Genghong Lu,Dongqin Feng

DOI: https://doi.org/10.23919/icif.2018.8455208

2018-01-01

Abstract:Due to the wide implementation of communication networks, industrial control systems are vulnerable to malicious attacks, which could cause potentially devastating results. Adversaries launch integrity attacks by injecting false data into systems to create fake events or cover up the plan of damaging the systems. In addition, the complexity and nonlinearity of control systems make it more difficult to detect attacks and defense it. Therefore, a novel security situation awareness framework based on particle filtering, which has good ability in estimating state for nonlinear systems, is proposed to provide an accuracy understanding of system situation. First, a system state estimation based on particle filtering is presented to estimate nodes state. Then, a voting scheme is introduced into hazard situation detection to identify the malicious nodes and a local estimator is constructed to estimate the actual system state by removing the identified malicious nodes. Finally, based on the estimated actual state, the actual measurements of the compromised nodes are predicted by using the situation prediction algorithm. At the end of this paper, a simulation of a continuous stirred tank is conducted to verify the efficiency of the proposed framework and algorithms.

Jiachang Wen,Chen Yan,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/eeet58130.2022.00019

2022-01-01

Abstract:With the widespread use of new technologies such as mobile Internet, cloud computing, and Internet of Things in power systems, the number of terminal devices in power systems has increased dramatically, and the ensuing security vulnerabilities have increased, making terminal devices increasingly vulnerable to cyber attacks such as ransomware viruses. In this paper, we focus on the security of terminal devices in power systems and realize security monitoring of power terminals by collecting power consumption side channel information of power terminal devices in normal and abnormal states, using training device abnormality identification models using supervised learning algorithms with some time-domain frequency-domain feature information of power consumption as power consumption features of the devices.

Ruiwen He,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ei250167.2020.9346835

2020-01-01

Abstract:With the development of information technology and Power Internet of Things, the increasing number of networked terminals presents new network security threats. Industrial control equipment and systems have vulnerabilities in hardware, software and firmware, and advanced persistent threat against ICS has become more complex and diverse. However, most of the research are aimed at the detection of single vulnerability, and lack attack mechanism analysis and threat assessment for attack chain. We proposed a threat assessment method based on vulnerability descriptive text and described the attributes of attack samples according to the classification results in attack targets, methods and consequences. We constructed attack graphs based on attack sample attributes and cyber-physical topology to quantitatively evaluate the feasibility and benefits of each attack path from vulnerability capabilities and the impact of devices in the physical world. Finally, we took the substation device status monitoring system as an example to verify the feasibility of this method.

Tingqi Zhang,Mingyang Sun,Jochen L. Cremer,Ning Zhang,Goran Strbac,Chongqing Kang

DOI: https://doi.org/10.1109/tpwrs.2021.3059197

IF: 7.326

2021-01-01

IEEE Transactions on Power Systems

Abstract:Dynamic Security Assessment (DSA) for the future power system is expected to be increasingly complicated with the higher level penetration of renewable energy sources (RES) and the widespread deployment of power electronic devices, which drive new dynamic phenomena. As a result, the increasing complexity and the severe computational bottleneck in real-time operation encourage researchers to exploit machine learning to extract offline security rules for the online assessment. However, traditional machine learning methods lack in providing information on the confidence of their corresponding predictions. A better understanding of confidence of the prediction is of key importance for Transmission System Operators (TSOs) to use and rely on these machine learning methods. Specifically, from the perspective of topological changes, it is often unclear whether the machine learning model can still be used. Hence, being aware of the confidence of the prediction supports the transition to using machine learning in real-time operation. In this paper, we propose a novel Conditional Bayesian Deep Auto-Encoder (CBDAC) based security assessment framework to compute a confidence metric of the prediction. This informs not only the operator to judge whether the prediction can be trusted, but it also allows for judging whether the model needs updating. A case study based on IEEE 68-bus system demonstrates that CBDAC outperforms the state-of-the-art machine learning-based DSA methods and the models that need updating under different topologies can be effectively identified. Furthermore, the case study verifies that effective updating of the models is possible even with very limited data.

