In this letter, we present a single mixed-integer linear programming (MILP) model for high-stealth false data attacks (FDAs) on overloading a set of lines by injecting stealthy false data. The ...proposed model reveals that an intelligent attacker is able to deliberately construct a valid attack vector to overload multiple transmission lines while hiding it among normal data to evade advanced anomaly detection methods. In addition, the proposed cyber-attack mode can help the attacker optimally select the targeted lines. Simulation results on multiple large-scale test systems validate the effectiveness of the proposed approach.
•An efficient analytical reliability assessment method is proposed for CPDS with DFA.•The reliability model of cyber system with DFA is built.•Cyber impacts of both device failures and cyber-attacks ...on power supply reliability are investigated.
Cyber-physical distribution system (CPDS) handles power grid faults by feeder automation. The reliability assessment of CPDS has been intensively discussed for centralized feeder automation (CFA) in existing researches. However, the inapplicability of CFA reliability models, and the low computation efficiency issue of the mostly used Monte Carlo method greatly limits their application in practical engineering cases of the large-scale CPDS with the distributed feeder automation (DFA) mode. Thus, this paper proposes a region-based analytical reliability assessment method for DFA, which has high computation efficiency in the large-scale CPDS. Firstly, the reliability impacts of cyber system anomalies in the DFA mode are analysed and the cyber reliability models are built considering both cyber device failures and cyber-attacks. Then, the cyber system status is integrated into malfunction probability modelling of switches for reliability assessment. Finally, the load reliability is assessed based on the fault region division by the proposed analytical method and the reliability indices are calculated. The accuracy, efficiency and scalability of the proposed method are verified in case studies.
Phasor measurement units (PMUs) are playing an increasingly important role in wide-area monitoring and the control of power systems. PMUs allow synchronous real-time measurements of voltage, phase ...angle, and frequency from multiple remote locations in the grid, enabled by their ability to align to global positioning system (GPS) clocks. Given that this ability is vulnerable to GPS spoofing attacks, which have been confirmed easy to launch, in this paper, we propose a distributed real-time wide-area oscillation estimation approach that is robust to GPS spoofing on PMUs and their associated phasor data concentrators. The approach employs the idea of checking update consistency with histories and across distributed nodes and can tolerate up to one third of compromised nodes. It can be implemented in a completely decentralized architecture and in a completely asynchronous way. The effectiveness of the approach is confirmed by numerical simulations of the IEEE 68-bus power system models.
Several methods have been proposed by researchers to detect cyber attacks in Cyber–Physical Systems (CPSs). This paper proposes a comprehensive approach for conducting experiments to assess the ...effectiveness of such methods in the context of a robot (Amigobot) that includes both cyber and physical components. The proposed approach includes a method for performing vulnerability analysis, several methods for attack detection, and guidelines for conducting experimental studies in the context of cyber security. The method for vulnerability analysis makes use of the Failure-Attack-CounTermeasure (FACT) graph. The experimental study to evaluate methods for attack detection comprises of three experiments. These methods have been implemented and evaluated, within and across all three experiments, with respect to their effectiveness, detection speed, and durability for injection, scaling, and stealthy attacks. The proposed guidelines define key phases and artifacts for conducting such experiments and are an adaptation of those used in Software Engineering.
•An approach for conducting robot cyber-security experiments is proposed.•It includes vulnerability analysis and attack detection methods.•In addition, it provides guidelines for describing cyber-security experiments.•A study investigating the detection of robot sensor attacks was conducted.•Results highlight the usefulness of proposed approach for other empirical studies.
Summary
This paper investigates the observer‐based security control problem for interval type‐2 nonlinear networked control systems with deception attacks and replay attacks. Firstly, to alleviate ...the communication burden of the network, a novel adaptive event‐triggered communication (ETC) mechanism is proposed. Compared with existing observer‐based adaptive ETC security control techniques, the threshold of the proposed adaptive ETC scheme can be adjusted dynamically depending on the value of adjustable parameters and estimation error. In particular, the adjustable parameters can change the sensitivity of the threshold flexibly. Then, taking the influence of the adaptive ETC mechanism and cyber attacks into consideration, an observer‐based security controller is developed under the co‐designed method. Furthermore, by utilizing the Lyapunov stability theory, sufficient conditions for asymptotically mean‐square stable of the closed‐loop system are obtained. Ultimately, the feasibility of the designed control approach can be proved via a simulation example.
Detecting cyber-anomalies and attacks are becoming a rising concern these days in the domain of cybersecurity. The knowledge of artificial intelligence, particularly, the machine learning techniques ...can be used to tackle these issues. However, the effectiveness of a learning-based security model may vary depending on the security features and the data characteristics. In this paper, we present “CyberLearning”, a machine learning-based cybersecurity modeling with correlated-feature selection, and a comprehensive empirical analysis on the effectiveness of various machine learning based security models. In our CyberLearning modeling, we take into account a binary classification model for detecting anomalies, and multi-class classification model for various types of cyber-attacks. To build the security model, we first employ the popular ten machine learning classification techniques, such as naive Bayes, Logistic regression, Stochastic gradient descent, K-nearest neighbors, Support vector machine, Decision Tree, Random Forest, Adaptive Boosting, eXtreme Gradient Boosting, as well as Linear discriminant analysis. We then present the artificial neural network-based security model considering multiple hidden layers. The effectiveness of these learning-based security models is examined by conducting a range of experiments utilizing the two most popular security datasets, UNSW-NB15 and NSL-KDD. Overall, this paper aims to serve as a reference point for data-driven security modeling through our experimental analysis and findings in the context of cybersecurity.
