Kang-Di Lu,Zheng-Guang Wu

DOI: https://doi.org/10.1109/icarm54641.2022.9959185

2022-01-01

Abstract:The cyber-physical power system (CPPS) is evolved from the traditional power system by the deployment of information networks with control systems, computational units, and communication networks. However, their integration into CPPS introduces new challenges in maintaining security. Various malicious cyber-attacks are drawn much attention recently after the discovery of the impact on CPPS state estimation. Thus, it is of great significance for operators to detect cyber-attacks and identify the types of attacks in CPPS to make decisions appropriately. This problem can be viewed as a multi-class classification problem from the perspective of machine learning. Accordingly, this paper proposes an ensemble learning-based cyber-attacks detection model for CPPS state estimation. In the proposed model, we use the subspace features and then send the data to the classifier for ensemble, where decision trees and random vector functional link networks are introduced as the basic classifier. The proposed model is validated by employing simulated data on IEEE 14-bus and 30-bus systems. Simulation results demonstrate the performance of the proposed cyber-attacks detection model.

Wenting Wang,Dongqin Feng,Mingliang Chen,Shuxian Yang

DOI: https://doi.org/10.1109/ccdc62350.2024.10588015

2024-01-01

Abstract:This work investigates the problem of detecting and localizing attacks on a class of power cyber-physical systems (CPSs) in the presence of dynamic load alteration attacks (D-LAA). The power CPS is modeled as a discrete-time system with an unknown input, assuming that the sampling process is periodic and the D-LAA is bounded. This study delves into the investigation of attack detection and localization within a specific category of power cyber-physical systems (CPSs) when dealing with dynamic load alteration attacks (D-LAA). A novel Maximum Correntropy Robust Two-Stage Kalman Filter (MCRTSKF) is proposed so that the accurate state estimation for power CPS is achieved in spite of anomalous noise. Meanwhile, some essential parameters for the designed filter are obtained through the fixed-point iteration-stop parameter selection method. Furthermore, based on the state estimate value, the attack detection and localization procedure is presented. Finally, the validity and effectiveness of the proposed attack detection and localization schemes are illustrated by case studies on an IEEE 9-bus system.

Sheng Xu,Yongxiang Xia,Hui-Liang Shen

DOI: https://doi.org/10.1109/tcsii.2020.2999875

2020-01-01

Abstract:In this brief, we analyze the damage caused by malware-induced cyber attacks in Cyber-Physical Power Systems (CPPSs). Incubation period and detection probability of the malware are considered in our analytical framework. From attacker's perspective, the trade-off between attack effectiveness and detection risk is studied to help choose the best attack timing and obtain the maximum payoff. Moreover, we conduct case studies in CPPSs formed by coupling IEEE 118-Bus System with scale-free communication networks. Simulation results reveal that the maximum expected payoff for the attacker is affected by the coupling pattern and the structure of communication network in CPPSs.

Sheng Xu,Yongxiang Xia,Hui-Liang Shen

DOI: https://doi.org/10.1109/jsyst.2022.3150576

IF: 4.802

2022-01-01

IEEE Systems Journal

Abstract:In this article, we study how to resist malware attacks in cyber-physical power systems (CPPSs) through cyber protection. A model that incorporates the power flow analysis, the cyber monitoring and control, and the factor of cyber protection is proposed to simulate malware attacks in CPPSs. Meanwhile, an evaluation method is also developed to estimate the effectiveness of different cyber protection strategies. Through simulations, we conduct case studies in a test CPPS generated by coupling the IEEE 118 Bus System with a scale-free communication network. The protection effects of three heuristic cyber protection strategies, namely, target protection, random protection, and acquaintance protection are compared and analyzed. Simulation results reveal that compared with the other two strategies, target protection can suppress malware propagation and resist malware attacks more effectively. Moreover, we also investigate the optimal cyber protection problem in CPPSs and formulate it as a zero-one integer programming problem. We solve the problem by genetic algorithm and find that some low-degree cyber nodes also play a significant role in resisting malware attacks in CPPSs, especially when the protection budget is tight.

