Model-Based Detection of Coordinated Attacks (DCA) in Distribution Systems
The fast-paced growth in digitization of smart grid components enhances system observability and remote-control capabilities through efficient communication. However, enhanced connectivity results in heightened system vulnerability towards cybersecurity risks in the cyber-physical power system. Coor...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2024-01-01
|
| Series: | IEEE Open Access Journal of Power and Energy |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10740327/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832592854474555392 |
|---|---|
| author | Nitasha Sahani Chen-Ching Liu |
| author_facet | Nitasha Sahani Chen-Ching Liu |
| author_sort | Nitasha Sahani |
| collection | DOAJ |
| description | The fast-paced growth in digitization of smart grid components enhances system observability and remote-control capabilities through efficient communication. However, enhanced connectivity results in heightened system vulnerability towards cybersecurity risks in the cyber-physical power system. Coordinated cyber-attacks (CCA), when undetected, lead to system-wide impact in terms of large disturbances or widespread outages. Detecting CCA in the cyber layer is critical to thwart cyber-attacks in real-time before the attack impacts the physical system. The challenge of locating CCA stems from the complex grid dynamics, making it difficult to distinguish between normal operational variations and cyber-attack impact. CCA often employs multiple attack vectors targeting geographically distributed components, further complicating CCA identification. Existing research in intrusion detection is primarily focused on the transmission network and limited to detecting individual attacks. In this paper, a novel proactive DCA strategy is proposed for early detection of CCA by establishing correlations among distinct attack events through model-based reinforcement learning that utilizes abductive reasoning to conclude the attacker goal. The solution includes understanding the system model, learning the system dynamics, and correlating individual cyber-attacks to extract the attacker’s objective. The developed learning algorithm identifies the most probable attack path to reach the attacker’s objective by predicting the next attack steps. A DNP3-based cyber-physical co-simulation testbed is developed to test the proposed algorithm using the IEEE 13-node test feeder. |
| format | Article |
| id | doaj-art-46321c8b20184a85bbaa64236ec4ac3f |
| institution | Kabale University |
| issn | 2687-7910 |
| language | English |
| publishDate | 2024-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Open Access Journal of Power and Energy |
| spelling | doaj-art-46321c8b20184a85bbaa64236ec4ac3f2025-01-21T00:03:05ZengIEEEIEEE Open Access Journal of Power and Energy2687-79102024-01-011155857010.1109/OAJPE.2024.348947710740327Model-Based Detection of Coordinated Attacks (DCA) in Distribution SystemsNitasha Sahani0https://orcid.org/0000-0003-3891-1689Chen-Ching Liu1https://orcid.org/0000-0002-8941-7958Bradley Department of Electrical and Computer Engineering, Virginia Tech, Blacksburg, VA, USABradley Department of Electrical and Computer Engineering, Virginia Tech, Blacksburg, VA, USAThe fast-paced growth in digitization of smart grid components enhances system observability and remote-control capabilities through efficient communication. However, enhanced connectivity results in heightened system vulnerability towards cybersecurity risks in the cyber-physical power system. Coordinated cyber-attacks (CCA), when undetected, lead to system-wide impact in terms of large disturbances or widespread outages. Detecting CCA in the cyber layer is critical to thwart cyber-attacks in real-time before the attack impacts the physical system. The challenge of locating CCA stems from the complex grid dynamics, making it difficult to distinguish between normal operational variations and cyber-attack impact. CCA often employs multiple attack vectors targeting geographically distributed components, further complicating CCA identification. Existing research in intrusion detection is primarily focused on the transmission network and limited to detecting individual attacks. In this paper, a novel proactive DCA strategy is proposed for early detection of CCA by establishing correlations among distinct attack events through model-based reinforcement learning that utilizes abductive reasoning to conclude the attacker goal. The solution includes understanding the system model, learning the system dynamics, and correlating individual cyber-attacks to extract the attacker’s objective. The developed learning algorithm identifies the most probable attack path to reach the attacker’s objective by predicting the next attack steps. A DNP3-based cyber-physical co-simulation testbed is developed to test the proposed algorithm using the IEEE 13-node test feeder.https://ieeexplore.ieee.org/document/10740327/Abductive reasoningcoordinated attackscyberattackscyber-physical systemscybersecuritydistribution systems |
| spellingShingle | Nitasha Sahani Chen-Ching Liu Model-Based Detection of Coordinated Attacks (DCA) in Distribution Systems IEEE Open Access Journal of Power and Energy Abductive reasoning coordinated attacks cyberattacks cyber-physical systems cybersecurity distribution systems |
| title | Model-Based Detection of Coordinated Attacks (DCA) in Distribution Systems |
| title_full | Model-Based Detection of Coordinated Attacks (DCA) in Distribution Systems |
| title_fullStr | Model-Based Detection of Coordinated Attacks (DCA) in Distribution Systems |
| title_full_unstemmed | Model-Based Detection of Coordinated Attacks (DCA) in Distribution Systems |
| title_short | Model-Based Detection of Coordinated Attacks (DCA) in Distribution Systems |
| title_sort | model based detection of coordinated attacks dca in distribution systems |
| topic | Abductive reasoning coordinated attacks cyberattacks cyber-physical systems cybersecurity distribution systems |
| url | https://ieeexplore.ieee.org/document/10740327/ |
| work_keys_str_mv | AT nitashasahani modelbaseddetectionofcoordinatedattacksdcaindistributionsystems AT chenchingliu modelbaseddetectionofcoordinatedattacksdcaindistributionsystems |