Man‐in‐the‐middle attacks and defence in a power system cyber‐physical testbed

Wlazlo, Patrick; Sahu, Abhijeet; Mao, Zeyu; Huang, Hao; Goulart, Ana; Davis, Katherine; Zonouz, Saman

doi:10.1049/cps2.12014

Cited by 63 publications

(27 citation statements)

References 20 publications

(34 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The evidences are collected at three locations: DNP3 Master, Substation Router, and server hosting PWDS. Details on the testbed’s architecture, use cases, and fusion are published in [ 11 , 21 , 33 ], respectively.…”

Section: Testbed and Fusion Architecturementioning

confidence: 99%

See 1 more Smart Citation

Inter-Domain Fusion for Enhanced Intrusion Detection in Power Systems: An Evidence Theoretic and Meta-Heuristic Approach

Sahu

Davis

2022

Sensors

Self Cite

View full text Add to dashboard Cite

False alerts due to misconfigured or compromised intrusion detection systems (IDS) in industrial control system (ICS) networks can lead to severe economic and operational damage. However, research using deep learning to reduce false alerts often requires the physical and cyber sensor data to be trustworthy. Implicit trust is a major problem for artificial intelligence or machine learning (AI/ML) in cyber-physical system (CPS) security, because when these solutions are most urgently needed is also when they are most at risk (e.g., during an attack). To address this, the Inter-Domain Evidence theoretic Approach for Inference (IDEA-I) is proposed that reframes the detection problem as how to make good decisions given uncertainty. Specifically, an evidence theoretic approach leveraging Dempster–Shafer (DS) combination rules and their variants is proposed for reducing false alerts. A multi-hypothesis mass function model is designed that leverages probability scores obtained from supervised-learning classifiers. Using this model, a location-cum-domain-based fusion framework is proposed to evaluate the detector’s performance using disjunctive, conjunctive, and cautious conjunctive rules. The approach is demonstrated in a cyber-physical power system testbed, and the classifiers are trained with datasets from Man-In-The-Middle attack emulation in a large-scale synthetic electric grid. For evaluating the performance, we consider plausibility, belief, pignistic, and general Bayesian theorem-based metrics as decision functions. To improve the performance, a multi-objective-based genetic algorithm is proposed for feature selection considering the decision metrics as the fitness function. Finally, we present a software application to evaluate the DS fusion approaches with different parameters and architectures.

show abstract

Section: Testbed and Fusion Architecturementioning

confidence: 99%

“…The objective of the intruder is to disrupt grid operations through False Command and Data Injection, whose impacts are detailed in [ 21 , 33 ]. Four use cases with this threat model are considered here.…”

Section: Testbed and Fusion Architecturementioning

confidence: 99%

Inter-Domain Fusion for Enhanced Intrusion Detection in Power Systems: An Evidence Theoretic and Meta-Heuristic Approach

Sahu

Davis

2022

Sensors

Self Cite

View full text Add to dashboard Cite

show abstract

“…This enables modularity by segregating the details of MiTM dynamics from a power system researcher who is concerned with the traffic that is modified rather than how they are modified. The algorithms incorporated for different use cases in Figure 5b are presented in [43].…”

Section: Resilient Energy Systems Lab Cyber‐physical Testbed Architec...mentioning

confidence: 99%

Design and evaluation of a cyber‐physical testbed for improving attack resilience of power systems