Huaiyu Liu,Yuze Fu,Kaikai Pan,Wenyuan Xu,Chenggang Li,Chen Liu

DOI: https://doi.org/10.1109/isgtasia54891.2023.10372698

2023-01-01

Abstract:With the growing focus on reducing carbon emissions, there has been a significant increase in the deployment of distributed photovoltaic generation systems. However, their distributed nature makes them vulnerable to adversarial threats. Moreover, these systems can serve as potential entry points or attack surfaces for targeting the power grid. Existing methods are either designed for specific attacks or intrusive to power terminals (e.g., intelligent terminal, communication device). To tackle this issue, this paper introduces a method for detecting and classifying attacks on distributed PV systems leveraging cyber and power side channel data. The proposed method is capable of detecting various attacks rather than specific ones and is non-intrusive for collecting information from power terminals.

Kecheng Li,Genyuan Yang,Shanling Dong,Meiqin Liu

DOI: https://doi.org/10.23919/ccc63176.2024.10661728

2024-01-01

Abstract:The increasing integration of smart grid technologies in multiregional power systems improves efficiency but also exposes them to cyber security threats, especially false data injection attacks. In this paper, we address this challenge by proposing a distributed detection framework tailored for multi-regional power systems. Traditional centralized approaches are insufficient to cope with the dynamic and decentralized nature of these systems. The framework aims to simultaneously monitor and analyze multiple regions in real-time, enhancing the system’s ability to withstand false data injection attacks. This study outlines the proposed framework and provides simulation results for validation, emphasizing the need for proactive defense mechanisms in safeguarding the data integrity of power systems.

Zhenyong Zhang,Ke Zuo,Ruilong Deng,Fei Teng,Mingyang Sun

DOI: https://doi.org/10.1109/jiot.2023.3264492

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Machine learning-based intelligent systems enhanced with Internet of Things (IoT) technologies have been widely developed and exploited to enable the real-time stability assessment of a large-scale electricity grid. However, it has been extensively recognized that the IoT-enabled communication network of power systems is vulnerable to cyberattacks. In particular, system operating states, critical attributes that act as input to the data-driven stability assessment, can be manipulated by malicious actors to mislead the system operator into making disastrous decisions and thus cause major blackouts and cascading events. In this article, we explore the vulnerability of the data-driven power system stability assessment, with a special emphasis on decision tree-based stability assessment (DTSA) approaches, and investigate the feasibility of constructing a physics-constrained adversarial attack (PCAA) to undermine the DTSA. The PCAA is formulated as a nonlinear programming problem considering the misclassification constraint, power limits, and bad data detection, computing potential adversarial perturbations that reverse the “stable/unstable” prediction of the real-time input while remaining invisible/stealthy. Extensive experiments based on the IEEE 68-bus system are conducted to evaluate the impact of PCAAs on predictions of DTSA and their transferability.

Jinping Liu,Wuxia Zhang,Tianyu Ma,Zhaohui Tang,Yongfang Xie,Weihua Gui,Jean Paul Niyoyita

DOI: https://doi.org/10.1016/j.eswa.2020.113578

IF: 8.5

2020-11-01

Expert Systems with Applications

Abstract:<p>Industrial Cyber-physical systems (ICPSs), integrating communication, computation and control of industrial processes are referred to as a core technology to approach the <em>Industry 4.0</em>. Ensuring the ICPS security is of paramount importance in smart manufacturing. Considering the characteristics of large-scale, geographically-dispersed and multi-dimensional heterogeneous, federated and life-critical natures of ICPSs, this paper investigates a hierarchically distributed intrusion detection scheme that seeks to achieve the all-round safety protection of ICPSs according to the system structure and attacking types of each ICPS layer. For physical system-relevant perceptual executive layer, potential and covert attacks are detected by the clustered sensory system state residual anomaly monitoring based on a process noise and measurement noise-adaptive Kalman filter (PNMN-AKF). PNMN-AKF can perform a joint recursive estimation of dynamic system states, time-varying process and measurement noise covariance matrices by the variational Bayes approximation framework. In cyberspace, potential cyber-attacks are detected by the anomaly monitoring of the statistical distribution of the network transmission characteristics of data transmission layer by introducing a forgetting factor-induced recursive Gaussian mixture model (FF-RGMM). In the application control layer, a regularized sparse deep belief network model is introduced to characterize the misuse behavior for detecting potential attacks. Extensive validation and comparative experiments have been conducted on a numerical simulation system and a comprehensive ICPS simulation platform by using OPNET and a commonly-used benchmark simplified Tennessee Eastman process (STEP) based on Matlab/Simulink. Experimental results demonstrate that the proposed hierarchically distributed intrusion detection method can efficiently recognize potential and covert cyber-attacks in each ICPSs link with low false alarm rate and missing detection rate, which lays a foundation for the overall security monitoring of ICPSs.</p>

