Sheng Xu,Yongxiang Xia,Hui-Liang Shen

DOI: https://doi.org/10.1109/jsyst.2022.3150576

IF: 4.802

2022-01-01

IEEE Systems Journal

Abstract:In this article, we study how to resist malware attacks in cyber-physical power systems (CPPSs) through cyber protection. A model that incorporates the power flow analysis, the cyber monitoring and control, and the factor of cyber protection is proposed to simulate malware attacks in CPPSs. Meanwhile, an evaluation method is also developed to estimate the effectiveness of different cyber protection strategies. Through simulations, we conduct case studies in a test CPPS generated by coupling the IEEE 118 Bus System with a scale-free communication network. The protection effects of three heuristic cyber protection strategies, namely, target protection, random protection, and acquaintance protection are compared and analyzed. Simulation results reveal that compared with the other two strategies, target protection can suppress malware propagation and resist malware attacks more effectively. Moreover, we also investigate the optimal cyber protection problem in CPPSs and formulate it as a zero-one integer programming problem. We solve the problem by genetic algorithm and find that some low-degree cyber nodes also play a significant role in resisting malware attacks in CPPSs, especially when the protection budget is tight.

Sheng Xu,Yongxiang Xia,Hui-Liang Shen

DOI: https://doi.org/10.1109/tcsii.2020.2999875

2020-01-01

Abstract:In this brief, we analyze the damage caused by malware-induced cyber attacks in Cyber-Physical Power Systems (CPPSs). Incubation period and detection probability of the malware are considered in our analytical framework. From attacker's perspective, the trade-off between attack effectiveness and detection risk is studied to help choose the best attack timing and obtain the maximum payoff. Moreover, we conduct case studies in CPPSs formed by coupling IEEE 118-Bus System with scale-free communication networks. Simulation results reveal that the maximum expected payoff for the attacker is affected by the coupling pattern and the structure of communication network in CPPSs.

Wenting Wang,Dongqin Feng,Mingliang Chen,Shuxian Yang

DOI: https://doi.org/10.1109/ccdc62350.2024.10588015

2024-01-01

Abstract:This work investigates the problem of detecting and localizing attacks on a class of power cyber-physical systems (CPSs) in the presence of dynamic load alteration attacks (D-LAA). The power CPS is modeled as a discrete-time system with an unknown input, assuming that the sampling process is periodic and the D-LAA is bounded. This study delves into the investigation of attack detection and localization within a specific category of power cyber-physical systems (CPSs) when dealing with dynamic load alteration attacks (D-LAA). A novel Maximum Correntropy Robust Two-Stage Kalman Filter (MCRTSKF) is proposed so that the accurate state estimation for power CPS is achieved in spite of anomalous noise. Meanwhile, some essential parameters for the designed filter are obtained through the fixed-point iteration-stop parameter selection method. Furthermore, based on the state estimate value, the attack detection and localization procedure is presented. Finally, the validity and effectiveness of the proposed attack detection and localization schemes are illustrated by case studies on an IEEE 9-bus system.

Gonglong Chen,Wei Dong

DOI: https://doi.org/10.1145/3418210

2020-01-01

ACM Transactions on Sensor Networks

Abstract:Recently, Cross-Technology Communication (CTC), allowing the direct communication among heterogeneous devices with incompatible physical layers, has attracted much research attention. Many efficient CTC protocols have been proposed to demonstrate its promise in IoT applications. However, the applications built upon CTC will be significantly impaired when CTC suffers from malicious attacks such as jamming or sniffing. In this article, we implement a reactive jamming system, JamCloak, that can attack most existing CTC protocols. To this end, we first propose a taxonomy of the existing CTC protocols. Then based on the taxonomy, we extract essential features to train a CTC detection model, and estimate the parameters that can efficiently jam CTC links. Experimental results show that JamCloak consistently achieves 94.7% of classification accuracy on average in both Line-of-Sight and Non-Line-of-Sight scenarios. We also apply JamCloak to attack three existing CTC protocols: WiZig, Esense and EMF. Results show that JamCloak can significantly reduce PDR (packet delivery ratio) by 80.8% on average in practical environments. In the meantime, JamCloak’s jamming gain is more than 1.78× higher than the existing reactive jammer. In addition, we propose a practical countermeasure against reactive jamming attacks over CTC links like JamCloak. Results show that our approach significantly improves the jamming detection accuracy by 91.2% on average than the existing approach, and effectively decreases the reduction in packet delivery ratio to 1.7%.

