Biblio

Most of the recent high-profile attacks targeting cyber-physical systems (CPS) started with lengthy reconnaissance periods that enabled attackers to gain in-depth understanding of the victim’s environment. To simulate these stealthy attacks, several covert channel tools have been published and proven effective in their ability to blend into existing CPS communication streams and have the capability for data exfiltration and command injection.In this paper, we report a novel machine learning feature engineering and data processing pipeline for the detection of covert channel attacks on CPS systems with real-time detection throughput. The system also operates at the network layer without requiring physical system domain-specific state modeling, such as voltage levels in a power generation system. We not only demonstrate the effectiveness of using TCP payload entropy as engineered features and the technique of grouping information into network flows, but also pitch the proposed detector against scenarios employing advanced evasion tactics, and still achieve above 99% detection performance.

The rapid complexity growth of electronic systems nowadays increases their vulnerability to hacking, such as fault injection, including insertion of glitches into the system clock to corrupt internal state through timing errors. As a countermeasure, a frequency locked loop (FLL) based clock glitch detector is proposed in this paper. Regulated from an external supply voltage, this FLL locks at 16-36X of the system clock, creating four phases to measure the system clock by oversampling at 64-144X. The samples are then used to sense the frequency and close the frequency locked loop, as well as to detect glitches through pattern matching. Implemented in a 5nm FINFET process, it can detect the glitches or pulse width variations down to 3.125% of the input 40MHz clock cycle with the supply varying from 0.5 to 1.0V.

Event detection and classification are crucial to power system stability. The Wide Area Measurement System (WAMS) technology helps in enhancing wide area situational awareness by providing useful synchronized information to the grid control center in order to accurately identify various power system events. This paper demonstrates the viability of using EWAMS (Egyptian Wide Area Measurement System) data as one of the evolving technologies of smart grid to identify extreme events within the Egyptian power grid. The proposed scheme is based on online synchronized measurements of wide-area monitoring devices known as Frequency Disturbance Recorders (FDRs) deployed at selected substations within the grid. The FDR measures the voltage, voltage angle, and frequency at the substation and streams the processed results to the Helwan University Host Server (HUHS). Each FDR is associated with a timestamp reference to the Global Positioning System (GPS) base. An EWAMS-based frequency disturbance detection algorithm based on the rate of frequency deviation is developed to identify varies types of events such as generator trip and load shedding. Based on proper thresholding on the frequency and rate of change of frequency of the Egyptian grid, different types of events have been captured in many locations during the supervision and monitoring the operation of the grid. EWAMS historical data is used to analyze a wide range of data pre-event, during and post-event for future enhancement of situational awareness as well as decision making.

A new methodology to calculate the hysteresis induced power loss of inductor from the measured waveforms of DC-to-DC converter during the voltage conversion is presented. From this study, we find that the duty cycles (D) of the buck and boost converters used till date for inductance current calculation are not exactly equal to VOUT/VIN and 1-VIN/VOUT as the inductance change induced by the hysteresis effect cannot be neglected. Although the increase in the loading currents of the converter increases the remanence magnetization of inductor at the turn-off time (toff), this remanence magnetization is destroyed by the turbulence induced vortex current at the transistor turn-on transient. So, the core power loss of inductor increases with the loading current of the converter and becomes much larger than other power losses and cannot be neglected for the power efficiency calculation during power stage design.

The load margin due to voltage instability and small-signal instability can be a valuable measure for the operator of the power system to ensure a continuous and safe supply of electricity. However, if this load margin was calculated without considering system operating requirements, then this margin may not be adequate. This article proposes an algorithm capable of providing the power system load margin considering the requirements of voltage stability, small-signal stability, and operational requirements, as limits of reactive power generation of synchronous generators in dynamic security assessment. Case studies were conducted in the 107-bus reduced order Brazilian system considering a list of contingencies and directions of load growth.

Phasor measurement units (PMUs) are used in power grids across North America to measure the amplitude, phase, and frequency of an alternating voltage or current. PMU's use the IEEE C37.118 protocol to send telemetry to phasor data collectors (PDC) and human machine interface (HMI) workstations in a control center. However, the C37.118 protocol utilizes the internet protocol stack without any authentication mechanism. This means that the protocol is vulnerable to false data injection (FDI) and false command injection (FCI). In order to study different scenarios in which C37.118 protocol's integrity and confidentiality can be compromised, we created a testbed that emulates a C37.118 communication network. In this testbed we conduct FCI and FDI attacks on real-time C37.118 data packets using a packet manipulation tool called Scapy. Using this platform, we generated C37.118 FCI and FDI datasets which are processed by multi-label machine learning classifier algorithms, such as Decision Tree (DT), k-Nearest Neighbor (kNN), and Naive Bayes (NB), to find out how effective machine learning can be at detecting such attacks. Our results show that the DT classifier had the best precision and recall rate.