G Y Sree Varshini,S Latha

DOI: https://doi.org/10.1016/j.heliyon.2024.e26332

IF: 3.776

2024-02-19

Heliyon

Abstract:Cyber-Physical Power System (CPPS) refers to a system in which the elements of the internet and the physical power system communicate and work together. With the use of modern communication and information technology, grid monitoring and control have improved. However, the components of a cyber system are extremely vulnerable to cyberattacks via cyber connections due to inadequate cyber security measures. Therefore, an adaptive defence strategy is required for the analysis and mitigation of the coordinated attack. The conventional approach of using an offline controller requires tuning for changes in the operating conditions of the system, which is inappropriate for the modern CPPS. To counter the coordinated attack, a framework that integrates STATCOM based Adaptive Model Predictive Controller with RPME and time delay compensator is proposed. This paper addresses attack impact, detection, and mitigation methods in CPPS. In both time domain and frequency domain simulations the case studies are conducted for three distinct situations namely physical attack, cyberattack, and coordinated attack. Convolutional Neural Network (CNN), Support Vector Machine (SVM), Random Forest (RF), and K Nearest Neighbour (KNN) are four data-driven methods used for the detection of anomalies in PMU measurement data. Simulation studies show that CNN performs better in anomaly detection than other classifiers based on assessed performance metrics. For coordinated attack mitigation the proposed STATCOM based Adaptive Model Predictive Controller with RPME quickly recovers the system than the STATCOM based conventional lead-lag controller. The efficacy of the proposed strategy is validated on the WSCC 3 machine 9 bus system.

Lei Li,Wenting Wang,Qiang Ma,Kunpeng Pan,Xin Liu,Lin Lin,Jian Li

DOI: https://doi.org/10.1016/j.amc.2021.126056

IF: 4.397

2021-07-01

Applied Mathematics and Computation

Abstract:<p>This paper mainly studies the problem of cyber attack estimation and detection in cyber-physical power systems (CPPS). Firstly, CPPS under cyber state attack and sensor attack are modeled through system characteristics. Secondly, to achieve attack estimation, two robust observers are designed for the CPPS under state attack and sensor attack respectively, which can guarantee the error systems are asymptotically stable with a prescribed <span class="math"><math>H∞</math></span> performance. Next, to achieve attack detection, attack detection logic is introduced by comparing the threshold with the estimated attack. Finally, in order to show the feasibility of the state attack and sensor attack detection, taking power systems with three generators and six buses as an example, the simulation results are given.</p>

mathematics, applied

Haicheng Tu,Yongxiang Xia,Chi K. Tse,Xi Chen

DOI: https://doi.org/10.1109/access.2020.3003323

IF: 3.9

2020-01-01

IEEE Access

Abstract:Over the past decade, the cyber security of power systems has been widely studied. Most previous studies have focused on cyber physical attacks, and barely considered one typical cyber attack: availability attack. We propose a hybrid attack model and apply conventional state estimation processes to study cyber attacks on power grids in this paper. The proposed model considers both integrity attack and availability attack simultaneously. Compared with the particular attack, namely, false data injected attack, we analyze their consequences to power systems in the events of false negatives attack and false alarm attack. The results show that the hybrid attack can confuse the control center by manipulating the integrity and availability of measurements. More importantly, we evaluate the hybrid attack with different values of the cost ratio between integrity and availability attacks, and then verify that the hybrid attack can achieve the same goal with a reduced cost.

Kang-Di Lu,Zheng-Guang Wu

DOI: https://doi.org/10.1109/tcsii.2022.3181827

2022-01-01

Abstract:In cyber-physical power systems (CPPSs), false data injection attack (FDIA) has drawn much attention due to its stealthiness. It is of great importance to investigate the potential behaviors of attackers to improve the cyber-security of CPPSs. However, most FDIA models are often constructed separately on the effect of attackers or the impact of attacks. Accordingly, this brief proposes a multi-objective stealthy FDIA scheme in AC grid model. The attack model is described as a multi-objective optimization problem, where minimization of contaminated measurements and maximization of the attack impact are considered as two objectives while remaining stealthy. To deal with the established attack model, a non-dominated sorting genetic algorithm II (NSGAII) is introduced as the solver. To improve the efficiency of generating attack vector, a new representation mechanism is proposed to describe locations and values of injected states. Additionally, during the evolutionary process, we propose a mutation operation to balance the sparsity and impact of FDIA. Simulation results on the IEEE 14-bus, 30-bus, and 118-bus systems demonstrate the feasibility of the NSGAII-based FDIA model.