Sharaf Malebary,Wenyuan Xu,Chin-Tser Huang

DOI: https://doi.org/10.1109/pccc.2016.7820665

2016-01-01

Abstract:The development of wireless Vehicular Ad-Hoc Network (VANET) aimed to enhance road's safety and provide comfortable driving environment by delivering early warning and infotainment messages. Intentional jamming attacks target at undermining such a goal by disrupting wireless communications. While detecting jamming attacks is important towards enhancing road safety, it is challenging because VANET operates in outdoor environment (highly changeable road conditions and atmospheric phenomena), and encompasses volatile topology and high mobility of vehicles (traveling speed and directions). To overcome these challenges, in this work, we study jamming attack mobility and behaviors in IEEE802.11p networks. In particular, we focus on analyzing jamming impact based on jammers behaviors, and mobility patterns. Thus, in order to achieve reliable detection, first we identify the impact of vehicles' density on network performance. Then, we study jamming effectiveness when adopting different mobility patterns (stationary, random, or targeting) and behaviors (constant, random, and reactive). Finally, we propose a two phase detection algorithm and evaluate it in a simulation environment. Our approach shows promising results to detect different types of jammers accurately in IEEE802.11p networks.

Taimin Zhang,Xiaoyu Ji,Zhou Zhuang,Wenyuan Xu

DOI: https://doi.org/10.3390/s19040909

IF: 3.9

2019-01-01

Sensors

Abstract:As the core component of the smart grid, advanced metering infrastructure (AMI) is responsible for automated billing, demand response, load forecasting, management, etc. The jamming attack poses a serious threat to the AMI communication networks, especially the neighborhood area network where wireless technologies are widely adopted to connect a tremendous amount of smart meters. An attacker can easily build a jammer using a software-defined radio and jam the wireless communications between smart meters and local controllers, causing failures of on-line monitoring and state estimation. Accurate jammer localization is the first step for defending AMIs against jamming attacks. In this paper, we propose JamCatcher, a mobile jammer localization scheme for defending the AMI. Unlike existing jammer localization schemes, which only consider stationary jammers and usually require a high density of anchor nodes, the proposed scheme utilizes a tracker and can localize a mobile jammer with sparse anchor nodes. The time delay of data transmission is also considered, and the jammer localization process is divided into two stages, i.e., far-field chasing stage and near-field capturing stage. Different localization algorithms are developed for each stage. The proposed method has been tested with data from both simulation and real-world experiment. The results demonstrate that JamCatcher outperforms existing jammer localization algorithms with a limited number of anchor nodes in the AMI scenario.

Pan Zhang,Yi Huang,Zhonghe Jin

DOI: https://doi.org/10.3390/electronics12092130

IF: 2.9

2023-01-01

Electronics

Abstract:In an electronic jamming system, the ability to adequately perceive information determines the effectiveness of an electronic countermeasures strategy. This paper proposes a new method based on the combination of a multi-agent electronic jammer and an information sharing mechanism. With the development of intelligent technology and deep learning, these technologies have been applied in electronic countermeasure game systems. Introducing intelligent technology into the electronic confrontation system can greatly improve decision-making efficiency. At the same time, a multi-agent electronic countermeasure cooperative system based on the information sharing method can break through the limited information perception capabilities of a single agent, thereby greatly improving the survivability of jamming systems in electronic warfare. Experimental results show that our method requires a lower jamming-to-signal ratio than the single jammer method to achieve effective electronic jamming. In addition, the electronic jamming parameters can be updated automatically as the external electromagnetic environment changes quickly, realizing a more intelligent electronic jamming system.

