Biblio

Software vulnerabilities threaten the security of computer system, and recently more and more loopholes have been discovered and disclosed. For the detected vulnerabilities, the relevant personnel will analyze the vulnerability characteristics, and combine the vulnerability scoring system to determine their severity level, so as to determine which vulnerabilities need to be dealt with first. In recent years, some characteristic description-based methods have been used to predict the severity level of vulnerability. However, the traditional text processing methods only grasp the superficial meaning of the text and ignore the important contextual information in the text. Therefore, this paper proposes an innovative method, called BERT-CNN, which combines the specific task layer of Bert with CNN to capture important contextual information in the text. First, we use Bert to process the vulnerability description and other information, including Access Gained, Attack Origin and Authentication Required, to generate the feature vectors. Then these feature vectors of vulnerabilities and their severity levels are input into a CNN network, and the parameters of the CNN are gotten. Next, the fine-tuned Bert and the trained CNN are used to predict the severity level of a vulnerability. The results show that our method outperforms the state-of-the-art method with 91.31% on F1-score.

The outages and power shortages are common occurrences in today's world and they have a significant economic impact. These failures can be minimized by making the power grid topologically robust. Therefore, the vulnerability assessment in power systems has become a major concern. This paper considers both pure and extended topological method to analyse the vulnerability of the power system to single line failures. The lines are ranked based on four spectral graph metrics: spectral radius, algebraic connectivity, natural connectivity, and effective graph resistance. A correlation is established between all the four metrics. The impact of load uncertainty on the component ranking has been investigated. The vulnerability assessment has been done on IEEE 9-bus system. It is observed that load variation has minor impact on the ranking.

This paper conducts simulation analysis on power transmission lines and availability of power communication link based on Latin hypercube sampling. It proposes a new method of vulnerability communication link assessment for electric cyber physical system. Wind power output, transmission line failure and communication link failure of electric cyber physical system are sampled to obtain different operating states of electric cyber physical system. The connectivity of communication links under different operating states of electric cyber physical system is calculated to judge whether the communication nodes of the links are connected with the control master station. According to the connection between the link communication node and the control master station, the switching load and switching load of the electric cyber physical system in different operating states are calculated, and the optimal switching load of the electric cyber physical system in different operating states is obtained. This method can clearly identify the vulnerable link in the electric cyber physical system, so as to monitor the vulnerable link and strengthen the link strength.

For the huge charging demands of numerous electric vehicles (EVs), coordinated charging is increasing in power grid. However, since connected with public networks, the coordinated charging control system is in a low-level cyber security and greatly vulnerable to malicious attacks. This paper investigates the malicious mode attack (MMA), which is a new cyber-attack pattern that simultaneously attacks massive EV charging piles to generate continuous sinusoidal power disturbance with the same frequency as the poorly-damped wide-area electromechanical mode. Thereby, high amplitude forced oscillations are stimulated by MMA, which seriously threats the stability of power systems and the power supply of charging stations. The potential threat of MMA is clarified by investigating the vulnerability of the IoT-based coordinated charging load control system, and an MMA process like Mirai is pointed out as an example. An MMA model is established for impact analysis. A hardware test platform is built for the verification of the MMA model. Test result verified the existence of MMA and the accuracy of the MMA model.

Aiming at the specificity and complexity of the power IoT terminal, a method of power IoT terminal firmware vulnerability detection based on memory fuzzing is proposed. Use the method of bypassing the execution to simulate and run the firmware program, dynamically monitor and control the execution of the firmware program, realize the memory fuzzing test of the firmware program, design an automatic vulnerability exploitability judgment plug-in for rules and procedures, and provide power on this basis The method and specific process of the firmware vulnerability detection of the IoT terminal. The effectiveness of the method is verified by an example.

Despite the fact that the power grid is typically regarded as a relatively stable system, outages and electricity shortages are common occurrences. Grid security is mainly dependent on accurate vulnerability assessment. The vulnerability can be assessed in terms of topology-based metrics and flow-based metrics. In this work, power flow analysis is used to calculate the metrics under single line contingency (N-1) conditions. The effect of load uncertainty on system vulnerability is checked. The IEEE 30 bus power network has been used for the case study. It has been found that the variation in load demand affects the system vulnerability.

