Do you want to publish a course? Click here

Towards an Approach to Contextual Detection of Multi-Stage Cyber Attacks in Smart Grids

138   0   0.0 ( 0 )
 Added by Martin Henze
 Publication date 2021
and research's language is English




Ask ChatGPT about the research

Electric power grids are at risk of being compromised by high-impact cyber-security threats such as coordinated, timed attacks. Navigating this new threat landscape requires a deep understanding of the potential risks and complex attack processes in energy information systems, which in turn demands an unmanageable manual effort to timely process a large amount of cross-domain information. To provide an adequate basis to contextually assess and understand the situation of smart grids in case of coordinated cyber-attacks, we need a systematic and coherent approach to identify cyber incidents. In this paper, we present an approach that collects and correlates cross-domain cyber threat information to detect multi-stage cyber-attacks in energy information systems. We investigate the applicability and performance of the presented correlation approach and discuss the results to highlight challenges in domain-specific detection mechanisms.



rate research

Read More

100 - Jianyu Xu , Bin Liu , Huadong Mo 2021
The cybersecurity of smart grids has become one of key problems in developing reliable modern power and energy systems. This paper introduces a non-stationary adversarial cost with a variation constraint for smart grids and enables us to investigate the problem of optimal smart grid protection against cyber attacks in a relatively practical scenario. In particular, a Bayesian multi-node bandit (MNB) model with adversarial costs is constructed and a new regret function is defined for this model. An algorithm called Thompson-Hedge algorithm is presented to solve the problem and the superior performance of the proposed algorithm is proven in terms of the convergence rate of the regret function. The applicability of the algorithm to real smart grid scenarios is verified and the performance of the algorithm is also demonstrated by numerical examples.
Modern electric power grid, known as the Smart Grid, has fast transformed the isolated and centrally controlled power system to a fast and massively connected cyber-physical system that benefits from the revolutions happening in the communications and the fast adoption of Internet of Things devices. While the synergy of a vast number of cyber-physical entities has allowed the Smart Grid to be much more effective and sustainable in meeting the growing global energy challenges, it has also brought with it a large number of vulnerabilities resulting in breaches of data integrity, confidentiality and availability. False data injection (FDI) appears to be among the most critical cyberattacks and has been a focal point interest for both research and industry. To this end, this paper presents a comprehensive review in the recent advances of the defence countermeasures of the FDI attacks in the Smart Grid infrastructure. Relevant existing literature are evaluated and compared in terms of their theoretical and practical significance to the Smart Grid cybersecurity. In conclusion, a range of technical limitations of existing false data attack detection researches are identified, and a number of future research directions are recommended.
False Data Injection (FDI) attacks are a common form of Cyber-attack targetting smart grids. Detection of stealthy FDI attacks is impossible by the current bad data detection systems. Machine learning is one of the alternative methods proposed to detect FDI attacks. This paper analyzes three various supervised learning techniques, each to be used with three different feature selection (FS) techniques. These methods are tested on the IEEE 14-bus, 57-bus, and 118-bus systems for evaluation of versatility. Accuracy of the classification is used as the main evaluation method for each detection technique. Simulation study clarify the supervised learning combined with heuristic FS methods result in an improved performance of the classification algorithms for FDI attack detection.
Increasing volatilities within power transmission and distribution force power grid operators to amplify their use of communication infrastructure to monitor and control their grid. The resulting increase in communication creates a larger attack surface for malicious actors. Indeed, cyber attacks on power grids have already succeeded in causing temporary, large-scale blackouts in the recent past. In this paper, we analyze the communication infrastructure of power grids to derive resulting fundamental challenges of power grids with respect to cybersecurity. Based on these challenges, we identify a broad set of resulting attack vectors and attack scenarios that threaten the security of power grids. To address these challenges, we propose to rely on a defense-in-depth strategy, which encompasses measures for (i) device and application security, (ii) network security, (iii) physical security, as well as (iv) policies, procedures, and awareness. For each of these categories, we distill and discuss a comprehensive set of state-of-the art approaches, and identify further opportunities to strengthen cybersecurity in interconnected power grids.
The fundamental changes in power supply and increasing decentralization require more active grid operation and an increased integration of ICT at all power system actors. This trend raises complexity and increasingly leads to interactions between primary grid operation and ICT as well as different power system actors. For example, virtual power plants control various assets in the distribution grid via ICT to jointly market existing flexibilities. Failures of ICT or targeted attacks can thus have serious effects on security of supply and system stability. This paper presents a holistic approach to providing methods specifically for actors in the power system for prevention, detection, and reaction to ICT attacks and failures. The focus of our measures are solutions for ICT monitoring, systems for the detection of ICT attacks and intrusions in the process network, and the provision of actionable guidelines as well as a practice environment for the response to potential ICT security incidents.
comments
Fetching comments Fetching comments
Sign in to be able to follow your search criteria
mircosoft-partner

هل ترغب بارسال اشعارات عن اخر التحديثات في شمرا-اكاديميا