Enhanced cyber‐physical security using attack‐resistant cyber nodes and event‐triggered moving target defence

IET Cyber-Phy Sys Theory & Ap

Stephen

Wallom

2023

Self Cite

Spot pricing is often suggested as a method of increasing demand‐side flexibility in electrical power load. However, few works have considered the vulnerability of spot pricing to financial fraud via false data injection (FDI) style attacks. The authors consider attacks which aim to alter the consumer load profile to exploit intraday price dips. The authors examine an anomaly detection protocol for cyber‐attacks that seek to leverage spot prices for financial gain. In this way the authors outline a methodology for detecting attacks on industrial load smart meters. The authors first create a feature clustering model of the underlying business, segregated by business type. The authors then use these clusters to create an incentive‐weighted anomaly detection protocol for false data attacks against load profiles. This clustering‐based methodology incorporates both the load profile and spot pricing considerations for the detection of injected load profiles. To reduce false positives, the authors model incentive‐based detection, which includes knowledge of spot prices, into the anomaly tracking, enabling the methodology to account for changes in the load profile which are unlikely to be attacks.

Section: Attacks Against Metering Infrastructurementioning

confidence: 99%

Detecting smart meter false data attacks using hierarchical feature clustering and incentive weighted anomaly detection

IET Cyber-Phy Sys Theory & Ap

Stephen

Wallom

2023

Self Cite

“…While in [14], event-based triggers are used to enhance phasor measurement unit (PMU) based detection. Event-based FDI distributed detection is also explored in [15].…”

Section: Background a Fdi Attacksmentioning

confidence: 99%

Topology Learning Aided False Data Injection Attack without Prior Topology Information

2021 IEEE Power &Amp; Energy Society General Meeting (PESGM)

Zhang

et al. 2021

Self Cite

False Data Injection (FDI) attacks against power system state estimation are a growing concern for operators. Previously, most works on FDI attacks have been performed under the assumption of the attacker having full knowledge of the underlying system without clear justification. In this paper, we develop a topology-learning-aided FDI attack that allows stealthy cyber-attacks against AC power system state estimation without prior knowledge of system information. The attack combines topology learning technique, based only on branch and bus power flows, and attacker-side pseudo-residual assessment to perform stealthy FDI attacks with high confidence. This paper, for the first time, demonstrates how quickly the attacker can develop full-knowledge of the grid topology and parameters and validates the full knowledge assumptions in the previous work.

Cyber–physical risk assessment for false data injection attacks considering moving target defences

Teng

et al. 2022

Int. J. Inf. Secur.

Self Cite

In this paper, we examine the factors that influence the success of false data injection (FDI) attacks in the context of both cyber and physical styles of reinforcement. Existing research considers the FDI attack in the context of the ability to change a measurement in a static system only. However, successful attacks will require first intrusion into a system followed by construction of an attack vector that can bypass bad data detection to cause a consequence (such as overloading). Furthermore, the recent development of moving target defences (MTD) introduces dynamically changing system topology, which is beyond the capability of existing research to assess. In this way, we develop a full service framework for FDI risk assessment. The framework considers both the costs of system intrusion via a weighted graph assessment in combination with a physical, line overload-based vulnerability assessment under the existence of MTD. We present our simulations on a IEEE 14-bus system with an overlain RTU network to model the true risk of intrusion. The cyber model considers multiple methods of entry for the FDI attack including meter intrusion, RTU intrusion and combined style attacks. Post-intrusion, our physical reinforcement model analyses the required level of topology divergence to protect against a branch overload from an optimised attack vector. The combined cyber and physical index is used to represent the system vulnerability against FDIA.