As one of the most serious types of cyber attack, Advanced Persistent Threats (APT) have caused major concerns on a global scale. APT refers to a persistent, multi-stage attack with the intention to ...compromise the system and gain information from the targeted system, which has the potential to cause significant damage and substantial financial loss. The accurate detection and prediction of APT is an ongoing challenge. This work proposes a novel machine learning-based system entitled MLAPT, which can accurately and rapidly detect and predict APT attacks in a systematic way. The MLAPT runs through three main phases: (1) Threat detection, in which eight methods have been developed to detect different techniques used during the various APT steps. The implementation and validation of these methods with real traffic is a significant contribution to the current body of research; (2) Alert correlation, in which a correlation framework is designed to link the outputs of the detection methods, aims to identify alerts that could be related and belong to a single APT scenario; and (3) Attack prediction, in which a machine learning-based prediction module is proposed based on the correlation framework output, to be used by the network security team to determine the probability of the early alerts to develop a complete APT attack. MLAPT is experimentally evaluated and the presented system is able to predict APT in its early steps with a prediction accuracy of 84.8%.
Direct current microgrids (DCMGs) are swiftly moving toward the realm of communication-dependent distributed cooperative control strategies. The incorporation of cyber layer for robustness, ...scalability, and reliability makes the system vulnerable toward cyber-attacks. The extent of damage caused by these attacks on DCMG is substantial, to the point where ceasing the operation may become necessary. This article proposes a resilient strategy for the detection and mitigation of the most prominent false data injection attacks (FDIAs) on actuators of nodes of DCMG. An accurate error-free detection is guaranteed using a state machine-based model that makes use of a dynamic signature function that monitors the actuator signal and its estimated value. Linear functional observer (LFO) based mitigation scheme is proposed, in which the affected node is switched to LFO upon a true attack detection. The proposed technique is consistent during transients. Experimentation and simulation studies are carried out for various practical situations for a four-node DCMG to validate the proposed theory.
Cyber-Attacks in Modular Multilevel Converters Burgos-Mellado, Claudio; Donoso, Felipe; Dragicevic, Tomislav ...
IEEE transactions on power electronics,
07/2022, Volume:
37, Issue:
7
Journal Article
Peer reviewed
Open access
Distributed control of modular multilevel converter (MMC) submodules (SMs) offers several potential benefits such as flexibility, scalability, and modularity. In this approach, low-level control ...tasks, such as capacitor voltage balancing, can be distributed amongst controllers placed in the SMs. This decreases the computational burden for the central control system that performs high-level control tasks; also, a single point of failure is avoided. Distributed control architecture requires a cyber-physical network (CFN) through which local controllers share all the information necessary to perform their respective control loops. To date, none of the reported works in this field have paid attention to potential imperfections in the CFN. Indeed, previous works are based on the assumption that the network always provides correct information to the local controllers. However, erroneous measurements in the CFN may degrade the distributed control scheme operation, leading to suboptimal or even unstable operation. These events can occur in the presence of cyberattacks, for example, which can be created through illegitimate data intrusion into the distributed control architectures. This article is the first to investigate the impacts of cyberattacks on distributed control schemes used in MMCs. The effects of a specific cyberattack, named false data injection attack (FDIA), on a consensus-based distributed control strategy are studied in this article. Additionally, a method for detecting FDIAs is proposed, along with a countermeasure strategy, to ensure the safe operation of the MMC, while the attack is cleared. The proposals reported in this article are validated using simulation and experimental results.
The cyber security of modern power systems has drawn increasing attention in both academia and industry. Many detection and defense methods for cyber-attacks have therefore been proposed to enhance ...robustness of modern power systems. In this paper, we propose a new, distributed blockchain-based protection framework to enhance the self-defensive capability of modern power systems against cyber-attacks. We present a comprehensive discussion on how blockchain technology can be used to enhance the robustness and security of the power grid, by using meters as nodes in a distributed network which encapsulates meter measurements as blocks. Effectiveness of the proposed protection framework is demonstrated via simulation experiments on the IEEE-118 benchmark system.
•A hybrid-triggered scheme is introduced to solve the network constraints.•A mathematical model of multiple cyber attacks is established for NCS.•A control protocol is proposed for the ...hybrid-triggered scheme.
This paper addresses the hybrid-triggered security control design for the networked control system (NCS) under multiple cyber attacks. A hybrid-triggered scheme (HTS) is introduced to mitigate the burden of the network transmission. Besides, a new model of multiple cyber attacks is built by simultaneously considering deception attacks and DoS attacks. In addition, A novel NCS model based on multiple cyber attacks is established with the hybrid-triggered scheme. Then, based on Lyapunov stability theory, criteria for guaranteeing the closed-loop system stability and achieving hybrid-triggered security controller design are derived. Finally, an illustrative example is given to validate the usefulness of the theoretical results.