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science

Jingcheng Zhao,Xiaomeng Li,Yaofu Cao,Junwen Liu,Junlu Yan,Chengwei Li

DOI: https://doi.org/10.1088/1742-6596/2078/1/012067

2021-11-01

Journal of Physics: Conference Series

Abstract:Abstract In recent years, international industrial control network security incidents have occurred frequently. As a core component of the industrial control field, intelligent power control systems are increasingly threatened by external network attacks. Based on the current research status of power industrial control network security, closely combining the development of active monitoring and defense technology in the public network field and the problems encountered by network security operators in actual work, this paper uses data mining methods to study the power control system network security situation awareness technology. Combing operational data collection and integrated processing, situation index screening and extraction, we use wavelet neural network analysis method to train the sampled data set, and finally calculate the true value of the network security status through deep intelligent learning. Finally, we conclude that the artificial intelligence algorithm based on wavelet neural network can be used for power control system network security situation awareness. In actual work, it can predict the situation value for a period of time in the future and assist network security personnel in judgment and decision-making.

Dajun Du,Minggao Zhu,Xue Li,Minrui Fei,Siqi Bu,Lei Wu,Kang Li

DOI: https://doi.org/10.35833/mpce.2021.000604

IF: 4.469

2023-01-01

Journal of Modern Power Systems and Clean Energy

Abstract:Potential malicious cyber-attacks to power systems which are connected to a wide range of stakeholders from the top to tail will impose significant societal risks and challenges. The timely detection and defense are of crucial importance for safe and reliable operation of cyber-physical power systems (CPPSs). This paper presents a comprehensive review of some of the latest attack detection and defense strategies. Firstly, the vulnerabilities brought by some new information and communication technologies (ICTs) are analyzed, and their impacts on the security of CPPSs are discussed. Various malicious cyber-attacks on cyber and physical layers are then analyzed within CPPSs framework, and their features and negative impacts are discussed. Secondly, two current mainstream attack detection methods including state estimation based and machine learning based methods are analyzed, and their benefits and drawbacks are discussed. Moreover, two current mainstream attack defense methods including active defense and passive defense methods are comprehensively discussed. Finally, the trends and challenges in attack detection and defense strategies in CPPSs are provided.

engineering, electrical & electronic

Hao Wu

DOI: https://doi.org/10.12694/scpe.v25i3.2065

2024-04-12

Abstract:There is rapid growth of the security threats faced by enterprises and the security attacks technology is also established at a higher level. Enterprises are facing an escalating threat landscape marked by sophisticated security attacks. To address the structural and technical challenges of information security situational awareness, a method for designing an artificial intelligence-driven system is proposed. In order to solve the system structure and key technical problems of information security situational awareness technology of artificial intelligence, a method of designing information security situational awareness system is proposed, and experiments are carried out through the method. By analyzing the data sources that the system needs to collect, including network traffic mirror data, log data, security intelligence and support data, this paper verifies the feasibility of the system method of information security situational awareness technology of artificial intelligence technology. The proposed core competence platform has the characteristics of low delay and robust real-time capabilities. By presetting the event processing topology, we can quickly build the event processing process, and build the corresponding event processing topology model according to different processing requirements to meet the business requirements. The AI-powered information security situational awareness system substantially enhances security awareness and prediction accuracy.

Yingjun Wu,R. Fu,Xiaojuan Huang,Yusheng Xue,D. Yue,Yi Tang

DOI: https://doi.org/10.1109/ACCESS.2018.2855752

IF: 3.9

IEEE Access

Abstract:A cyber physical distribution power system (CPDS) is a large and complex infrastructure that coordinates the cyber communication system and the physical distribution power system. Because of the increasingly advanced information communication technology, the development of cyber physical distribution power system has caused key cyber security issues related to system operation. This paper is focused on realizing a unified system attack modeling and security assessment of an active distribution power system. In this paper, first we present an overview of the system operation from the fusion system perspective. The significant effects of network intrusion attacks on operational security are evaluated. A new unified cyber physical network model is established using a limited stochastic Petri net graph theory that considers refined firewalls and password components. Then, a security effectiveness evaluation method is proposed to analyze channel throughput variation and system robustness. Overall CPDS security risk values are determined based on physical influence coefficients. Finally, simulations of an improved IEEE-33 bus distribution power system and security assessment under intrusion attacks are described. The research work could raise awareness of the cyber intrusion threats and provide the basis for security defense.

Engineering,Computer Science

Mansi Girdhar,Junho Hong,Wencong Su,Akila Herath,Chen-Ching Liu

2024-03-08

Abstract:In recent years, critical infrastructure and power grids have experienced a series of cyber-attacks, leading to temporary, widespread blackouts of considerable magnitude. Since most substations are unmanned and have limited physical security protection, cyber breaches into power grid substations present a risk. Nowadays, software-defined network (SDN), a popular virtual network technology based on the OpenFlow protocol is being widely used in the substation automation system. However, the susceptibility of SDN architecture to cyber-attacks has exhibited a notable increase in recent years, as indicated by research findings. This suggests a growing concern regarding the potential for cybersecurity breaches within the SDN framework. In this paper, we propose a hybrid intrusion detection system (IDS)-integrated SDN architecture for detecting and preventing the injection of malicious IEC 61850-based generic object-oriented substation event (GOOSE) messages in a digital substation. Additionally, this program locates the fault's location and, as a form of mitigation, disables a certain port. Furthermore, implementation examples are demonstrated and verified using a hardware-in-the-loop (HIL) testbed that mimics the functioning of a digital substation.

Cryptography and Security,Computers and Society

Wenchuan Wu,Boming Zhang,Hongbin Sun,Yi Zhang

DOI: https://doi.org/10.1109/PES.2010.5589427

2010-01-01

Abstract:This paper presents an early warning and preventive control system for dynamic security, which has been used in several provincial power grids in China. The framework and the main modules of the proposed system are introduced. The system architecture is based on a Multi-agent system which is developed by our team. The modules like on-line contingency assessment, total transfer capacity evaluation, preventive and corrective control schemes etc. are developed in this system. To estimate the forthcoming state's security level, all these modules also run in the forecasted 15-minutes ahead operating state. And some key technologies, such as PEBS based contingency screen and distributed computing technology, are used to improve the efficiency of the system to accommodate real-time application. Enhanced total transfer capacity calculating (TTC) method are developed which can both calculate pessimistic value and optimistic value of TTC in the same time. The preventive control algorithm is developed which is based on transient energy function sensitivity. Some engineering-oriented methods are also introduced which are used to solve practical problems emerged in real application. In the last part of the paper, some data from a real system in a provincial power grid is introduced.

Libao Shi,Naichao Chang,Zhou Lan,D. P. Zhao,Huafeng Zhou,Peter T. C. Tam,Yixin Ni,Felix F. Wu

DOI: https://doi.org/10.1109/PES.2007.385468

2007-01-01

Abstract:A real time dynamic security assessment and early warning (DSAEW) system for the purpose of keeping interconnected power systems operating in security region, monitoring dynamic security margin constantly and ensuring system operation reliability is proposed in this paper. The framework of the DSAEW system is designed in accordance with Client/Server and Browser/Server models based on the TCP/IP protocol. In this paper, the overall system architecture, function design and technology used of such tool including TSA- Transient Stability Assessment, VSA- Voltage Stability Assessment is presented. Furthermore, the calculation of some operation limits involving the bus voltage limits, the branch/corridor transfer power limits and the P-load limit of the whole system is introduced in this paper as well. On one hand, the DSAEW system can easily and conveniently integrate with existing Energy Management System (EMS) to implement the real time dynamic security assessment. On the other hand, the DSAEW system can make intensive dynamic analysis related to the specified case study as an off-line simulation platform. © 2007 IEEE.

Chengzhi Jiang,Chuanfeng Huang,Qiwei Huang,Jian Shi

DOI: https://doi.org/10.3390/sym13091718

2021-09-16

Symmetry

Abstract:The multi-source data collected by the power Internet of Things (IoT) provide the data foundation for the power big data analysis. Due to the limited computational capability and large amount of data collection terminals in power IoT, the traditional security mechanism has to be adapted to such an environment. In order to ensure the security of multi-source data in the power monitoring networks, a security system for multi-source big data in power monitoring networks based on the adaptive combined public key algorithm and an identity-based public key authentication protocol is proposed. Based on elliptic curve cryptography and combined public key authentication, the mapping value of user identification information is used to combine the information in a public and private key factor matrix to obtain the corresponding user key pair. The adaptive key fragment and combination method are designed so that the keys are generated while the status of terminals and key generation service is sensed. An identification-based public key authentication protocol is proposed for the power monitoring system where the authentication process is described step by step. Experiments are established to validate the efficiency and effectiveness of the proposed system. The results show that the proposed model demonstrates satisfying performance in key update rate, key generation quantity, data authentication time, and data security. Finally, the proposed model is experimentally implemented in a substation power IoT environment where the application architecture and security mechanism are described. The security evaluation of the experimental implementation shows that the proposed model can resist a series of attacks such as counterfeiting terminal, data eavesdropping, and tampering.

