Moving-Target Defense for Detecting Coordinated Cyber-Physical Attacks in Power Grids

Lakshminarayana, Subhash; Belmega, Elena Veronica; Poor, H. Vincent

doi:10.1109/smartgridcomm.2019.8909767

Cited by 29 publications

(16 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Reference [22] proposes to use Flexible AC Transmission System (FACTS) devices to periodically perturb the reactance of certain lines in the network. Thus, an attack constructed with outdated reactances can be detected by the bad data detector (BDD).…”

Section: Coordinated Cyberattack Detection and Prevention Methodsmentioning

confidence: 99%

Decentralized Intrusion Prevention (DIP) Against Co-Ordinated Cyberattacks on Distribution Automation Systems

Appiah-Kubi

Liu

2020

IEEE Open J. Power Energy

View full text Add to dashboard Cite

Integration of Information and Communications Technology (ICT) into the distribution system makes today's power grid more remotely monitored and controlled than it has been. The fast increasing connectivity, however, also implies that the distribution grid today, or smart grid, is more vulnerable. Thus, research into intrusion/anomaly detection systems at the distribution level is in critical need. Current research on Intrusion Detection Systems for the power grid has been focused primarily on cyber security at the Supervisory Control And Data Acquisition, and single node levels with little attention on coordinated cyberattack at multiple nodes. A holistic approach toward system-wide cyber security for distribution systems is yet to be developed. This paper presents a novel approach toward intrusion prevention, using a multi-agent system, at the distribution system level. Simulations of the method have been performed on the IEEE 13-Node Test Feeder, and the results compared to those obtained from existing methods. The results have validated the performance of the proposed method for protection against cyber intrusions at the distribution system level.

show abstract

Section: Coordinated Cyberattack Detection and Prevention Methodsmentioning

confidence: 99%

Decentralized Intrusion Prevention (DIP) Against Co-Ordinated Cyberattacks on Distribution Automation Systems

Appiah-Kubi

Liu

2020

IEEE Open J. Power Energy

View full text Add to dashboard Cite

show abstract

“…Moving target defence (MTD) technologies for perturbation of cyber and/or physical topology to confuse attackers are explored, for instance in [40,41,60]. These are effective in preventing attackers from obtaining accurate system information to launch successful attacks, but it is not designed for capturing probing/reconnaissance activities attempted by persistent attackers that are hiding the infrastructure to prepare for a large-scale attack.…”

Section: Related Workmentioning

confidence: 99%

“…Reference [21] also discussed further concepts such as " -diversity" and " -mutation", and our design can be extended to support them in a straightforward manner. Furthermore, by wisely coordinating status and measurements messages reported by DecIED, we can mislead/lure attackers to mount non-optimal attack or attacks that can be detected or prevented by other security schemes, by incorporating the moving target defence [40]. Such extension is left for our future work.…”

Section: Deception Technologies For Smart Grid Securitymentioning

confidence: 99%

See 1 more Smart Citation

DecIED: Scalable k-Anonymous Deception for IEC61850-Compliant Smart Grid Systems

Yang

Mashima

Lin

et al. 2020

Proceedings of the 6th ACM on Cyber-Physical System Security Workshop

View full text Add to dashboard Cite

As demonstrated by the past real-world incidents, sophisticated attackers targeting our critical infrastructure may be hiding in the system, perhaps at this moment, in order to collect information and prepare for massive attacks. If an attacker is mostly passive and monitoring SCADA communication traffic or is clever enough to act under the radar of intrusion/anomaly detection systems, it is challenging to counter them. In this direction, deception technology is an effective cybersecurity tool, by deploying a large number of dummy and decoy devices throughout the system infrastructure to be protected, for capturing probing attempts and lateral movement of persistent attackers and malware. In this paper, we discuss the practical design and implementation of high-fidelity deception devices for smart power grid systems, named DecIED. DecIED imitates the device characteristics and communication models of IEC 61850-compliant IEDs (intelligent electronic devices) and thus realize-anonymous smokescreen, which virtually shows − 1 indistinguishable decoy devices, to protect our critical infrastructure. Based on our prototype implementation, a single industry PC can host over 200 deception devices, which demonstrates DecIED's scalability and feasibility of integration into the existing systems. CCS CONCEPTS • Security and privacy → Intrusion/anomaly detection and malware mitigation; • Computer systems organization → Embedded and cyber-physical systems; • Networks → Cyberphysical networks; • Hardware → Smart grid.

show abstract

“…In the literature, there are different types of cyberattacks for power grids [13]. On one side, some attacks focus on damaging components in the systems, such as damaging generation machines in the Aurora case [22], while others attempt blackouts like the cyberattacks in Ukraine [18].…”

Section: Use-case 1: Testing the Behavior Of Malwarementioning

confidence: 99%

Towards a High-Fidelity Network Emulation of IEC 104 SCADA Systems

Salazar

Ortiz

Qin

et al. 2020

Proceedings of the 2020 Joint Workshop on CPS&IoT Security and Privacy

View full text Add to dashboard Cite

With the rise of malware targeting industrial control systems, researchers need more tools to develop a better understanding of the networks under attack, the potential behavior of malware, and design possible defenses. One of the most important protocols used in practice today is IEC 104, which is used to monitor and control the Power Grid of several countries, as well as to monitor and control other critical infrastructures such as gas, oil, and water systems. In this paper we present our preliminary results in implementing the IEC 104 industrial protocol standard in Python and integrate it to a network emulation tool supported by Mininet. CCS CONCEPTS• Computing methodologies → Simulation environments; Simulation tools; • Security and privacy → Domain-specific security and privacy architectures; • Networks → Cyber-physical networks.

show abstract

Moving-Target Defense for Detecting Coordinated Cyber-Physical Attacks in Power Grids

Cited by 29 publications

References 23 publications

Decentralized Intrusion Prevention (DIP) Against Co-Ordinated Cyberattacks on Distribution Automation Systems

Decentralized Intrusion Prevention (DIP) Against Co-Ordinated Cyberattacks on Distribution Automation Systems

DecIED: Scalable k-Anonymous Deception for IEC61850-Compliant Smart Grid Systems

Towards a High-Fidelity Network Emulation of IEC 104 SCADA Systems

Contact Info

Product

Resources

About