This study aims to investigate the direct and indirect effects of information system security practices that observed the relationship effect between cyber supply chain risk management and supply ...chain performance. In Industry 4.0 era, a cyber-attack becomes unavoidable and needs to adopt cyber supply chain risk management to improve the firm. The data were collected from 105 firms in Malaysia through online surveys. The partial least squares structural equation modeling technique examined the model's goodness and research hypothesis. The results revealed that operations, directly and indirectly, influence (via mediators) supply chain performance. In contrast, governance directly affects supply chain flexibility and indirect (via mediators) influence on supply chain performance; in addition, systems integration did not, directly, and indirectly, influence supply chain performance. This framework indicates the manufacturing industry and related parties with a better understanding of cyber supply chain risk management.
•An unsupervised method is proposed for detecting cyber-attacks after topology changes.•Detection is performed by quantifying the probability distributions of the state vectors.•Quantification is ...done through extracting several statistical measures.•Localization of attacks is performed by Fuzzy c-means.•Performance of classification methods is analyzed in managing system reconfigurations.
To achieve intelligence in the future grid, a highly accurate state estimation is necessary as it is a prerequisite for many key functionalities in the successful operation of the power grid. Recent studies show that a new type of cyber-attack called False Data Injection (FDI) attack can bypass bad data detection mechanisms in the power system state estimation. Existing countermeasures might not be able to manage topology changes and integration of distributed generations because they are designed for a specific system configuration. To address this issue, an unsupervised method to distinguish between attack and normal patterns is proposed in this paper. This method can detect FDI attacks even after topology changes and integration of renewable energy sources. In this method, we assume that injecting false data into the power systems will lead to a deviation in the probability distribution of the state vector from the normal trend. The main phases of the proposed algorithm are: (1) Normalizing the dataset, (2) Adding several statistical measures as the new features to the dataset to quantify the probability distribution of the state vectors, (3) Employing principal component analysis to reduce the dimensionality of the dataset, (4) Visualizing the reduced data for humans and exploiting their creativity to detect attacks, and (5) Locating the attacks using Fuzzy C-means clustering algorithm.
The proposed method is tested on both the IEEE 14-bus and IEEE 9-bus systems using real load data from the New York independent system operator with the following attack scenarios: (1) attacks without any topology change, (2) attacks after a contingency, and (3) attacks after integration of distributed generations. Experimental results show that our proposed method is superior to the state-of-the-art classification algorithms in dealing with changes. In addition, the reduced data which is helpful in distinguishing between attack and normal patterns can be fed into an expert system for further improvement of the security of the power grid.
We consider the trusted operation of cyber-physical processes based on an assessment of the system's state and operating mode and present a method for detecting anomalies in the behavior of a ...cyber-physical system (CPS) based on the analysis of the data transmitted by its sensory subsystem. Probability theory and mathematical statistics are used to process and normalize the data in order to determine whether or not the system is in the correct operating mode and control process state. To describe the mode-specific control processes of a CPS, the paradigm of using cyber-physical parameters is taken as a basis, as it is the feature that most clearly reflects the system's interaction with physical processes. In this study, two metrics were taken as a sign of an anomaly: the probability of falling into the sensor values' confidence interval and parameter change monitoring. These two metrics, as well as the current mode evaluation, produce a final probability function for our trust in the CPS's currently executing control process, which is, in turn, determined by the operating mode of the system. Based on the results of this trust assessment, it is possible to draw a conclusion about the processing state in which the system is operating. If the score is higher than 0.6, it means the system is in a trusted state. If the score is equal to 0.6, it means the system is in an uncertain state. If the trust score tends towards zero, then the system can be interpreted as unstable or under stress due to a system failure or deliberate attack. Through a case study using cyber-attack data for an unmanned aerial vehicle (UAV), it was found that the method works well. When we were evaluating the normal flight mode, there were no false positive anomaly estimates. When we were evaluating the UAV's state during an attack, a deviation and an untrusted state were detected. This method can be used to implement software solutions aimed at detecting system faults and cyber-attacks, and thus make decisions about the presence of malfunctions in the operation of a CPS, thereby minimizing the amount of knowledge and initial data about the system.
Industry 4.0 represents the fourth phase of industry and manufacturing revolution, unique in that it provides Internet-connected smart systems, including automated factories, organizations, ...development on demand, and 'just-in-time' development. Industry 4.0 includes the integration of cyber-physical systems (CPSs), Internet of Things (IoT), cloud and fog computing paradigms for developing smart systems, smart homes, and smart cities. Given Industry 4.0 is comprised sensor fields, actuators, fog and cloud processing paradigms, and network systems, designing a secure architecture faces two major challenges: handling heterogeneous sources at scale and maintaining security over a large, disparate, data-driven system that interacts with the physical environment. This paper addresses these challenges by proposing a new threat intelligence scheme that models the dynamic interactions of industry 4.0 components including physical and network systems. The scheme consists of two components: a smart management module and a threat intelligence module. The smart data management module handles heterogeneous data sources, one of the foundational requirements for interacting with an Industry 4.0 system. This includes data to and from sensors, actuators, in addition to other forms of network traffic. The proposed threat intelligence technique is designed based on beta mixture-hidden Markov models (MHMMs) for discovering anomalous activities against both physical and network systems. The scheme is evaluated on two well-known datasets: the CPS dataset of sensors and actuators and the UNSW-NB15 dataset of network traffic. The results reveal that the proposed technique outperforms five peer mechanisms, suggesting its effectiveness as a viable deployment methodology in real-Industry 4.0 systems.