Suman Rath scite author profile

Cyber-physical microgrids hold the key to a carbon-neutral power sector since they enable renewable and distributed energy resource integration, can alleviate overloaded distribution systems, and provide economic energy by generating and consuming power locally. The utilization of cyber-physical assets such as controllers, IoT sensors and actuators, and communication devices can enhance the stability and improve the control of microgrids. However, such assets, if maliciously operated, can become attack entry points and jeopardize the grid operation. Blind and uncoordinated cyberattacks can be identified by existing security measures overcoming potential operational disruptions. However, rootkit attacks can stay hidden within cyber-physical systems and leverage system information to mask their presence. Rootkit detection is a strenuous process and requires advanced security methods due to their sophisticated operation. A careful analysis of possible rootkit target locations and their exploitation techniques is necessary to design effective threat detection and mitigation mechanisms. This paper discusses the cyber kill chain of a rootkit which can simultaneously deploy itself at multiple locations in a microgrid in a coordinated and stealthy way in order to maximize the impact on power system operations. The rootkit leverages system measurements to hide its presence and its attack impact from the detection mechanisms. CCS CONCEPTS• Security and privacy → Malware and its mitigation; • Hardware → Smart grid.

show abstract

Data-Driven Detection of Stealth Cyber-Attacks in DC Microgrids

Takiddin

Rath

Ismail

et al. 2022

IEEE Systems Journal

View full text Add to dashboard Cite

Cyber-physical systems like microgrids contain numerous attack surfaces in communication links, sensors, and actuators forms. Manipulating the communication links and sensors is done to inject anomalous data that can be transmitted through the cyber-layer along with the original data stream. The presence of malicious, anomalous data packets in the cyber-layer of a DC microgrid can create hindrances in fulfilling the control objectives, leading to voltage instability and affecting load dispatch patterns. Hence, detecting anomalous data is essential for the restoration of system stability. This paper answers two important research questions: Which datadriven detection scheme offers the best detection performance against stealth cyber-attacks in DC microgrids? What is the detection performance improvement when fusing two features (i.e., current and voltage data) for training compared with using a single feature (i.e., current)? Our investigations revealed that (i) adopting an unsupervised deep recurrent autoencoder anomaly detection scheme in DC microgrids offers superior detection performance compared with other benchmarks. The autoencoder is trained on benign data generated from a multi-source DC microgrid model. (ii) Fusing current and voltage data for training offers a 14.7% improvement. The efficacy of the results is verified using experimental data collected from a DC microgrid testbed when subjected to stealth cyber-attacks.

show abstract

Self-Healing Secure Blockchain Framework in Microgrids

Rath

Nguyen

Sahoo

et al. 2023

IEEE Trans. Smart Grid

View full text Add to dashboard Cite

Behind Closed Doors: Process-Level Rootkit Attacks in Cyber-Physical Microgrid Systems

Rath

Zografopoulos

Vergara

et al. 2022

View full text Add to dashboard Cite

Embedded controllers, sensors, actuators, advanced metering infrastructure, etc. are cornerstone components of cyber-physical energy systems such as microgrids (MGs). Harnessing their monitoring and control functionalities, sophisticated schemes enhancing MG stability can be deployed. However, the deployment of 'smart' assets increases the threat surface. Power systems possess mechanisms capable of detecting abnormal operations. Furthermore, the lack of sophistication in attack strategies can render them detectable since they blindly violate power system semantics. On the other hand, the recent increase of process-aware rootkits that can attain persistence and compromise operations in undetectable ways requires special attention. In this work, we investigate the steps followed by stealthy rootkits at the process level of control systems pre-and post-compromise. We investigate the rootkits' precompromise stage involving the deployment to multiple system locations and aggregation of system-specific information to build a neural network-based virtual data-driven model (VDDM) of the system. Then, during the weaponization phase, we demonstrate how the VDDM measurement predictions are paramount, first to orchestrate crippling attacks from multiple system standpoints, maximizing the impact, and second, impede detection blinding system operator situational awareness.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Suman Rath

A Cyber-Secure Distributed Control Architecture for Autonomous AC Microgrid

Stealthy Rootkit Attacks on Cyber-Physical Microgrids

Data-Driven Detection of Stealth Cyber-Attacks in DC Microgrids

Self-Healing Secure Blockchain Framework in Microgrids

Behind Closed Doors: Process-Level Rootkit Attacks in Cyber-Physical Microgrid Systems

Contact Info

Product

Resources

About