DefRec: Establishing Physical Function Virtualization to Disrupt Reconnaissance of Power Grids' Cyber-Physical Infrastructures

Lin, Hui; Zhuang, Jianing; Hu, Yih-Chun; Zhou, Huayu

doi:10.14722/ndss.2020.24365

Cited by 10 publications

(8 citation statements)

References 46 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Recently, deception technology for modernized substation systems is proposed by Lin et al [43]. Their proposed technology utilizes software-defined networking and "seed devices", which are real power grid devices but, behind SDN (software-defined networking), interact with attackers on behalf of virtual, decoy devices to present realistic device characteristics, etc.…”

Section: Related Workmentioning

confidence: 99%

DecIED: Scalable k-Anonymous Deception for IEC61850-Compliant Smart Grid Systems

Yang

Mashima

Lin

et al. 2020

Proceedings of the 6th ACM on Cyber-Physical System Security Workshop

View full text Add to dashboard Cite

As demonstrated by the past real-world incidents, sophisticated attackers targeting our critical infrastructure may be hiding in the system, perhaps at this moment, in order to collect information and prepare for massive attacks. If an attacker is mostly passive and monitoring SCADA communication traffic or is clever enough to act under the radar of intrusion/anomaly detection systems, it is challenging to counter them. In this direction, deception technology is an effective cybersecurity tool, by deploying a large number of dummy and decoy devices throughout the system infrastructure to be protected, for capturing probing attempts and lateral movement of persistent attackers and malware. In this paper, we discuss the practical design and implementation of high-fidelity deception devices for smart power grid systems, named DecIED. DecIED imitates the device characteristics and communication models of IEC 61850-compliant IEDs (intelligent electronic devices) and thus realize-anonymous smokescreen, which virtually shows − 1 indistinguishable decoy devices, to protect our critical infrastructure. Based on our prototype implementation, a single industry PC can host over 200 deception devices, which demonstrates DecIED's scalability and feasibility of integration into the existing systems. CCS CONCEPTS • Security and privacy → Intrusion/anomaly detection and malware mitigation; • Computer systems organization → Embedded and cyber-physical systems; • Networks → Cyberphysical networks; • Hardware → Smart grid.

show abstract

Section: Related Workmentioning

confidence: 99%

DecIED: Scalable k-Anonymous Deception for IEC61850-Compliant Smart Grid Systems

Yang

Mashima

Lin

et al. 2020

Proceedings of the 6th ACM on Cyber-Physical System Security Workshop

View full text Add to dashboard Cite

show abstract

“…Transmission line parameters are critical information for various power system applications including fault location and classification [1][2][3], relay protection [4][5][6], and other applications [7,8]. Thus, the accuracy of line parameters is important, and accurate line parameter estimation methods are demanded.…”

Section: Introductionmentioning

confidence: 99%

Kalman filter based method for tracking dynamic transmission line parameters

Zhang

Liao

2021

SN Appl. Sci.

View full text Add to dashboard Cite

Transmission line parameters are required by various power system applications. Thus, it is important to develop accurate transmission line parameter estimation methods. This paper puts forward Kalman filter based methods to track the dynamically changing line parameters. The proposed methods can overcome the estimation inaccuracy problem caused by the effect of the noise in the measurements. The proposed methods are based upon the equivalent- circuit of long line and utilize voltage and current data recorded by the Phasor Measurement Units at both ends of the line. Non-compensated and differently configured series compensated lines have been considered in this paper. The case studies demonstrate that the proposed methods have the capability of dynamically tracking changing line parameters and yield accurate estimates with the presence of measurement noises.

show abstract

“…Although being effective in some settings, existing defense approaches against PLC-oriented attacks have the following key limitations. Firstly, defending approaches adopted by intrusion detection systems (IDSs) [9][10][11] , deception defense [12][13][14] and attestation [15][16][17][18][19] take effect after attacks happened, mainly detecting them but not blocking them, while blocking technologies such as industrial firewalls alone are not able to effectively block growing sophisticated attacks [20][21][22] . Secondly, most existing approaches are designed based on the characteristics of one or several specific kinds of known attacks, such as [9,13,15].…”

Section: Introductionmentioning

confidence: 99%

“…Firstly, defending approaches adopted by intrusion detection systems (IDSs) [9][10][11] , deception defense [12][13][14] and attestation [15][16][17][18][19] take effect after attacks happened, mainly detecting them but not blocking them, while blocking technologies such as industrial firewalls alone are not able to effectively block growing sophisticated attacks [20][21][22] . Secondly, most existing approaches are designed based on the characteristics of one or several specific kinds of known attacks, such as [9,13,15]. Thirdly, most existing approaches are hardware-based and require external devices, such as [11,13,17], which are costly, and difficult to deploy and update, especially in a deployed distributed control system (DCS).…”

Section: Introductionmentioning

confidence: 99%

“…Secondly, most existing approaches are designed based on the characteristics of one or several specific kinds of known attacks, such as [9,13,15]. Thirdly, most existing approaches are hardware-based and require external devices, such as [11,13,17], which are costly, and difficult to deploy and update, especially in a deployed distributed control system (DCS). Specifically, large-scale DCSs often have multiple controllers that are scattered everywhere, and hardware-based approaches may need to monitor the I/O interface of each controller and the network connecting controllers.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

HRPDF: A Software-Based Heterogeneous Redundant Proactive Defense Framework for Programmable Logic Controller

Liu¹,

Wang

Wei³

et al. 2021

J. Comput. Sci. Technol.

View full text Add to dashboard Cite

Programmable logic controllers (PLCs) play a critical role in many industrial control systems, yet face increasingly serious cyber threats. In this paper, we propose a novel PLC-compatible software-based defense mechanism, called Heterogeneous Redundant Proactive Defense Framework (HRPDF). We propose a heterogeneous PLC architecture in HRPDF, including multiple heterogeneous, equivalent, and synchronous runtimes, which can thwart multiple types of attacks against PLC without the need of external devices. To ensure the availability of PLC, we also design an inter-process communication algorithm that minimizes the overhead of HRPDF. We implement a prototype system of HRPDF and test it in a real-world PLC and an OpenPLC-based device, respectively. The results show that HRPDF can defend against multiple types of attacks with 10.22% additional CPU and 5.56% additional memory overhead, and about 0.6 ms additional time overhead.

show abstract

DefRec: Establishing Physical Function Virtualization to Disrupt Reconnaissance of Power Grids' Cyber-Physical Infrastructures

Cited by 10 publications

References 46 publications

DecIED: Scalable k-Anonymous Deception for IEC61850-Compliant Smart Grid Systems

DecIED: Scalable k-Anonymous Deception for IEC61850-Compliant Smart Grid Systems

Kalman filter based method for tracking dynamic transmission line parameters

HRPDF: A Software-Based Heterogeneous Redundant Proactive Defense Framework for Programmable Logic Controller

Contact Info

Product

Resources

About