This contribution provides the implementation of a holistic operational security assessment process for both steady-state security and dynamic stability. The merging of steady-state and dynamic security assessment as a sequential process is presented. A steady-state and dynamic modeling of a VSC-HVDC was performed including curative and stabilizing measures as remedial actions. The assessment process was validated by a case study on a modified version of the Nordic 32 system. Simulation results showed that measure selection based on purely steady-state contingency analysis can lead to loss of stability in time domain. A subsequent selection of measures on the basis of the dynamic security assessment was able to guarantee the operational security for the stationary N-1 scenario as well as the power system stability.

This paper proposes a machine-learning-based advanced online dynamic security assessment (DSA) method, which provides a detailed evaluation of the system stability after a disturbance by predicting impending loss of synchronism (LOS) of generators. Voltage angles at generator buses are used as the features of the different random forest (RF) classifiers which are trained to consecutively predict LOS of the generators as a contingency proceeds and updated measurements become available. A wide range of contingencies for various topologies and operating conditions of the IEEE 118-bus system has been studied in offline analysis using the GE positive sequence load flow analysis (PSLF) software to create a comprehensive dataset for training and testing the RF models. The performances of the trained models are evaluated in the presence of measurement errors using various metrics. The results reveal that the trained models are accurate, fast, and robust to measurement errors.

Process variation is the critical issue in hardware Trojan detection. In the state-of-art works, ring oscillators are employed to address this problem. But ring oscillators are very sensitive to IR-drop effect, which exists ICs. In this paper, based on circuit theory, a IR-drop calibration method is proposed. The nominal power supply voltage and the others power supply voltage with a very small difference of the nominal power supply voltage are applied to the test chip. It is assumed that they have the same IR-drop $Δ$V. Combined with these measured data, the value of Vth + $Δ$V, can be obtained by mathematic analysis. The typical Vth from circuit simulation is used to compute $Δ$V. We studied the proposed method in a tested chip.

Smart grid communication system deeply rely on information technologies which makes it vulnerable to variable cyber-attacks. Among possible attacks, False Data Injection (FDI) Attack has created a severe threat to smart grid control system. Attackers can manipulate smart grid measurements such as collected data of phasor measurement units (PMU) by implementing FDI attacks. Detection of FDI attacks with a simple and effective approach, makes the system more reliable and prevents network outages. In this paper we propose a Decomposed Nearest Neighbor algorithm to detect FDI attacks. This algorithm improves traditional k-Nearest Neighbor by using metric learning. Also it learns the local-optima free distance metric by solving a convex optimization problem which makes it more accurate in decision making. We test the proposed method on PMU dataset and compare the results with other beneficial machine learning algorithms for FDI attack detection. Results demonstrate the effectiveness of the proposed approach.

Field-Programmable Gate Arrays (FPGAs) are versatile, reconfigurable integrated circuits that can be used as hardware accelerators to process highly-sensitive data. Leaking this data and associated cryptographic keys, however, can undermine a system's security. To prevent potentially unintentional interactions that could break separation of privilege between different data center tenants, FPGAs in cloud environments are currently dedicated on a per-user basis. Nevertheless, while the FPGAs themselves are not shared among different users, other parts of the data center infrastructure are. This paper specifically shows for the first time that powering FPGAs, CPUs, and GPUs through the same power supply unit (PSU) can be exploited in FPGA-to-FPGA, CPU-to-FPGA, and GPU-to-FPGA covert channels between independent boards. These covert channels can operate remotely, without the need for physical access to, or modifications of, the boards. To demonstrate the attacks, this paper uses a novel combination of "sensing" and "stressing" ring oscillators as receivers on the sink FPGA. Further, ring oscillators are used as transmitters on the source FPGA. The transmitting and receiving circuits are used to determine the presence of the leakage on off-the-shelf Xilinx boards containing Artix 7 and Kintex 7 FPGA chips. Experiments are conducted with PSUs by two vendors, as well as CPUs and GPUs of different generations. Moreover, different sizes and types of ring oscillators are also tested. In addition, this work discusses potential countermeasures to mitigate the impact of the cross-board leakage. The results of this paper highlight the dangers of shared power supply units in local and cloud FPGAs, and therefore a fundamental need to re-think FPGA security for shared infrastructures.

Influence of remanent flux on hysteresis curve of the transformer core is addressed in this paper. In addition, its significant negative effect on transformer diagnostic tests is quantified based on experimental studies. Furthermore, a novel approach is proposed to efficiently and quickly eliminate the remanent flux. This approach is evaluated based on simulation studies on a 230/63-kV power transformer. Meanwhile, experimental studies are performed on both 0.2/0.2 and 20/0.4 kV transformers. These studies reveal that the approach not only is well able to eliminate the remanent flux, but also it has various advantages over the commonly used method. In addition, this approach is equally applicable for various power, distribution, and instrument transformer types.

This paper sheds light on the collaborative efforts in restoring cyber and physical subsystems of a modern power distribution system after the occurrence of an extreme weather event. The extensive cyber-physical interdependencies in the operation of power distribution systems are first introduced for investigating the functionality loss of each subsystem when the dependent subsystem suffers disruptions. A resilience index is then proposed for measuring the effectiveness of restoration activities in terms of restoration rapidity. After modeling operators' decision making for economic dispatch as a second-order cone programming problem, this paper proposes a heuristic approach for prioritizing the activities for restoring both cyber and physical subsystems. In particular, the proposed heuristic approach takes into consideration of cyber-physical interdependencies for improving the operation performance. Case studies are also conducted to validate the collaborative restoration model in the 33-bus power distribution system.

The application of line current differential relays (LCDRs) to protect transmission lines has recently proliferated. However, the reliance of LCDRs on digital communication channels has raised growing cyber-security concerns. This paper investigates the impacts of false data injection attacks (FDIAs) on the performance of LCDRs. It also develops coordinated attacks that involve multiple components, including LCDRs, and can cause false line tripping. Additionally, this paper proposes a technique for detecting FDIAs against LCDRs and differentiating them from actual faults in two-terminal lines. In this method, when an LCDR detects a fault, instead of immediately tripping the line, it calculates and measures the superimposed voltage at its local terminal, using the proposed positive-sequence (PS) and negative-sequence (NS) submodules. To calculate this voltage, the LCDR models the protected line in detail and replaces the rest of the system with a Thevenin equivalent that produces accurate responses at the line terminals. Afterwards, remote current measurement is utilized by the PS and NS submodules to compute each sequence's superimposed voltage. A difference between the calculated and the measured superimposed voltages in any sequence reveals that the remote current measurements are not authentic. Thus, the LCDR's trip command is blocked. The effectiveness of the proposed method is corroborated using simulation results for the IEEE 39-bus test system. The performance of the proposed method is also tested using an OPAL real-time simulator.

On-Load Tap Changing transformers are a widely used voltage regulation device. In the context of modern or smart grids, the control signals, i.e., the tap change commands are sent through SCADA channels. It is well known that the power system SCADA networks are prone to attacks involving injection of false data or commands. While false data injection is well explored in existing literature, attacks involving malicious control signals/commands are relatively unexplored. In this paper, an algorithm is developed to detect a stealthily introduced malicious tap change command through a compromised SCADA channel. This algorithm is based on the observation that a stealthily introduced false data or command masks the true estimation of only a few state variables. This leaves the rest of the state variables to show signs of a change in system state brought about by the attack. Using this observation, an index is formulated based on the ratios of injection or branch currents to voltages of the terminal nodes of the tap changers. This index shows a significant increase when there is a false tap command injection, resulting in easy classification from normal scenarios where there is no attack. The algorithm is computationally light, easy to implement and reliable when tested extensively on several tap changers placed in an IEEE 118-bus system.

The chances of cyber-attacks have been increased because of incorporation of communication networks and information technology in power system. Main objective of the paper is to prove that attacker can launch the attack vector without the knowledge of complete network information and the injected false data can't be detected by power system operator. This paper also deals with analyzing the impact of multi-attacking strategy on the power system. This false data attacks incurs lot of damage to power system, as it misguides the power system operator. Here, we demonstrate the construction of attack vector and later we have demonstrated multiple attacking regions in IEEE 14 bus system. Impact of attack vector on the power system can be observed and it is proved that the attack cannot be detected by power system operator with the help of residue check method.

Large-scale blackouts that have occurred in the past few decades have necessitated the need to do extensive research in the field of grid security assessment. With the aid of synchrophasor technology, which uses phasor measurement unit (PMU) data, dynamic security assessment (DSA) can be performed online. However, existing applications of DSA are challenged by variability in system conditions and unaccounted for measurement errors. To overcome these challenges, this research develops a DSA scheme to provide security prediction in real-time for load profiles of different seasons in presence of realistic errors in the PMU measurements. The major contributions of this paper are: (1) develop a DSA scheme based on PMU data, (2) consider seasonal load profiles, (3) account for varying penetrations of renewable generation, and (4) compare the accuracy of different machine learning (ML) algorithms for DSA with and without erroneous measurements. The performance of this approach is tested on the IEEE-118 bus system. Comparative analysis of the accuracies of the ML algorithms under different operating scenarios highlights the importance of considering realistic errors and variability in system conditions while creating a DSA scheme.