Kang-Di Lu,Zheng-Guang Wu,Tingwen Huang

DOI: https://doi.org/10.1109/tmech.2022.3214314

2023-01-01

Abstract:With the rapid development of communication, control, and computer technology, traditional power systems have evolved into cyber-physical power system (CPPS). However, CPPS not only affords convenience but also introduces more cyber-attacks. Among many types of cyber-attacks, false data injection attacks (FDIAs) have drawn much attention in the CPPS security domain due to their stealthiness. Most FDIAs are based on the static model on a single snapshot and often ignore the reality of dynamically time-evolving CPPS. Accordingly, this article proposes a novel three-stage dynamic false data injection attack (DFDIA) model in CPPS by considering potential dynamic behaviors. To consider both attack location and attack amplitude, the designing DFDIA is formulated as two constrained single-objective optimization problems. Two versions of constrained differential evolution are presented as the solver to determine the attack location and optimize the attack vector for collaboratively altering the meter measurements. Then, an interval state forecasting-based countermeasure is proposed to detect the established DFDIA. In this detector, the variation bounds of state values are determined via ensemble deep learning-based state forecasting method. Finally, extensive simulation results on several IEEE bus systems demonstrate the feasibility of DFDIA and the effectiveness of the defense mechanism.

Aidong Xu,Xingpu Cai,Mengya Li,Yang Cao,Huajun Chen,Wei Ding,Chao Hong,Zhibing Wu,Qi Wang

DOI: https://doi.org/10.1109/cyber46603.2019.9066579

2019-01-01

Abstract:With the development of information and communication technology, power system has integrated deeply with communication system, which is a typical cyber physical system. While the development of smart grid makes the power side control more accurate and efficient, it also poses potential cyber attack risks. Attackers can cause grid faults and further power outages by disguising the attack behaviors as natural faults. When the grid is on operation, a large amount of data is generated on both the power side and the information side. Therefore, identifying the cause of the grid faults correctly through data mining can be helpful to take correct countermeasures in time to prevent the fault from expanding. In this paper, an identification method is proposed based on the collaborative characteristic sequence of a certain event and is verified on a four-machine two-zone system. The results show that method is effective and reliable.

Lei Wang,Zhaoyang Qu,Yang Li,Kewei Hu,Jian Sun,Kai Xue,Mingshi Cui

DOI: https://doi.org/10.1109/ACCESS.2020.2982057

2020-03-23

Abstract:In the analysis of coordinated network attacks on electric power cyber-physical system (CPS), it is difficult to restore the complete attack path, and the intent of the attack cannot be identified automatically. A method is therefore proposed for the extracting patterns of coordinated network attacks on electric power CPS based on temporal-topological correlation. First, the attack events are aggregated according to the alarm log of the cyber space, and a temporal-causal Bayesian network-based cyber attack recognition algorithm is proposed to parse out the cyber attack sequences of the same attacker. Then, according to the characteristic curves of different attack measurement data in physical space, a combination of physical attack event criteria algorithm is designed to distinguish the types of physical attack events. Finally, physical attack events and cyber attack sequences are matched via temporal-topological correlation, frequent patterns of attack sequences are extracted, and hidden multi-step attack patterns are found from scattered grid measurement data and information from alarm logs. The effectiveness and efficiency of the proposed method are verified by the testbed at Mississippi State University.

Cryptography and Security,Systems and Control,Optimization and Control

Qi Wang,Xingpu Cai,Yi Tang,Ming Ni

DOI: https://doi.org/10.1016/j.ijepes.2020.106515

IF: 5.659

2021-01-01

International Journal of Electrical Power & Energy Systems

Abstract:Cyber-attacks present great challenges to modern power systems. Well-designed cyber-attacks can mimic normal faults, making it difficult to identify the causes of power system faults. Collaboratively applying bilateral information from both the cyber side and the physical side can help to accurately identify fault causes (e.g., incidental faults or cyber-attacks), which can provide a premise for taking timely countermeasures to avoid the spread of failure. In this paper, to comprehensively express the system state, a data fusion model is first proposed to combine this bilateral information, together with a discretization method based on expert experience. Then, a characteristic sequence extraction method is presented to obtain patterns indicative of different kinds of events. To improve the identification accuracy and efficiency of the pure sequence-matching-based identification method, empirical sequences and original data are integrated to drive a new identification method. Finally, the proposed methods are verified by simulations on a co-simulation platform. The results show that practical requirements can be met in terms of reliability, efficiency and accuracy.

