that investigates this problem in the net-metering system, in which one SM is used to report the difference between the power consumed and the power generated. First, we prepare a benign dataset for the net-metering system by processing a real power consumption and generation dataset. Then, we propose a new set of attacks tailored for the net-metering system to create malicious dataset. After that, we analyze the data and we found time correlations between the net meter readings and correlations between the readings and relevant data obtained from trustworthy sources such as the solar irradiance and temperature. Based on the data analysis, we propose a general multi-data-source deep hybrid learning-based detector to identify the false-reading attacks. Our detector is trained on net meter readings of all customers besides data from the trustworthy sources to enhance the detector performance by learning the correlations between them. The rationale here is that although an attacker can report false readings, he cannot manipulate the solar irradiance and temperature values because they are beyond his control. Extensive experiments have been conducted, and the results indicate that our detector can identify the false-reading attacks with high detection rate and low false alarm.

M. Ravinder,Vikram Kulkarni

DOI: https://doi.org/10.3389/fenrg.2023.1147431

IF: 3.4

2023-02-17

Frontiers in Energy Research

Abstract:The intrusion detection in network traffic for crucial smart metering applications based on radio sensor networks is becoming very important in the Smart Grid area. The network's structure for smart meters under investigation should consider important security factors. The potential of both passive and active cyber-attacks affecting the functioning of advanced metering infrastructure is studied and a novel method is proposed in this article. The proposed method for anomaly identification is efficient and rapid. In the beginning, Cook's distance was employed to recognize and eliminate outlier observations. After observations are made three statistical models Brown's, Holt's, and winter's models were used for exponential smoothing and were estimated using the provided data. Bollinger Bands with the appropriate parameters were employed to estimate potential changes in the forecasts produced by the models that were put into operation. The estimated traffic model's statistical relationships with its actual variations were then investigated to spot any unusual behaviour that would point to a cyber-attack effort. Additionally, a method for updating common models in the event of substantial fluctuations in real network traffic was suggested. The findings confirmed the effectiveness of the proposed method and the precision of the selection of the appropriate statistical model for the under-study time series. The outcomes validated the effectiveness of the proposed approach and the precision in choosing a suitable statistical model for the time series under investigation.

energy & fuels

Dou An,Feiye Zhang,Qingyu Yang,Chengwei Zhang

DOI: https://doi.org/10.1109/tase.2022.3149764

IF: 6.636

2022-01-01

IEEE Transactions on Automation Science and Engineering

Abstract:A smart grid integrates advanced sensors, efficient measurement methods, progressive control technologies, and other techniques and devices to achieve safe, efficient and economical operation of the grid system. However, the diversified and open environment of a smart grid makes energy and information of the smart grid vulnerable to malicious attacks. As a representative cyber-physical attack, the data integrity attack has an extremely severe impact on the grid operation for it can bypass the traditional detection mechanisms by adjusting the attack vector. In this paper, we first present the attack strategy against dynamic state estimation of power grid in the perspective of adversary and formulate the data integrity attack detection problem that has the characteristic of sequential decision making as a partially observable Markov decision process. Then, a deep reinforcement learning-based approach is proposed to detect against data integrity attacks, which utilizes the Long Short-Term Memory layer to extract the state features of previous time steps in determining whether the system is currently under attack. Moreover, the noisy networks are employed to ensure effective agent exploration, which prevents the agent from sticking to the non-optimal policy. The principle of a multi-step learning is adopted to increase the estimation accuracy of Q value. To address the sparse rewards problem, the prioritized experience replay is proposed to increase training efficiency. Simulation results demonstrated that the proposed detection approach surpasses the benchmarks in the comparison metrics: delay error rate and false rate. Note to Practitioners—In this paper, we present a deep reinforcement learning-based algorithm to defend against the data integrity attacks of smart grid. Most of the previous works discretized the system states and utilized the current state information to identify whether the system is under attack. For this reason, the detection policy may totally ignored the continuously changing characteristics of the grid states, which will lead to poor detection performance. Moreover, the attacked system states only accounts for a small part of the entire grid operation states, the probability of sampling the experience containing the attack state is extremely small, which limits the learning efficiency of previous RL-based detection approaches. In order to increase the accuracy of detection, we first present the attack strategy against power grid’s dynamic state estimation in the perspective of adversary and formulate the partially observable Markov decision process model of attack detection problem. Moreover, we propose a deep reinforcement learning-based detection approach combining the LSTM network to extract the system state features of the previous time steps to determine whether the system is currently being attacked. To address the sparse rewards problem, the prioritized experience replay is used to increase learning efficiency. The experiments demonstrate the effectiveness of proposed detection scheme compared with benchmarks in terms of detection delay as well as accuracy. In conclusion, the proposed detection scheme is helpful in defending against the data integrity attacks without obtaining the opponent’s strategy in advance and can be conveniently applied to the real-world security management system of smart grid.

automation & control systems

Zakaria El Mrabet,Mehdi Ezzari,Hassan Elghazi,Badr Abou El Majd

DOI: https://doi.org/10.48550/arXiv.2001.00916

2019-12-31

Cryptography and Security

Abstract:Smart grid is an alternative solution of the conventional power grid which harnesses the power of the information technology to save the energy and meet today's environment requirements. Due to the inherent vulnerabilities in the information technology, the smart grid is exposed to a wide variety of threats that could be translated into cyber-attacks. In this paper, we develop a deep learning-based intrusion detection system to defend against cyber-attacks in the advanced metering infrastructure network. The proposed machine learning approach is trained and tested extensively on an empirical industrial dataset which is composed of several attack categories including the scanning, buffer overflow, and denial of service attacks. Then, an experimental comparison in terms of detection accuracy is conducted to evaluate the performance of the proposed approach with Naive Bayes, Support Vector Machine, and Random Forest. The obtained results suggest that the proposed approaches produce optimal results comparing to the other algorithms. Finally, we propose a network architecture to deploy the proposed anomaly-based intrusion detection system across the Advanced Metering Infrastructure network. In addition, we propose a network security architecture composed of two types of Intrusion detection system types, Host and Network-based, deployed across the Advanced Metering Infrastructure network to inspect the traffic and detect the malicious one at all the levels.