A coordinated cyber attack detection system (CCADS) for multiple substations

Sun, Chuanwen; Hong, Junho; Liu, Chen‐Ching

doi:10.1109/pscc.2016.7540902

Cited by 17 publications

(13 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [23], the authors propose a method to detect and correlate attacks, using data collected from IDSs installed at different substations. The technique measures correlation according to patterns of abnormal behavior, criticality of substations and the geographical correlation.…”

Section: Coordinated Cyberattack Detection and Prevention Methodsmentioning

confidence: 99%

“…Secondly, the decentralized correlation technique of DIP is compared to the centralized correlation method proposed in [23] (a REFerence method henceforth referred to as CENTRAL-REF). CENTRAL-REF originally correlates a location index, critical index and an abnormal behavior index in an iterative matrix multiplication technique.…”

Section: B Comparison With Centralized Correlationmentioning

confidence: 99%

See 1 more Smart Citation

Decentralized Intrusion Prevention (DIP) Against Co-Ordinated Cyberattacks on Distribution Automation Systems

Appiah-Kubi

Liu

2020

IEEE Open J. Power Energy

Self Cite

View full text Add to dashboard Cite

Integration of Information and Communications Technology (ICT) into the distribution system makes today's power grid more remotely monitored and controlled than it has been. The fast increasing connectivity, however, also implies that the distribution grid today, or smart grid, is more vulnerable. Thus, research into intrusion/anomaly detection systems at the distribution level is in critical need. Current research on Intrusion Detection Systems for the power grid has been focused primarily on cyber security at the Supervisory Control And Data Acquisition, and single node levels with little attention on coordinated cyberattack at multiple nodes. A holistic approach toward system-wide cyber security for distribution systems is yet to be developed. This paper presents a novel approach toward intrusion prevention, using a multi-agent system, at the distribution system level. Simulations of the method have been performed on the IEEE 13-Node Test Feeder, and the results compared to those obtained from existing methods. The results have validated the performance of the proposed method for protection against cyber intrusions at the distribution system level.

show abstract

Section: Coordinated Cyberattack Detection and Prevention Methodsmentioning

confidence: 99%

Section: B Comparison With Centralized Correlationmentioning

confidence: 99%

Decentralized Intrusion Prevention (DIP) Against Co-Ordinated Cyberattacks on Distribution Automation Systems

Appiah-Kubi

Liu

2020

IEEE Open J. Power Energy

Self Cite

View full text Add to dashboard Cite

show abstract

“…3) CIs based on attack goals on the physical grid: Adversaries' goals described with reliability metrics or in terms of the criticality of a certain target are used to derive CIs. For example, in [4], substations are attack targets and their criticality is first ranked. In [12], the attack goal is modeled as causing an insufficient power transfer.…”

Section: A Related Workmentioning

confidence: 99%

“…Thus, and as opposed to regular (or independent) cyber‐attacks, whose severity is limited by the power grid's redundancy, CCAs could (i) inflict catastrophic consequences and (ii) be very challenging to detect in real‐time. CCAs could inflict catastrophic consequences as exemplified by the cyber‐attacks to the Ukrainian power grid (the ‘BlackEnergy’ malware attack in 2015 [3, 4], and the ‘Crash Override’ attack in 2016 [5]). These CCAs disconnected multiple substations that triggered power outages, leaving thousands of consumers and facilities without electricity.…”

Section: Introductionmentioning

confidence: 99%

Developing correlation indices to identify coordinated cyber‐attacks on power grids

Moya

Wang

2018

IET cyber-phys. syst.

View full text Add to dashboard Cite

Increasing reliance on Information and Communication Technology (ICT) exposes the power grid to cyber-attacks. In particular, Coordinated Cyber-Attacks (CCAs) are considered highly threatening and difficult to defend against, because they (i) possess higher disruptiveness by integrating greater resources from multiple attack entities, and (ii) present heterogeneous traits in cyber-space and the physical grid by hitting multiple targets to achieve the attack goal. Thus, and as opposed to independent attacks, whose severity is limited by the power grid's redundancy, CCAs could inflict disastrous consequences, such as blackouts. In this paper, we propose a method to develop Correlation Indices to defend against CCAs on static control applications. These proposed indices relate the targets of CCAs with attack goals on the power grid. Compared to related works, the proposed indices present the benefits of deployment simplicity and are capable of detecting more sophisticated attacks, such as measurement attacks. We demonstrate our method using measurement attacks against Security Constrained Economic Dispatch.

show abstract

“…In traditional information security technology, the intrusion process of the physical system is not considered, and it is difficult to effectively identify potential physical attack behavior [4]. Additionally, due to the combination of both cyber and physical attacks, the existing protection methods, such as intrusion detection system (IDS), firewalls, and abnormal data detection, lack effective correlation capabilities and cannot identify multi-step coordinated network attacks [5].…”

Section: Introductionmentioning

confidence: 99%

Method for Extracting Patterns of Coordinated Network Attacks on Electric Power CPS Based on Temporal–Topological Correlation

Wang

et al. 2020

IEEE Access

View full text Add to dashboard Cite

In the analysis of coordinated network attacks on electric power cyber-physical system (CPS), it is difficult to restore the complete attack path, and the intent of the attack cannot be identified automatically. A method is therefore proposed for the extracting patterns of coordinated network attacks on electric power CPS based on temporal-topological correlation. First, the attack events are aggregated according to the alarm log of the cyber space, and a temporal-causal Bayesian network-based cyber attack recognition algorithm is proposed to parse out the cyber attack sequences of the same attacker. Then, according to the characteristic curves of different attack measurement data in physical space, a combination of physical attack event criteria algorithm is designed to distinguish the types of physical attack events. Finally, physical attack events and cyber attack sequences are matched via temporal-topological correlation, frequent patterns of attack sequences are extracted, and hidden multi-step attack patterns are found from scattered grid measurement data and information from alarm logs. The effectiveness and efficiency of the proposed method are verified by the testbed at Mississippi State University. INDEX TERMS Cyber-physical system, attack pattern, temporal-topological correlation, fuzzy feature analysis, frequent pattern tree.

show abstract

A coordinated cyber attack detection system (CCADS) for multiple substations

Cited by 17 publications

References 17 publications

Decentralized Intrusion Prevention (DIP) Against Co-Ordinated Cyberattacks on Distribution Automation Systems

Decentralized Intrusion Prevention (DIP) Against Co-Ordinated Cyberattacks on Distribution Automation Systems

Developing correlation indices to identify coordinated cyber‐attacks on power grids

Method for Extracting Patterns of Coordinated Network Attacks on Electric Power CPS Based on Temporal–Topological Correlation

Contact Info

Product

Resources

About