Di Wang,Fangyu Li,Kaibo Liu,Xi Zhang

DOI: https://doi.org/10.1145/3582009

2024-01-01

ACM Transactions on Sensor Networks

Abstract:Cyber-Physical Systems (CPS) has emerged as a paradigm that connects cyber and physical worlds, which provides unprecedented opportunities to realize intelligent applications such as smart home, smart cities, and smart manufacturing. However, CPS faces a great number of information security challenges (e.g., attacks) due to the integration of CPS as well as the human behaviors and interactions. Therefore, accurate and real-time attack detection and identification are essential to ensure information security and reliability of CPS. In this paper, we propose a novel integrated learning method that accurately detects an attack of a CPS system and then identifies the attack type in real time. Specifically, we consider a One-Class Support Vector Machine (OCSVM) model that only relies on the data from the normal state for training to achieve a real-time and effective detection of a CPS system state (i.e., normal or under-attack). If the system is detected to be under-attack, we then develop a Pairwise Self-supervised Long Short-Term Memory (PSLSTM) approach to identify the attack type, which aims to accurately distinguish the known attack types and discover unknown new attacks. Lastly, experimental results show the proposed method achieves promising performances compared with conventional and state-of-the-art learning-based benchmarks.

Yishuang Hu,Zhengwei Jiang,Yikai Sun,Yi Ding,Chenbo Xu,Xueqi Jin

DOI: https://doi.org/10.1088/1755-1315/467/1/012113

2020-01-01

IOP Conference Series Earth and Environmental Science

Abstract:Aiming at monitoring the behaviour of power system to make it work correctly and better, cyber physical power system (CPPS) was introduced. However, due to the high integration of cyber system, the complexity of power system is greatly enhanced, which puts forward higher requirements for the reliable and safe operation of CPPS. Moreover, when the cyber system is under attack, abnormal information flow may lead to abnormal energy flow. Therefore, this paper proposes a data transmission mechanism to analyse the information flow among CPPS. A data transmission optimization model based on the transmission matrix is constructed. The data transmission from the cyber system to the power system is quantified by the model. The practicability of the proposed data transmission mechanism is given by numerous cases.

Wenjun Bi,Kaifeng Zhang,Yaping Li,Kun Yuan,Ying Wang

DOI: https://doi.org/10.1109/jsyst.2019.2911869

IF: 4.802

2019-01-01

IEEE Systems Journal

Abstract:The safety and security of load frequency control (LFC) system are menaced by cyber attacks and physical attacks. Sophisticated attackers can launch cyber-physical attacks (CPAs), in which cyher attacks are used to increase the impacts of physical attacks by sending wrong instructions to the LFC controller. Considering that parameters of cyber attacks in CPAs may be either fixed or variable, a novel detection scheme is designed against two potential CPAs on an LFC system, namely fixed cyber-physical attacks (FCPAs) and variable cyber-physical attacks (VCPAs), respectively. As for FCPAs, dynamic characteristics of Area Control Error (ACE) are utilized to detect the compromised data. Compared with FCPAs, VCPAs are more deceptive. A relation-based (RB) feature extraction method is introduced to distinguish the signals compromised by VCPAs from the normal ones. A detection model that does not require compromised samples is developed with the aid of support vector domain description. In the end, a comprehensive detection scheme is designed to detect both FCPAs and VCPAs on the LFC system.

Tailin Zhou,Kaishun Xiahou,L. L. Zhang,Q. H. Wu

DOI: https://doi.org/10.1109/tii.2020.3048386

IF: 12.3

2021-01-01

IEEE Transactions on Industrial Informatics

Abstract:This article studies the online detection of false data injection attacks (FDIAs) and coordinated cyber-physical attacks (CCPAs) on power systems. By analyzing the hidden physical meaning of CCPAs, a cyber-physical FDIA with CCPA as a special case is proposed to establish the connection between FDIA and CCPA. Based on a discrete-time system dynamic model, an adaptive nonparametric cumulative sum (AN-CUSUM) detector is devised to deal with FDIAs and CCPAs simultaneously. The AN-CUSUM algorithm estimates the abnormal change of the state vector caused by attacks one step in advance and standardizes the decision statistics of conventional cumulative sum (CUSUM) to simplify the setting of thresholds. The proposed detector is robust to a wide range of time-varying system states and attack magnitudes. Moreover, a verification method is designed in the proposed detector to differentiate CCPAs and FDIAs according to unique characteristics of CCPAs, namely, the construction of CCPAs depends on the physical system parameter. Numerical results reveal that the proposed detector is more reliable to detect both FDIAs and CCPAs than existing CUSUM-based methods.