Kang-Di Lu,Zheng-Guang Wu

DOI: https://doi.org/10.1109/tii.2021.3129487

IF: 12.3

2022-01-01

IEEE Transactions on Industrial Informatics

Abstract:As the next-generation power grids, smart grids are integrated with advanced information and communication technology (ICT) to make the grid more efficient and stable than conventional power systems. Given the mounting cyber-attack threats, these critical ICT systems create great security issues for smart grids. Additionally, the clever attackers have the ability to not only access and monitor the smart grid, but also hack it by launching well-established cyber-attacks. Thus, this article is devoted to understanding the potential stealthy cyber-attack and its countermeasure. First, this article proposes a stealthy sparse cyber-attack model in an ac smart grid by considering both the residual test-based detector and the interval-state-estimation-based detector, which is not considered in previous studies. The design model is formulated as a constrained optimization problem by minimizing the number of contaminated meters, where the characteristics of two types of detector are considered simultaneously as the constraints for the first time. A constrained differential evolution (CDE) is proposed as the solver because the optimization problem is NP-hard. Then, a generalized-cumulative-sum-based detector is developed to detect the proposed cyber-attacks, where a fractional-order state transition matrix is originally introduced into the estimator to describe the dynamics of the power system. Numerical studies illustrate the feasibility of CDE-based stealthy sparse cyber-attacks and the effectiveness of the proposed countermeasure.

Kang-Di Lu,Zheng-Guang Wu

DOI: https://doi.org/10.1109/icarm54641.2022.9959185

2022-01-01

Abstract:The cyber-physical power system (CPPS) is evolved from the traditional power system by the deployment of information networks with control systems, computational units, and communication networks. However, their integration into CPPS introduces new challenges in maintaining security. Various malicious cyber-attacks are drawn much attention recently after the discovery of the impact on CPPS state estimation. Thus, it is of great significance for operators to detect cyber-attacks and identify the types of attacks in CPPS to make decisions appropriately. This problem can be viewed as a multi-class classification problem from the perspective of machine learning. Accordingly, this paper proposes an ensemble learning-based cyber-attacks detection model for CPPS state estimation. In the proposed model, we use the subspace features and then send the data to the classifier for ensemble, where decision trees and random vector functional link networks are introduced as the basic classifier. The proposed model is validated by employing simulated data on IEEE 14-bus and 30-bus systems. Simulation results demonstrate the performance of the proposed cyber-attacks detection model.

Lingling Chen,Bowen Sun,Xianghui Cao

DOI: https://doi.org/10.1109/cac57257.2022.10055947

2022-01-01

Abstract:Due to Cyber-Physical Systems applied to a broad range of fields, as well as the advanced skills of cyber attacks, there is a growing need in the safety of CPS. In this paper, a discrete LTI estimation system with a sensor sending data to remote estimator via multiple wireless channels is considered. The system is likely to be attacked by a malicious attacker. The task of each side is to choose a proper step and channel (or channels) to transmit packets (or launch attacks) under the given constraints. We formulate this time-channel chosen problem as a framework of game model and reveal Nash equilibrium of proposed framework. Furthermore, to illustrate our results, we present some simulations.

Aidong Xu,Xingpu Cai,Mengya Li,Yang Cao,Huajun Chen,Wei Ding,Chao Hong,Zhibing Wu,Qi Wang

DOI: https://doi.org/10.1109/cyber46603.2019.9066579

2019-01-01

Abstract:With the development of information and communication technology, power system has integrated deeply with communication system, which is a typical cyber physical system. While the development of smart grid makes the power side control more accurate and efficient, it also poses potential cyber attack risks. Attackers can cause grid faults and further power outages by disguising the attack behaviors as natural faults. When the grid is on operation, a large amount of data is generated on both the power side and the information side. Therefore, identifying the cause of the grid faults correctly through data mining can be helpful to take correct countermeasures in time to prevent the fault from expanding. In this paper, an identification method is proposed based on the collaborative characteristic sequence of a certain event and is verified on a four-machine two-zone system. The results show that method is effective and reliable.

Husheng Li,Lifeng Lai,Robert C. Qiu

DOI: https://doi.org/10.1109/CISS.2011.5766137

2011-01-01

Abstract:Denial-of-service (DoS) attack is a serious threat to the communication networks in smart grid, which may result in severe instability of power systems. A jammer can send strong interference to jam the data transmission if wireless communication systems are used for conveying system state information from a remote sensor to a controller in the wide area system monitoring and control. When being jammed by a jammer, the remote sensor can utilize multiple channels to avoid the jamming interference. Hence, the jamming and anti-jamming are modeled as a zero-sum stochastic game. In this game, the actions of the sensor and jammer are dependent on the current system state. A quadratic function is used as the payoff function, thus facilitating the LQG control of the power system. The Nash equilibrium of the game is analyzed, including the existence and the corresponding computation. Numerical simulations are carried out for a seven-dimensional linear system of power grid and demonstrate the increase of reward when proper anti-jamming actions are taken.

Elham Honarvar,Abolghasem Daeichian,Francesco Delli Priscoli,Andrea Tortorelli

DOI: https://doi.org/10.1177/01423312241273857

IF: 2.146

2024-10-08

Transactions of the Institute of Measurement and Control

Abstract:Transactions of the Institute of Measurement and Control, Ahead of Print. Cyber-physical systems face cyberattacks that hinder performance, increase cost, or even collapse the system. Thus, rapid and accurate attack detection is crucial for quick activation of defense mechanisms. Model-based attack detection approaches are known for their precision; however, the unavailability of the exact system model poses a challenge. In response, model-free approaches have gained increased attention as a practical alternative. In this paper, an online model-free algorithm for detecting false data injection and jamming attacks on CPSs is proposed. The method leverages principal component analysis to reconstruct the expected observations in a reduced dimension space, emphasizing the most effective principal components. Then, deciding on attacked or normal operation relies on analyzing either the Euclidean distance or the cosine similarity of the discrepancy between the expected and actual observations. The proposed metrics effectively expose subtle deviations from expected behavior, as any alteration in these components augments the distance between the observed and reconstructed values. The proposed method was compared with the conventional cumulative sum discriminator and Kalman-based algorithm, using an IEEE-14, IEEE-30, and IEEE-118 bus systems. The results demonstrate the superiority of the proposed algorithm in terms of various evaluation metrics, including F-score, precision, recall, and miss detection ratio.

automation & control systems,instruments & instrumentation

Hongbao Shi,Xianghui Cao,Lianghong Peng,Changyin Sun

DOI: https://doi.org/10.1109/cac.2017.8244069

2017-01-01

Abstract:Recently, the security issues of CPS have attracted much attention from many researchers. Standing on the point of attacker, this work investigates the optimal channel jamming attack against wireless state estimation in CPS with energy constraint. Specifically, we consider that the attacker can jam the wireless channel with various power levels that will cause different sensory packet drop probabilities. We formulate the optimal attacker power allocation problem as to maximize the estimation error covariance under the attacker's power constraint. We theoretically derive the optimal power allocation for the attacker, which is shown resembling a parabola shape along time. Finally, we demonstrate the performance of the proposal allocation scheme through simulations.

Yuzhe Li,Ling Shi,Peng Cheng,Jiming Chen,Daniel E. Quevedo

DOI: https://doi.org/10.1109/tac.2015.2461851

IF: 6.549

2015-01-01

IEEE Transactions on Automatic Control

Abstract:We consider security issues in Cyber-Physical Systems (CPSs). A sensor node communicates with a remote estimator through a wireless channel which may be jammed by an external attacker. With energy constraints for both the sensor and the attacker, the interactive decision making process of when to send and when to attack is studied. We formulate a game-theoretical framework and prove that the optimal strategies for both sides constitute a Nash equilibrium. The derivation of the optimal strategies for both sides is also provided with examples.

Lianghong Peng,Xianghui Cao,Changyin Sun,Yu Cheng

DOI: https://doi.org/10.1007/978-3-319-42836-9_29

IF: 6

2018-01-01

Neurocomputing

Abstract:Recently, the security issues of Cyber-Physical Systems (CPS) have gained a growing amount of research attention. As a typical application of CPS, remote state estimation systems over wireless channels are vulnerable to various cyber attacks, such as channel jamming attacks. Standing on the point of the jamming attacker, this paper investigates the problem of optimal attack schedule under energy constraints against a wireless state estimation system, where two sensors transmit data to a remote estimator over two independent wireless channels. Due to its radio constraint, the attacker is assumed to only launch jamming attack on one of the two channels at a time. We formulate the problem of optimal attack schedule as a nonlinear program which aims to maximize the remote estimation error covariance subjecting to the attacker's energy constraint. We then theoretically derive the optimal schedule and shows that it depends on the attacker's energy budget, the physical system dynamics and the channel properties. Finally, the theoretical results are validated and evaluated through numerical simulations.