The deployment of control systems with network-connected components has made feedback control systems vulnerable to attacks over the network. This paper considers the problem of intrusion detection ...and mitigation in supervisory control systems, where the attacker has the ability to enable or disable vulnerable actuator commands and erase or insert vulnerable sensor readings. We present a mathematical model for the system under certain classes of actuator enablement attacks, sensor erasure attacks, or sensor insertion attacks. We then propose a defense strategy that aims to detect such attacks online and disables all controllable events after an attack is detected. We develop an algorithmic procedure for verifying whether the system can prevent damage from the attacks considered with the proposed defense strategy, where damage is modeled as the reachability of a pre-defined set of unsafe system states. The technical condition of interest that is necessary and sufficient in this context, termed “GF-safe controllability”, is characterized. We show that the verification of GF-safe controllability can be performed using diagnoser or verifier automata. Finally, we illustrate the methodology with a traffic control system example.
This paper addresses the problem of dynamic event-triggered (DET) control for networked interval type-2 (IT2) fuzzy systems subject to multiple cyber-attacks, which contain deception attacks and ...aperiodic denial-of-service attacks simultaneously. Firstly, a multiple cyber-attack model is established for the IT2 fuzzy systems with multiple cyber-attacks and external disturbances. Secondly, an improved DET mechanism (DETM) is proposed to reduce the communication burden. Contrasting with existing works, by introducing two adjustable parameters into the novel DETM, the presented DETM has more flexibility in adjusting the data packet transmissions to conserve more limited network resources. Meanwhile, the Zeno behavior is probably excluded under the proposed DETM while preserving the system performance. Thirdly, imperfectly matched membership functions (MFs) are considered between fuzzy controller and IT2 fuzzy model, and the global boundary information of MFs and slack matrices are introduced to relax stability conditions. Besides, by constructing a proper Lyapunov-Krasovskii functional, sufficient conditions are obtained to ensure the exponentially mean-square stable of the IT2 fuzzy systems with <inline-formula><tex-math notation="LaTeX">H_{\infty }</tex-math></inline-formula> performance. Finally, two simulation examples are provided to illustrate the effectiveness of the theoretical results.
For the stability analysis and stabilization synthesis problems, this paper considers networked control systems (NCSs) with the transmission delay and the deception attack under aperiodic samplings, ...where the deception attack and its activation function are represented as a sector bound function and a random variable with Bernoulli distribution, respectively. This paper proposes the stability and stabilization criteria for the NCSs by constructing Lyapunov–Krasovskii (L–K) functionals with continuous functionals and looped-functionals. Compared with the literature, the proposed continuous functionals take into account the mixed delay including the transmission delay and the maximum allowable sampling interval, as well as the augmented vector and integral terms. Also, the proposed looped-functionals construct two augmented vectors with integral vectors that are zeros at t=tk and t=tk+1, respectively. By utilizing these two augmented vectors, the looped-functionals fully utilize the sampling patterns compared with the literature. Based on the proposed L–K functionals, this paper derives not only the stability criterion for the NCSs with the transmission delay, but also the stabilization criterion for the NCSs with the transmission delay and the deception attack in terms of linear matrix inequalities (LMIs), respectively. Numerical example demonstrates the validity of the proposed approach.
DC microgrids are considered as the next generation of power systems because of the possibility of connecting various renewable energy sources to different types of loads based on distributed ...networks. However, due to the strong reliance on communication networks, DC microgrids are vulnerable to intentional cyber-attacks. Therefore, in this paper, a robust cyber-attack detection scheme is proposed for DC microgrid systems. Utilizing the parity-based method, a multi-objective optimization problem is formulated to achieve robust detection against electrical parameter perturbations and unknown disturbances. An analytical solution is then provided using the singular value decomposition approach. With the disturbance decoupling scheme, the presented detection strategy can monitor the system with only local knowledge of the DC microgrid. The proposed method is easy to design and with less computation complexity. The performances of the provided scheme are validated by simulation tests and experimental results.
•A comprehensive attack detection scheme for distributed DC microgrids.•Cyber-attack detection techniques that rely on parity-based relations.•Robust detection against microgrid modeling uncertainties.•Improved sensitivity to the residuals by optimization method.
This paper proposes an improved security-based event-triggered fuzzy control (ETFC) method for studying the asymptotic stability (AS) problem of nonlinear networked control systems (NCSs) under ...denial-of-service (DoS) attacks. The nonlinear NCSs are linearized using the central mean fuzzy method to obtain T-S fuzzy NCSs. Lyapunov-Krasovskii functionals (LKFs) with nonlinear problems are constructed based on fuzzy membership functions (FMFs). A relaxed condition including nonlinear parameters is given, which considers the nonlinear optimization problem and reduces the positive definiteness constraint problem of LKFs. An improved doubleclosed delay correlation function is constructed to obtain more sampling information. Furthermore, a quadratic scaling method is used to obtain a tighter upper bound, making the criterion less conservative. A DoS attack causes the channel's throughput to drop and collapse. Thus, we design ETFC based on the improved descent gradient algorithm to ensure the communication security of the helicopter system (HS). Finally, the communication security and stability of HS are verified using the Simulink platform.
PDF
