PDDL: Proactive Distributed Detection and Localization Against Stealthy Deception Attacks in DC Microgrids

Liu, Mengxiang; Zhao, Chengcheng; Xia, Jinhui; Deng, Ruilong; Cheng, Peng; Chen, Jiming

doi:10.1109/tsg.2022.3188489

Cited by 19 publications

(3 citation statements)

References 52 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…BIRCH is used to identify anomalies, and root cause analysis (RCA) is performed by employing a graph that represents anomaly transmission across systems. Additionally, there is recent research in this field as discussed in [44][45][46][47][48][49][50][51][52][53].…”

Section: Literature Reviewmentioning

confidence: 99%

ADAL-NN: Anomaly Detection and Localization Using Deep Relational Learning in Distributed Systems

et al. 2023

View full text Add to dashboard Cite

Modern distributed systems that operate concurrently generate interleaved logs. Identifiers (ID) are always associated with active instances or entities in order to track them in logs. Consequently, log messages with similar IDs can be categorized to aid in the localization and detection of anomalies. Current methods for achieving this are insufficient for overcoming the following obstacles: (1) Log processing is performed in a separate component apart from log mining. (2) In modern software systems, log format evolution is ongoing. It is hard to detect latent technical issues using simple monitoring techniques in a non-intrusive manner. Within the scope of this paper, we present a reliable and consistent method for the detection and localization of anomalies in interleaved unstructured logs in order to address the aforementioned drawbacks. This research examines Log Sequential Anomalies (LSA) for potential performance issues. In this study, IDs are used to group log messages, and ID relation graphs are constructed between distributed components. In addition to that, we offer a data-driven online log parser that does not require any parameters. By utilizing a novel log parser, the bundled log messages undergo a transformation process involving both semantic and temporal embedding. In order to identify instance–granularity anomalies, this study makes use of a heuristic searching technique and an attention-based Bi-LSTM model. The effectiveness, efficiency, and robustness of the paper are supported by the research that was performed on real-world datasets as well as on synthetic datasets. The neural network improves the F1 score by five percent, which is greater than other cutting-edge models.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

ADAL-NN: Anomaly Detection and Localization Using Deep Relational Learning in Distributed Systems

et al. 2023

View full text Add to dashboard Cite

show abstract

“…One specific threat that poses a significant risk to consensus-based secondary control in CPS-based microgrids is the replay attack [36]. A replay attack involves an attacker intercepting valid communication between devices and then replaying or resending those messages to deceive the system [37]. In the context of consensus-based control, replay attacks could lead to incorrect decisions being made by the DERs [38].…”

Section: Introductionmentioning

confidence: 99%

Analyzing Replay Attack Impact in DC Microgrid Consensus Control: Detection and Mitigation by Kalman-Filter-Based Observer

Taher,

Tariq,

Behnamfar

et al. 2023

IEEE Access

View full text Add to dashboard Cite

This paper adopts a Direct Current (DC) Microgrid with a consensus-based secondary control strategy to efficiently manage the microgrid, ensuring precise voltage regulation and fair power distribution among Distributed Energy Resources (DERs). The consensus approach employs a communication network to establish a Cyber layer for DER information exchange and harmonize the entire system to achieve a common goal. However, this cyber layer's vulnerability could destabilize the interconnected control system and lead to the whole system being unsynchronized. The paper explores replay attacks conducted in the path of the communication link between interconnected Distributed Generation Units (DGUs), demonstrating their impact on secondary control using simulations and real-time experiments. A method leveraging Distributed Kalman Filter observers for attack detection is proposed which requires low computational demand to suit the real-time application, while an attack mitigation technique using observer-generated residues with the optimal condition is implemented. Validation is conducted through both MATLAB simulations and realtime OPAL-RT experiments, confirming the proposed system's effectiveness.

show abstract

“…To conduct penetration testing in large-scale network environments, a penetration scenario is transformed into the planning domain definition language (PDDL), and classical planning algorithms are used to discover the attack paths. The penetration testing network environment is modeled by description files of the network configuration and vulnerability information [3][4][5]. The basic idea of this kind of method is to transform the penetration testing problem into PDDL, and then to obtain the attack path by using an artificial intelligence planning algorithm.…”

Section: Introductionmentioning

confidence: 99%

Deep Reinforcement Learning for Intelligent Penetration Testing Path Design

Yi,

Liu

2023

Applied Sciences

View full text Add to dashboard Cite

Penetration testing is an important method to evaluate the security degree of a network system. The importance of penetration testing attack path planning lies in its ability to simulate attacker behavior, identify vulnerabilities, reduce potential losses, and continuously improve security strategies. By systematically simulating various attack scenarios, it enables proactive risk assessment and the development of robust security measures. To address the problems of inaccurate path prediction and difficult convergence in the training process of attack path planning, an algorithm which combines attack graph tools (i.e., MulVAL, multi-stage vulnerability analysis language) and the double deep Q network is proposed. This algorithm first constructs an attack tree, searches paths in the attack graph, and then builds a transfer matrix based on depth-first search to obtain all reachable paths in the target system. Finally, the optimal path for target system attack path planning is obtained by using the deep double Q network (DDQN) algorithm. The MulVAL double deep Q network(MDDQN) algorithm is tested in different scale penetration testing environments. The experimental results show that, compared with the traditional deep Q network (DQN) algorithm, the MDDQN algorithm is able to reach convergence faster and more stably and improve the efficiency of attack path planning.

show abstract

PDDL: Proactive Distributed Detection and Localization Against Stealthy Deception Attacks in DC Microgrids

Cited by 19 publications

References 52 publications

ADAL-NN: Anomaly Detection and Localization Using Deep Relational Learning in Distributed Systems

ADAL-NN: Anomaly Detection and Localization Using Deep Relational Learning in Distributed Systems

Analyzing Replay Attack Impact in DC Microgrid Consensus Control: Detection and Mitigation by Kalman-Filter-Based Observer

Deep Reinforcement Learning for Intelligent Penetration Testing Path Design

Contact Info

Product

Resources

About