Hongjiu Yang,Min Shi,Yuanqing Xia,Peng Zhang

DOI: https://doi.org/10.1109/tcyb.2018.2817249

IF: 11.8

2019-01-01

IEEE Transactions on Cybernetics

Abstract:In this paper, a countermeasure for wireless networked control systems suffering from jamming attacks is studied by a variable sampling approach. A Stackelberg game framework is utilized to analyze interactions between a smart jammer and a legitimate user. The variable sampling approach is exploited to deal with data packets dropout between a sensor and a controller. Moreover, a resilient variable sampling controller is designed by a delta operator method. Besides, stability conditions are provided for systems with proposed controller. Finally, a numerical simulation is provided to validate the effectiveness of the proposed method.

Tianzhixi Yin,Syed Ahsan Raza Naqvi,Sai Pushpak Nandanoori,Soumya Kundu

2024-11-05

Abstract:This paper explores the detection and localization of cyber-attacks on time-series measurements data in power systems, focusing on comparing conventional machine learning (ML) like k-means, deep learning method like autoencoder, and graph neural network (GNN)-based techniques. We assess the detection accuracy of these approaches and their potential to pinpoint the locations of specific sensor measurements under attack. Given the demonstrated success of GNNs in other time-series anomaly detection applications, we aim to evaluate their performance within the context of power systems cyber-attacks on sensor measurements. Utilizing the IEEE 68-bus system, we simulated four types of false data attacks, including scaling attacks, additive attacks, and their combinations, to test the selected approaches. Our results indicate that GNN-based methods outperform k-means and autoencoder in detection. Additionally, GNNs show promise in accurately localizing attacks for simple scenarios, although they still face challenges in more complex cases, especially ones that involve combinations of scaling and additive attacks.

Systems and Control

Jiasheng He,Cailian Chen,Shanying Zhu,Bo Yang,Xinping Guan

DOI: https://doi.org/10.1109/tii.2018.2871933

IF: 12.3

2019-01-01

IEEE Transactions on Industrial Informatics

Abstract:In this paper, we investigate the secure state estimation (SSE) problem in power systems, where the physical system is measured by meters and mainly focuses on the measurements sent to a remote estimator via wireless networks faced with jamming attacks. Malicious attacks on the transmission paths block the data transmission and deteriorate the performance of estimation. Various works have been proposed to cope with the transmission failure. Few of them have considered the case that a smart attacker could adjust strategies according to the defensive methods with advanced communication techniques. We propose the antijamming game framework for SSE. Under this framework, defensive path selection (DPS) is proposed based on multiagent reinforcement learning to make optimal path selection against the intelligent attacker and improve the transmission performance for SSE. The effectiveness of the proposed method is theoretically proved to improve the robustness of estimation and the capability of DPS is analyzed.

Hongquan Xu,Xueqi Jin,Qi Jin,Kai Luo,Wanbin Han

DOI: https://doi.org/10.1109/icit46573.2021.9453576

2021-01-01

Abstract:Wireless based smart grid networks are widely applied due to its features of efficiency and agility to the power system. However, it is also vulnerable to malicious attacks via the communication channels, which has a great impact on stability of the whole power system. In this paper, a cooperative jamming attack strategy is proposed, in which a team of mobile attackers is tasked to jam the power price signals sent by the control center to power users, and halt jamming operation when the true price value monitored by attackers has been varied noticeably. Based on a dynamic coverage control scheme, attackers optimally coordinate their motion and continually disrupt wireless communication channels between power users and the control center during each jamming operation period. It ensures that the instantaneous imbalance of generated power and consumed power at the control center is gradually up to a maximum level when the true price is updated by local unit of each power user. The effect of such an attack is also discussed analytically. Simulation results are provided to validate the effectiveness of the proposed method.