This paper proposes a power network vulnerability analysis method based on topological approach considering of uncertainties from high-penetrated wind generations. In order to assess the influence of the impact of wind generation owing to its variable wind speed etc., the Quasi Monte Carlo based probabilistic load flow is adopted and performed. On the other hand, an extended stochastic topological vulnerability method involving Complex Network theory with probabilistic load flow is proposed. Corresponding metrics, namely stochastic electrical betweenness and stochastic net-ability are proposed respectively and applied to analyze the vulnerability of power network with wind generations. The case study of CIGRE medium voltage benchmark network is performed for illustration and evaluation. Furthermore, a cascading failures model considering the stochastic metrics is also developed to verify the effectiveness of proposed methodology.

In recent years, the blackout accident shows that the cause of power failure is not only in the power network, but also in the cyber network. Aiming at the problem of cyber network fault Cyber-physical power systems, combined with the structure and functional attributes of cyber network, the comprehensive criticality of information node is defined. By evaluating the vulnerability of ieee39 node system, it is found that the fault of high comprehensive criticality information node will cause greater load loss to the system. The simulation results show that the comprehensive criticality index can effectively identify the key nodes of the cyber network.

The power industrial control system is an important part of the national critical Information infrastructure. Its security is related to the national strategic security and has become an important target of cyber attacks. In order to solve the problem that the vulnerability detection technology of power industrial control system cannot meet the requirement of non-destructive, this paper proposes an industrial control vulnerability analysis technology combined with dynamic and static analysis technology. On this basis, an industrial control non-destructive vulnerability detection system is designed, and a simulation verification platform is built to verify the effectiveness of the industrial control non-destructive vulnerability detection system. These provide technical support for the safety protection research of the power industrial control system.

Rapid development of wireless technologies has driven the evolution of smart grid application. In smart grid, authentication plays an important role for secure communication between smart meter and service provider. Hence, the design of secure authenticated key agreement schemes has received significant attention from researchers. In these schemes, a trusted third party directly participates in key agreement process. Although, this third party is assumed as trusted, however we cannot reject the possibility that being a third party, it can also be malicious. In the existing works, either the established session key is revealed to the agents of a trusted third party, or a trusted third party agent can impersonate the smart meter and establish a valid session key with the service provider, which is likely to cause security vulnerabilities. Therefore, there is a need to design a secure authentication scheme so that only the deserving entities involved in the communication can establish and know the session key. This paper proposes a new secure authenticated key agreement scheme for smart grid considering the fact that the third party can also be malicious. The security of the proposed scheme has been thoroughly evaluated using an adversary model. Correctness of the scheme has been analyzed using the broadly accepted Burrows-Abadi-Needham (BAN) Logic. In addition, the formal security verification of the proposed scheme has been performed using the widely accepted Automated Validation of Internet Security Protocols and Applications (AVISPA) simulation tool. Results of this simulation confirm that the proposed scheme is safe. Detailed security analysis shows the robustness of the scheme against various known attacks. Moreover, the comparative performance study of the proposed scheme with other relevant schemes is presented to demonstrate its practicality.

Due to the large number of terminal nodes and wide deployment of power IOT, it is vulnerable to attacks such as physical hijacking, communication link theft and replay. In order to sense and measure the security risks and threats of massive power IOT terminals in real time, a security threat assessment for power IOT terminals based on knowledge graph was proposed. Firstly, the basic data, operation data and alarm threat data of power IOT terminal equipment are extracted and correlated, and the power IOT terminal based on knowledge graph is constructed. Then, the real-time monitoring data of the power IOT terminal is preprocessed. Based on the knowledge graph of the power IOT terminal, the safety analysis and operation analysis of the terminal are carried out, and the threat index of the power IOT terminal is perceived in real time. Finally, security operation and maintenance personnel make disposal decisions on the terminals according to the threat index of power IOT terminals to ensure the safe and stable operation of power IOT terminal nodes. The experimental results show that compared with the traditional IPS, the method can effectively detect the security threat of the power IOT terminal and reduce the alarm vulnerability rate.