Aidong Xu,Yixin Jiang,Yunan Zhang,Chao Hong,Xingpu Cai

DOI: https://doi.org/10.1109/appeec48164.2020.9220716

2020-01-01

Abstract:With the great development of the information communication technology, power systems have been typical Cyber Physical Systems (CPSs). Although the control function of the grid side is becoming more intelligent, Grid Cyber Physical System (GCPS) brings the risk of potential cyberattacks. In this paper, the impacts of cyber-attacks against GCPS are analyzed based on confusion matrix model firstly, then a double-layer cyber physical collaboration control strategy adjustment methods is proposed considering the status of cyber modules and physical devices infected by cyber-attacks. Finally, the feasibility and effectiveness of the proposed method are verified on the IEEE standard system.

Wenfeng Deng,Zili Xiang,Keke Huang,Jie Liu,Chunhua Yang,Weihua Gui

DOI: https://doi.org/10.1109/tie.2023.3294646

IF: 7.7

2024-01-01

IEEE Transactions on Industrial Electronics

Abstract:The massive integration of advanced cyber technologies with power grids has expanded the attack surface area of cyber-physical power systems (CPPSs), where timely detection is of paramount importance for their safe and reliable operation. However, most studies on securing CPPS rarely considered resource constraints, resulting in the unsatisfactory performance of security solutions in practical applications. To gain insight into attack behavior in realistic scenarios, this article fully develops the concept of load redistribution (LR) attacks and designs an intelligent version that considers both concealment property and resource limitation. Then, aiming to develop an effective countermeasure, this article provides a novel attack detection method based on power load pattern learning, which consists of a power load predictor and subsequent attack detector, to determine the existence of intelligent LR attacks. Specifically, a multichannel power load predictor based on the SARIMAX model is proposed to capture both temporal and spatial correlations of power load data for accurate prediction. Using augmented features, a dictionary-learning-based attack detector that can handle the class imbalance problem by unsupervised learning is capable to detect the intelligent LR attacks. Finally, experiments on numerical simulation and the CPPS-HITL platform are conducted to verify the effectiveness and practical availability of the proposed method.

Qingyu Su,Handong Wang,Chaowei Sun,Bo Li,Jian Li

DOI: https://doi.org/10.1016/j.amc.2021.126639

IF: 4.397

2022-01-01

Applied Mathematics and Computation

Abstract:In modern power systems, the connection between cyber part and physical part is more and more close and deeply coupled, while cyber-physical power systems (CPPS) can exactly describe the dynamic process of modern power grids. The problem of secure state estimation and attack reconstruction of cyber-attacks corrupting states of CPPS is addressed. First, the classical small signal model of CPPS under disturbance and cyber-attacks is established. Then, an intermediate observer is proposed to realize the security state estimation and state attack reconstruction of CPPS under cyber-attacks, meanwhile, the linear matrix inequality (LMI) is used to solve the parameters of the intermediate observer. Finally, an attack defense strategy satisfying optimal economic dispatch is proposed. Case studies are presented to assess the effectiveness of intermediate observer reconstruction and the effectiveness of defense strategy.

mathematics, applied

Deepak Dahiya

DOI: https://doi.org/10.1007/s11042-023-18013-x

IF: 2.577

2024-02-07

Multimedia Tools and Applications

Abstract:For ensuring the proper operation of CPS, it is required to obtain a solution to the security problem. Applications for cyber-physical systems (CPS) have a big impact on several industrial sectors. Growing in both quantity and variety are cyber attacks try to manage both the industrial process itself as well as data collection from CPS. Attacks on CPS must be identified and stopped in order to avoid financial loss, production disruptions, and possible threats to national security. This paper models a cyber-attack detection and mitigation framework using a hybrid classifier (CADFHC) including the steps like (1) Pre-processing, (2) Feature Extraction (3) Feature Selection (4) Detection & (5) Mitigation. The initial data is preprocessed via z-score normalization. Higher-order statistical features, mutual information, correlation, and raw features, will be retrieved in the feature extraction step. From the extracted feature set, an improved PCA will be used for selecting the appropriate features. In the detection phase, the hybrid model combining improved Bi-GRU & RNN is used for detecting the presence of an attack. After the attack detection process, the mitigation process will be performed by eliminating the attackers from the network. For this, modified distribution entropy function-based mitigation is performed. Finally, the effectiveness of the accepted model is compared with the conventional models with different metrics. The CADFHC approach has attained the most excellent outcomes (0.99) under the best case scenario.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering