Decentralized Intrusion Prevention (DIP) Against Co-Ordinated Cyberattacks on Distribution Automation Systems

Appiah-Kubi, Jennifer; Liu, Chen‐Ching

doi:10.1109/oajpe.2020.3029805

Cited by 18 publications

(10 citation statements)

References 30 publications

(38 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The algorithms aim to prevent direct switching of circuit breakers and tampering with relay settings that could lead to voltage violations and inconsistent protections settings. In [7], a decentralized algorithm is put forward to address coordinated switching attacks on the power distribution system. The algorithm predicts the targets of a coordinated cyberattack ahead of the attacker, and determines mitigation strategies.…”

Section: A Related Workmentioning

confidence: 99%

“…Constraint (5) maximizes the load served. In ( 6), the sum of power generated/supplied and the power inflow, at a node, equals the sum of power outflows and specified demand, and in (7) there is no power flow into a source node. The sets Φ i and Φ ij are the set of phases at node i, and the set of phases between nodes i and j, respectively.…”

Section: B Attack Objective Modelmentioning

confidence: 99%

See 1 more Smart Citation

Cyberattack Correlation and Mitigation for Distribution Systems via Machine Learning

Appiah-Kubi

Liu

2023

IEEE Open J. Power Energy

Self Cite

View full text Add to dashboard Cite

Cyber-physical system security for electric distribution systems is critical. In direct switching attacks, often coordinated, attackers seek to toggle remote-controlled switches in the distribution network. Due to the typically radial operation, certain configurations may lead to outages and/or voltage violations. Existing optimization methods that model the interactions between the attacker and the power system operator (defender) assume knowledge of the attacker's parameters. This reduces their usability. Furthermore, the trend with coordinated cyberattack detection has been the use of centralized mechanisms, correlating data from dispersed security systems. This can be prone to single point failures. In this paper, novel mathematical models are presented for the attacker and the defender. The models do not assume any knowledge of the attacker's parameters by the defender. Instead, a machine learning (ML) technique implemented by a multi-agent system correlates detected attacks in a decentralized manner, predicting the targets of the attacker. Furthermore, agents learn optimal mitigation of the communication level through Q-learning. The learned attacker motive is also used by the defender to determine a new configuration of the distribution network. Simulations of the technique have been performed using the IEEE 123-Node Test Feeder. The simulation results validate the capability and performance of the algorithm.

show abstract

Section: A Related Workmentioning

confidence: 99%

Section: B Attack Objective Modelmentioning

confidence: 99%

Cyberattack Correlation and Mitigation for Distribution Systems via Machine Learning

Appiah-Kubi

Liu

2023

IEEE Open J. Power Energy

Self Cite

View full text Add to dashboard Cite

show abstract

“…This paper in ref. [21] demonstrated an innovative technique for intrusion prevention at the distribution system level utilising a multi‐agent system. The approach was simulated on the IEEE 13‐Node Test Feeder, and the results were compared to those achieved using other methods.…”

Section: Related Workmentioning

confidence: 99%

An embedded intrusion detection and prevention system for home area networks in advanced metering infrastructure

Qaddoori

Ali

2022

IET Information Security

View full text Add to dashboard Cite

With the widespread adoption of smart metres in the power sector, anomaly detection has become a critical tool for analysing customers' unusual consumption patterns and network traffic. Detecting anomalies in power consumption and communication is primarily a real-time big data analytics issue regarding data mining along with a vast number of parallel streaming data from smart metres. In this study, an embedded Intrusion Detection and Prevention System (IDPS) is proposed as a Wifi-based smart metre for Home Area Networks (HANs) in the Advanced Metering Infrastructure (AMI) network. So, the proposed system employs one machine learning model based on IDPS to guard the HAN network from various attacks that utilise the Message Queueing Telemetry Transport protocol between the smart metre and IoT sensors. Also, it uses two machine learning models to detect the abnormality in periodic and daily data metering respectively. So, multiple algorithms have been used to find the suitable algorithm for each of the three anomaly detection models. These models have been evaluated and tested using real data sets regarding resources usage and detection performance to demonstrate the efficiency and effectiveness of using machine learning algorithms in the built anomaly detection models. The experiments show that the anomaly detection models performed well for various abnormalities.

show abstract

“…The concept of process-aware IDS is especially interesting in a SCADA and industrial control systems (ICS) environment, where valid traffic is well-defined and commands lead to physical changes in the controlled system [ 121 ]. In combination with a distributed IDS, such approaches can lead to substantially more secure power grids, while introducing a minimum of extra hardware into the PCN.…”

Section: Providing Cybersecurity For Interconnected Power Gridsmentioning

confidence: 99%

Cybersecurity in Power Grids: Challenges and Opportunities

Krause

Ernst

Klaer

et al. 2021

Sensors

View full text Add to dashboard Cite

Increasing volatilities within power transmission and distribution force power grid operators to amplify their use of communication infrastructure to monitor and control their grid. The resulting increase in communication creates a larger attack surface for malicious actors. Indeed, cyber attacks on power grids have already succeeded in causing temporary, large-scale blackouts in the recent past. In this paper, we analyze the communication infrastructure of power grids to derive resulting fundamental challenges of power grids with respect to cybersecurity. Based on these challenges, we identify a broad set of resulting attack vectors and attack scenarios that threaten the security of power grids. To address these challenges, we propose to rely on a defense-in-depth strategy, which encompasses measures for (i) device and application security, (ii) network security, and (iii) physical security, as well as (iv) policies, procedures, and awareness. For each of these categories, we distill and discuss a comprehensive set of state-of-the art approaches, as well as identify further opportunities to strengthen cybersecurity in interconnected power grids.

show abstract

Decentralized Intrusion Prevention (DIP) Against Co-Ordinated Cyberattacks on Distribution Automation Systems

Cited by 18 publications

References 30 publications

Cyberattack Correlation and Mitigation for Distribution Systems via Machine Learning

Cyberattack Correlation and Mitigation for Distribution Systems via Machine Learning

An embedded intrusion detection and prevention system for home area networks in advanced metering infrastructure

Cybersecurity in Power Grids: Challenges and Opportunities

Contact Info

Product

Resources

About