SHI Li-bao,ZHOU Hua-feng,Peter T. C. Tam,CHANG Nai-chao,LAN Zhou,NI Yi-xin,XU Zheng

DOI: https://doi.org/10.3969/j.issn.1004-731x.2007.23.012

2007-01-01

Abstract:Mainly focusing on the study of power system dynamics, a real time dynamic security assessment and early warning (RDSAEW) system for the purpose of keeping interconnected power systems operating in security region, monitoring dynamic security margin constantly and ensuring system operation reliability was proposed. The framework of RDSAEW system was designed in accordance with Client/Server and Browser/Server operating modes based on the TCP/IP protocol. And some advanced technologies involving Visual Studio.Net, SQL Server 2000, Shell Programming and parallel computing, etc, were widely used in the design and development of RDSAEW system. On one hand, the RDSAEW system could easily and conveniently integrate with existing Energy Management System (EMS) to implement the real time dynamic security assessment. On the other hand, the RDSAEW system could make intensive dynamic analysis related to the specified case study as an off-line simulation platform.

Abhijeet Sahu,Patrick Wlazlo,Nastassja Gaudet,Ana Goulart,Edmond Rogers,Katherine Davis

2023-06-27

Abstract:Electric power delivery relies on a communications backbone that must be secure. SCADA systems are essential to critical grid functions and include industrial control systems (ICS) protocols such as the Distributed Network Protocol-3 (DNP3). These protocols are vulnerable to cyber threats that power systems, as cyber-physical critical infrastructure, must be protected against. For this reason, the NERC Critical Infrastructure Protection standard CIP-005-5 specifies that an electronic system perimeter is needed, accomplished with firewalls. This paper presents how these electronic system perimeters can be optimally found and generated using a proposed meta-heuristic approach for optimal security zone formation for large-scale power systems. Then, to implement the optimal firewall rules in a large scale power system model, this work presents a prototype software tool that takes the optimization results and auto-configures the firewall nodes for different utilities in a cyber-physical testbed. Using this tool, firewall policies are configured for all the utilities and their substations within a synthetic 2000-bus model, assuming two different network topologies. Results generate the optimal electronic security perimeters to protect a power system's data flows and compare the number of firewalls, monetary cost, and risk alerts from path analysis.

Systems and Control

Yichi Zhang,Lingfeng Wang,Weiqing Sun,Robert C. Green,Mansoor Alam

DOI: https://doi.org/10.1109/PES.2011.6039697

2011-01-01

Abstract:The advent of the smart grid promises to usher in an era that will bring intelligence, efficiency, and optimality to the power grid. Most of these changes will occur as an Internet-like communications network is superimposed on top of the current power grid using wireless technologies including 802.15.4, 802.11, and the Zigbee protocol. Each of these will expose the power grid to cyber security threats. In order to address this issue, this work proposes a Distributed Intrusion Detection System for Smart Grids (SGDIDS) by developing and deploying an intelligent module, the Analyzing Module (AM) in the multiple layers of smart grids. Multiple AMs will be embedded at each level of the smart grid - the home area network (HAN), neighborhood area network (NAN), and the Wide Area Network (WAN) - where they will use Artificial Immune System (AIS) to detect and classify malicious data and possible cyber attacks. AMs at each level will be trained using data that is relevant to their level and will also be able to communicate in order to improve detection. Simulation results demonstrate that this is a promising methodology for identifying malicious network traffic and improving system security.

Guihai Chen,Victoria C. Yan,Qing Li,Zengzhi,Liao,Zhigang

2005-01-01

Abstract:The wide application of network technology in power systems brings not only convenience and flexibility but also security threats. An architecture of network security for power system was proposed in this study,which protected data and facilities from being attacked by outside users by means of firewall, security monitor and control system. Firewall was basically the first line of defense for the intranet; the security monitoring system was a kind of IDS (Intrusion Detection System), while security control system provided authentication, authorization,data-encrypted transmission and security management. This architecture provides various security services, such as identification, authentication, authorization, data integrity and confidentiality.