Man-in-The-Middle Attacks and Defense in a Power System Cyber-Physical Testbed

Wlazlo, Patrick; Sahu, Abhijeet; Mao, Zeyu; Huang, Hao; Goulart, Ana; Davis, Katherine; Zonouz, Saman

doi:10.48550/arxiv.2102.11455

Cited by 4 publications

(5 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The evidences are collected at three locations: DNP3 Master, Substation Router, and server hosting PWDS. Details on the testbed's architecture, use cases, and fusion are published in [11,21,33], respectively.…”

Section: Testbed Architecturementioning

confidence: 99%

See 1 more Smart Citation

Inter-Domain Fusion for Enhanced Intrusion Detection in Power Systems: An Evidence Theoretic and Meta-Heuristic Approach

Sahu

Davis

2022

Sensors

Self Cite

View full text Add to dashboard Cite

False alerts due to misconfigured or compromised intrusion detection systems (IDS) in industrial control system (ICS) networks can lead to severe economic and operational damage. However, research using deep learning to reduce false alerts often requires the physical and cyber sensor data to be trustworthy. Implicit trust is a major problem for artificial intelligence or machine learning (AI/ML) in cyber-physical system (CPS) security, because when these solutions are most urgently needed is also when they are most at risk (e.g., during an attack). To address this, the Inter-Domain Evidence theoretic Approach for Inference (IDEA-I) is proposed that reframes the detection problem as how to make good decisions given uncertainty. Specifically, an evidence theoretic approach leveraging Dempster–Shafer (DS) combination rules and their variants is proposed for reducing false alerts. A multi-hypothesis mass function model is designed that leverages probability scores obtained from supervised-learning classifiers. Using this model, a location-cum-domain-based fusion framework is proposed to evaluate the detector’s performance using disjunctive, conjunctive, and cautious conjunctive rules. The approach is demonstrated in a cyber-physical power system testbed, and the classifiers are trained with datasets from Man-In-The-Middle attack emulation in a large-scale synthetic electric grid. For evaluating the performance, we consider plausibility, belief, pignistic, and general Bayesian theorem-based metrics as decision functions. To improve the performance, a multi-objective-based genetic algorithm is proposed for feature selection considering the decision metrics as the fitness function. Finally, we present a software application to evaluate the DS fusion approaches with different parameters and architectures.

show abstract

Section: Testbed Architecturementioning

confidence: 99%

“…The objective of the intruder is to disrupt grid operations through False Command and Data Injection, whose impacts are detailed in [21,33]. Four use cases with this threat model are considered here.…”

Section: Threat Model: Modifying Measurements and Commandsmentioning

confidence: 99%

Inter-Domain Fusion for Enhanced Intrusion Detection in Power Systems: An Evidence Theoretic and Meta-Heuristic Approach

Sahu

Davis

2022

Sensors

Self Cite

View full text Add to dashboard Cite

show abstract

“…In addition, studies have been conducted on synthesis frameworks for specific attack vectors [23] as well as on an automated marking process for deployed protocol-specific attack [13]. In this context, research on stealthy MITM attacks for FDI in DNP3 or Profinet is also conducted in a cyber-physical test environment to analyze the impact on latency [24] or generate datasets for datadriven detection approaches [25]. Many of the related works involve the study of cyber-attacks on power grids for data generation and consequence analysis.…”

Section: Related Workmentioning

confidence: 99%

Investigating Man-in-the-Middle-based False Data Injection in a Smart Grid Laboratory Environment

Şen¹,

Velde²,

Linnartz³

et al. 2021

Preprint

View full text Add to dashboard Cite

With the increasing use of information and communication technology in electrical power grids, the security of energy supply is increasingly threatened by cyber-attacks. Traditional cyber-security measures, such as firewalls or intrusion detection/prevention systems, can be used as mitigation and prevention measures, but their effective use requires a deep understanding of the potential threat landscape and complex attack processes in energy information systems. Given the complexity and lack of detailed knowledge of coordinated, timed attacks in smart grid applications, we need information and insight into realistic attack scenarios in an appropriate and practical setting. In this paper, we present a man-in-the-middlebased attack scenario that intercepts process communication between control systems and field devices, employs false data injection techniques, and performs data corruption such as sending false commands to field devices. We demonstrate the applicability of the presented attack scenario in a physical smart grid laboratory environment and analyze the generated data under normal and attack conditions to extract domain-specific knowledge for detection mechanisms.

show abstract

“…Another prominent assault against remote access services is the dictionary attack, which uses a dictionary or word list to guess a password, allowing attackers to take over the server remotely. Another type of cyberattack is the man in the middle (MitM) attack, which aims to exploit communication between two endpoints by intercepting and eavesdropping on legal nodes [15,16]. In the most recent attack against IIoT applications, many power plants in Ukraine were reportedly infiltrated, resulting in a power outage affecting around 225,000 clients [17].…”

Section: Introductionmentioning

confidence: 99%

Intelligent Intrusion Detection for Industrial Internet of Things Using Clustering Techniques

Alenezi¹,

Aljuhani²

2023

Computer Systems Science and Engineering

View full text Add to dashboard Cite

The rapid growth of the Internet of Things (IoT) in the industrial sector has given rise to a new term: the Industrial Internet of Things (IIoT). The IIoT is a collection of devices, apps, and services that connect physical and virtual worlds to create smart, cost-effective, and scalable systems. Although the IIoT has been implemented and incorporated into a wide range of industrial control systems, maintaining its security and privacy remains a significant concern. In the IIoT contexts, an intrusion detection system (IDS) can be an effective security solution for ensuring data confidentiality, integrity, and availability. In this paper, we propose an intelligent intrusion detection technique that uses principal components analysis (PCA) as a feature engineering method to choose the most significant features, minimize data dimensionality, and enhance detection performance. In the classification phase, we use clustering algorithms such as K-medoids and K-means to determine whether a given flow of IIoT traffic is normal or attack for binary classification and identify the group of cyberattacks according to its specific type for multi-class classification. To validate the effectiveness and robustness of our proposed model, we validate the detection method on a new driven IIoT dataset called X-IIoTID. The performance results showed our proposed detection model obtained a higher accuracy rate of 99.79% and reduced error rate of 0.21% when compared to existing techniques.

show abstract

Man-in-The-Middle Attacks and Defense in a Power System Cyber-Physical Testbed

Cited by 4 publications

References 14 publications

Inter-Domain Fusion for Enhanced Intrusion Detection in Power Systems: An Evidence Theoretic and Meta-Heuristic Approach

Inter-Domain Fusion for Enhanced Intrusion Detection in Power Systems: An Evidence Theoretic and Meta-Heuristic Approach

Investigating Man-in-the-Middle-based False Data Injection in a Smart Grid Laboratory Environment

Intelligent Intrusion Detection for Industrial Internet of Things Using Clustering Techniques

Contact Info

Product

Resources

About