Sahu

Wlazlo

Mao

et al. 2021

IET Cyber-Phy Sys Theory & Ap

Self Cite

View full text Add to dashboard Cite

A power system is a complex cyber-physical system whose security is critical to its function. A major challenge is to model, analyse and visualise the communication backbone of the power systems concerning cyber threats. To achieve this, the design and evaluation of a cyber-physical power system (CPPS) testbed called Resilient Energy Systems Lab (RESLab) are presented to capture realistic cyber, physical, and protection system features. RESLab is architected to be a fundamental platform for studying and improving the resilience of complex CPPS to cyber threats. The cyber network is emulated using Common Open Research Emulator (CORE), which acts as a gateway for the physical and protection devices to communicate. The physical grid is simulated in the dynamic time frame using Power World Dynamic Studio (PWDS). The protection components are modelled with both PWDS and physical devices including the SEL Real-Time Automation Controller (RTAC). Distributed Network Protocol 3 (DNP3) is used to monitor and control the grid. Then, the design is exemplified and the tools are validated. This work presents four case studies on cyberattack and defence using RESLab, where we demonstrate false data and command injection using Man-in-the-Middle and Denial of Service attacks and validate them on a large-scale synthetic electric grid.This is an open access article under the terms of the Creative Commons Attribution License, which permits use, distribution and reproduction in any medium, provided the original work is properly cited.

show abstract

“…A brief overview of each component is given below. The detailed explanation of RESLab, including its architecture and use cases, is provided in [22], [36]. Common Open Research Emulator (CORE) is used to emulate the communication network.…”

Section: A Testbed Architecturementioning

confidence: 99%

“…The objective of the intruder is to disrupt grid operations. Details on the sequence of actions that create the FCI and FDI attacks and how they impact the power system side are detailed in [22], [36]. These are four use cases:…”

Section: B Modifying Measurements and Commandsmentioning

confidence: 99%

Inter-Domain Fusion for Enhanced Intrusion Detection in Power Systems: An Evidence Theoretic and Meta-Heuristic Approach

Sahu,

Davis

2021

Preprint

Self Cite

View full text Add to dashboard Cite

False alerts due to misconfigured or compromised intrusion detection systems (IDS) in industrial control system (ICS) networks can lead to severe economic and operational damage. To solve this problem, research has focused on leveraging deep learning techniques that would help reduce false alerts. However, a shortcoming is that these works often require or implicitly assume the physical and cyber sensor data to be trustworthy. Implicit trust of data is a major problem with using artificial intelligence or machine learning (AI/ML) for cyber-physical system (CPS) security, because the times when these solutions are needed most to detect an attack are also the times when they are more at risk, with both greater likelihood and greater impact, of also being compromised. To address this inevitable shortcoming, the problem can thus be reframed as how to make good decisions given uncertainty. Then, the decision is detection, and the uncertainty includes whether or not the data that would be used in ML-based IDS is compromised. Thus, this article presents an approach for reducing false alerts in cyber-physical power systems that addresses this critical problem of dealing with uncertainty without the knowledge of prior distribution of the alerts. Specifically, an evidence theoretic based approach leveraging Dempster Shafer (DS) combination rules and their variants is proposed for reducing false alerts. A multi-hypothesis mass function model is designed that leverages probability scores obtained from various supervised-learning classifiers. Using this model, a location-cum-domain based fusion framework is proposed to evaluate the intrusion detector's performance using Disjunctive, Conjunctive and Cautious Conjunctive rules of combinations, that fuse multiple piece of evidences from inter-domain and intradomain sensors. The approach is demonstrated in a cyber-physical power system testbed (RESLab), and the classifiers are trained with datasets from Man-In-The-Middle attack emulation in a large-scale synthetic electric grid. For evaluating the performance, we consider plausibility, belief, pignistic, general Bayesian theorem based metrics as decision functions. To improve the performance, a multi-objective based genetic algorithm is proposed for feature selection considering the decision metrics as the fitness function. Finally, we present a software application to evaluate the DS fusion approaches with different parameters and architectures.

show abstract

Man‐in‐the‐middle attacks and defence in a power system cyber‐physical testbed

Cited by 63 publications

References 20 publications

Inter-Domain Fusion for Enhanced Intrusion Detection in Power Systems: An Evidence Theoretic and Meta-Heuristic Approach

Inter-Domain Fusion for Enhanced Intrusion Detection in Power Systems: An Evidence Theoretic and Meta-Heuristic Approach

Design and evaluation of a cyber‐physical testbed for improving attack resilience of power systems

Inter-Domain Fusion for Enhanced Intrusion Detection in Power Systems: An Evidence Theoretic and Meta-Heuristic Approach

Contact Info

Product

Resources

About