The study of networks is an extensively investigated field of research, with networks and network structure often encoding relationships describing certain systems or processes. Critical infrastructure is understood as being a structure whose failure or damage has considerable impact on safety, security and wellbeing of society, with power systems considered a classic example. The work presented in this paper builds on the long-lasting foundations of network and complex network theory, proposing an extension in form of rebalance based flow centrality for structural vulnerability assessment and critical component identification in adaptive network topologies. The proposed measure is applied to power system vulnerability analysis, with performance demonstrated on the IEEE 30-, 57- and 118-bus test system, outperforming relevant methods from the state-of-the-art. The proposed framework is deterministic (guaranteed), analytically obtained (interpretable) and generalizes well with changing network parameters, providing a complementary tool to power system vulnerability analysis and planning.

The security of the power grid is the first element of its operation. This paper aims at finding the vulnerability nodes in the power grid to prevent it from being destroyed. A novel comprehensive vulnerability index is proposed to the singleness of evaluation indicators for existing literature by integrating the power grid's topology information and operating state. Taking IEEE-118 as an example, the simulation analysis proves that the proposed vulnerability index has certain discriminative advantages and the best weighting factor is obtained through correlation analysis.

With the rapid development of the electric power Internet-of-Things (power IoT) technology and the widespread use of general-purpose software, hardware and network facilities, the power IoT has become more and more open, which makes the traditional power system face new cyber security threats. In order to find the vulnerable device nodes and attack links in the power IoT system, this paper studies a set of attack path calculation methods and vulnerability node discovery algorithms, which can construct a power IoT attack simulation program based on the value of equipment assets and information attributes. What’s more, this paper has carried on the example analysis and verification on the improved IEEE RBTS Bus 2 system. Based on the above research plan, this paper finally developed a set of power IoT attack simulation tool based on distribution electronic stations, which can well find the vulnerable devices in the system.

As an important part of the intelligent measurement system, IOT terminal is in the “edge” layer of the intelligent measurement system architecture. It is the key node of power grid management and cloud fog integration. Its information security is the key to the construction of the security system of intelligent measurement, and the security link between the cloud and sensor measurement. With the in-depth integration of energy flow, information flow and business flow, and the in-depth application of digital technologies such as cloud computing, big data, internet of things, mobile Internet and artificial intelligence, the transformation and development of power system to digital and high-quality digital power grid has been accelerated. As a typical multi-dimensional complex system combining physical space and information space, the security threats and risks faced by the digital grid are more complex. The security risks in the information space will transfer the hazards to the power system and physical space. The Internet of things terminal is facing a more complex situation in the security field than before. This paper studies the feasibility of the security monitoring technology of the Internet of things terminal, in order to reduce the potential risks, improve the safe operation environment of the Internet of things terminal and improve the level of the security protection of the Internet of things terminal. One is to study the potential security problems of Internet of things terminal, and put forward the technical specification of security protection of Internet of things terminal. The second is to study the Internet of things terminal security detection technology, research and develop terminal security detection platform, and realize the unified detection of terminal security protection. The third is to study the security monitoring technology of the Internet of things terminal, develop the security monitoring system of the Internet of things terminal, realize the terminal security situation awareness and threat identification, timely discover the terminal security vulnerabilities, and ensure the stable and safe operation of the terminal and related business master station.

Smart grids have to protect meter measurements against false data injection attacks. By modifying the meter measurements, the attacker misleads the control decisions of the control center, which results in physical damages of power systems. In this paper, we propose a reinforcement learning based vulnerability analysis scheme for data injection attack without relying on the power system topology. This scheme enables the attacker to choose the data injection attack vector based on the meter measurements, the power system status, the previous injected errors and the number of meters to compromise. By combining deep reinforcement learning with prioritized experience replay, the proposed scheme more frequently replays the successful vulnerability detection experiences while bypassing the bad data detection, which is able to accelerate the learning speed. Simulation results based on the IEEE 14 bus system show that this scheme increases the probability of successful vulnerability detection and reduce the number of meters to compromise compared with the benchmark scheme.

5G smart grid applications rely on its high-performance transmission and bearer network. With the help of complex network theory, this paper first analyzes the complex network characteristic parameters of 5G smart grid, and explains the necessity and supporting significance of network vulnerability analysis for efficient transmission of 5G network. Then the node importance analysis algorithm based on node degree and clustering coefficient (NIDCC) is proposed. According to the results of simulation analysis, the power network has smaller path length and higher clustering coefficient in terms of static parameters, which indicates that the speed and breadth of fault propagation are significantly higher than that of random network. It further shows the necessity of network vulnerability analysis. By comparing with the other two commonly used algorithms, we can see that NIDCC algorithm can more accurately estimate and analyze the weak links of the network. It is convenient to carry out the targeted transformation of the power grid and the prevention of blackout accidents.

The power cyber-physical system combines the cyber network with the traditional electrical power network, which can monitor and control the operation of the power grid stably and efficiently. Since the system's structure and function is complicated and large, it becomes fragile as a result. Therefore, establishing a reasonable and effective CPS model and discussing its vulnerability performance under external attacks is essential and vital for power grid operation. This paper uses the theory of complex networks to establish a independent system model by IEEE-118-node power network and 200-node scale-free information network, introducing information index to identify and sort important nodes in the network, and then cascade model of the power cyber-physical system based on the node load capacity is constructed and the vulnerability assessment analysis is carried out. The simulation shows that the disintegration speed of the system structure under deliberate attacks is faster than random attacks; And increasing the node threshold can effectively inhibit the propagation of failure.

The vulnerability assessment of the cyber-physical power system based on complex network theory is applied in this paper. The influence of the power system statistics upon the system vulnerability is studied based on complex network theory. The electrical betweenness is defined to suitably describe the power system characteristics. The real power systems are utilized as examples to analyze the distribution of the degree and betweenness of the power system as a complex network. The topology model of the cyber-physical power system is formed, and the static analysis is implemented to the study of the cyber-physical power system structural vulnerability. The IEEE 300 bus test system is selected to verify the model.

With the ever-increasing reliance on data for data-driven applications in power grids, such as event cause analysis, the authenticity of data streams has become crucially important. The data can be prone to adversarial stealthy attacks aiming to manipulate the data such that residual-based bad data detectors cannot detect them, and the perception of system operators or event classifiers changes about the actual event. This paper investigates the impact of adversarial attacks on convolutional neural network-based event cause analysis frameworks. We have successfully verified the ability of adversaries to maliciously misclassify events through stealthy data manipulations. The vulnerability assessment is studied with respect to the number of compromised measurements. Furthermore, a defense mechanism to robustify the performance of the event cause analysis is proposed. The effectiveness of adversarial attacks on changing the output of the framework is studied using the data generated by real-time digital simulator (RTDS) under different scenarios such as type of attacks and level of access to data.

With the development of smart grid technologies and the fast adoption of household IoT devices in recent years, new threats, attacks, and security challenges arise. While a large number of vulnerabilities, threats, attacks and controls have been discussed in the literature, there lacks an abstract and generalizable framework that can be used to model the cyber-physical interactions of attacks and guide the design of defense mechanisms. In this paper, we propose a new modeling approach for security attacks in smart grids and IoT devices using a Cyber-Physical Systems (CPS) perspective. The model considers both the cyber and physical aspects of the core components of the smart grid system and the household IoT devices, as well as the interactions between the components. In particular, our model recognizes the two parallel attack channels via the cyber world and the physical world, and identifies the potential crossing routes between these two attack channels. We further discuss all possible attack surfaces, attack objectives, and attack paths in this newly proposed model. As case studies, we examine from the perspective of this new model three representative attacks proposed in the literature. The analysis demonstrates the applicability of the model, for instance, to assist the design of detection and defense mechanisms against smart grid cyber-attacks.

Power systems automation and communication standards are crucial for the transition of the conventional power system towards a smart grid. The IEC 61850 standard is widely used for substation automation and protection. It enables real-time communication and data exchange between critical substation automation devices. IEC 61850 serves as the foundation for open communication and data exchange for digital substations of the smart grid. However, IEC 61850 has cyber security vulnerabilities that can be exploited with a man-in-the-middle attack. Such coordinated cyber attacks against the protection system in digital substations can disconnect generation and transmission lines, causing cascading failures. In this paper, we demonstrate a cyber attack involving the Generic Object-Oriented Substation Event (GOOSE) protocol of IEC 61850. This is achieved by exploiting the cyber security vulnerabilities in the protocol and injecting spoofed GOOSE data frames into the substation communication network at the bay level. The cyber attack leads to tripping of multiple protective relays in the power grid, eventually resulting in a blackout. The attack model and impact on system dynamics are verified experimentally through hardware-in-the-loop simulations using commercial relays and Real-Time Digital Simulator (RTDS).

In a smart power grid, phasor measurement devices provide critical status updates in order to enable stabilization of the grid against fluctuations in power demands and component failures. Particularly the trend is to employ a large number of phasor measurement units (PMUs) that are inter-networked through wireless links. We tackle the vulnerability of such a wireless PMU network to message replay and false data injection (FDI) attacks. We propose a novel approach for avoiding explicit data transmission through PMU measurements prediction. Our methodology is based on applying advanced machine learning techniques to forecast what values will be reported and associate a level of confidence in such prediction. Instead of sending the actual measurements, the PMU sends the difference between actual and predicted values along with the confidence level. By applying the same technique at the grid control or data aggregation unit, our approach implicitly makes such a unit aware of the actual measurements and enables authentication of the source of the transmission. Our approach is data-driven and varies over time; thus it increases the PMU network resilience against message replay and FDI attempts since the adversary's messages will violate the data prediction protocol. The effectiveness of approach is validated using datasets for the IEEE 14 and IEEE 39 bus systems and through security analysis.

In recent years, there are more and more attacks and exploitation aiming at network security vulnerabilities. It is effective for us to prevent criminals from exploiting vulnerabilities for attacks and help security analysts maintain equipment security that knows vulnerabilities and threats on time. With the knowledge graph, we can organize, manage, and utilize the massive information effectively in cyberspace. In this paper we construct the vulnerability ontology after analyzing multi-source heterogeneous databases. And the vulnerability knowledge graph is established. Experimental results show that the accuracy of entity recognition for extracting vendor names reaches 89.76%. The more rules used in entity recognition, the higher the accuracy and the lower the error rate.

Power system automation and communication standards are spearheading the power system transition towards a smart grid. IEC 61850 is one such standard, which is widely used for substation automation and protection. It enables real-time communication and data exchange between critical substation automation and protection devices within digital substations. However, IEC 61850 is not cyber secure. In this paper, we demonstrate the dangerous implications of not securing IEC 61850 standard. Cyber attacks may exploit the vulnerabilities of the Sampled Values (SV) and Generic Object-Oriented Substation Event (GOOSE) protocols of IEC 61850. The cyber attacks may be realised by injecting spoofed SV and GOOSE data frames into the substation communication network at the bay level. We demonstrate that such cyber attacks may lead to obstruction or tripping of multiple protective relays. Coordinated cyber attacks against the protection system in digital substations may cause generation and line disconnections, triggering cascading failures in the power grid. This may eventually result in a partial or complete blackout. The attack model, impact on system dynamics and cascading failures are veri ed experimentally through a proposed cyber-physical experimental framework that closely resembles real-world conditions within a digital substation, including Intelligent Electronic Devices (IEDs) and protection schemes. It is implemented through Hardware-in-the-Loop (HIL) simulations of commercial relays with a Real-Time Digital Simulator (RTDS).