As power grid control systems become increasingly automated and distributed, security has become a significant design concern. Systems increasingly expose new avenues, at a variety of levels, for attackers to exploit and enable widespread disruptions and/or surveillance. Much prior work has explored the implications of attack models focused on false data injection at the front-end of the control system (i.e. during state estimation) [1]. Instead, in this paper we focus on characterizing the inherent cyber-attack vulnerabilities with power flow. Power flow (and power flow constraints) are at the core of many applications critical to operation of power grids (e.g. state estimation, economic dispatch, contingency analysis, etc.). We propose two algorithmic approaches for characterizing the vulnerability of buses within power grids to cyber-attacks. Specifically, we focus on measuring the instability of power flow to attacks which manifest as either voltage or power related errors. Our results show that attacks manifesting as voltage errors are an order of magnitude more likely to cause instability than attacks manifesting as power related errors (and 5x more likely for state estimation as compared to power flow).

Data leakage and disclosure to attackers is a significant problem in embedded systems, considering the ability of attackers to get physical access to the systems. We present methods to protect memory data leakage in tamper-proof embedded systems. We present methods that exploit memory supply voltage manipulation to change the memory contents, leading to an operational and reusable memory or to destroy memory cell circuitry. For the case of memory data change, we present scenaria for data change to a known state and to a random state. The data change scenaria are effective against attackers who cannot detect the existence of the protection circuitry; furthermore, original data can be calculated in the case of data change to a known state, if the attacker identifies the protection circuitry and its operation. The methods that change memory contents to a random state or destroy memory cell circuitry lead to irreversible loss of the original data. However, since the known state can be used to calculate the original data.

Security and consistency of smart grids is one of the main issues in the design and maintenance of highly controlled and monitored new power grids. Bad data injection attack could lead to disasters such as power system outage, or huge economical losses. In many attack scenarios, the attacker can come up with new attack strategies that couldn't be detected by the traditional bad data detection methods. Adaptive Partitioning State Estimation (APSE) method [3] has been proposed recently to combat such attacks. In this work, we evaluate and compare with a traditional method. The main idea of APSE is to increase the sensitivity of the chi-square test by partitioning the large grids into small ones and apply the test on each partition individually and repeat this procedure until the faulty node is located. Our simulation findings using MATPOWER program show that the method is not consistent where it is sensitive the systems size and the location of faulty nodes as well.

False data injection is an on-going concern facing power system state estimation. In this work, a neural network is trained to detect the existence of false data in measurements. The proposed approach can make use of historical data, if available, by using them in the training sets of the proposed neural network model. However, the inputs of perceptron model in this work are the residual elements from the state estimation, which are highly correlated. Therefore, their dimension could be reduced by preserving the most informative features from the inputs. To this end, principal component analysis is used (i.e., a data preprocessing technique). This technique is especially efficient for highly correlated data sets, which is the case in power system measurements. The results of different perceptron models that are proposed for detection, are compared to a simple perceptron that produces identical result to the outlier detection scheme. For generating the training sets, state estimation was run for different false data on different measurements in 13-bus IEEE test system, and the residuals are saved as inputs of training sets. The testing results of the trained network show its good performance in detection of false data in measurements.

A method for the multiple faults diagnosis in linear analog circuits is presented in this paper. The proposed approach is based upon the concept named by the indirect compensation theorem. This theorem is reducing the procedure of fault diagnosis in the analog circuit to the symbolic analysis process. An extension of the indirect compensation theorem for the linear subcircuit is proposed. The indirect compensation provides equivalent replacement of the n-ports subcircuit by n norators and n fixators of voltages and currents. The proposed multiple faults diagnosis techniques can be used for evaluation of any kind of terminal characteristics of the two-port network. For calculation of the circuit determinant expressions, the Generalized Parameter Extraction Method is implemented. The main advantage of the analysis method is that it is cancellation free. It requires neither matrix nor ordinary graph description of the circuit. The process of symbolic circuit analysis is automated by the freeware computer program Cirsym which can be used online. The experimental results are presented to show the efficiency and reliability of the proposed technique.

Technological advancement enables the need of internet everywhere. The power industry is not an exception in the technological advancement which makes everything smarter. Smart grid is the advanced version of the traditional grid, which makes the system more efficient and self-healing. Synchrophasor is a device used in smart grids to measure the values of electric waves, voltages and current. The phasor measurement unit produces immense volume of current and voltage data that is used to monitor and control the performance of the grid. These data are huge in size and vulnerable to attacks. Intrusion Detection is a common technique for finding the intrusions in the system. In this paper, a big data framework is designed using various machine learning techniques, and intrusions are detected based on the classifications applied on the synchrophasor dataset. In this approach various machine learning techniques like deep neural networks, support vector machines, random forest, decision trees and naive bayes classifications are done for the synchrophasor dataset and the results are compared using metrics of accuracy, recall, false rate, specificity, and prediction time. Feature selection and dimensionality reduction algorithms are used to reduce the prediction time taken by the proposed approach. This paper uses apache spark as a platform which is suitable for the implementation of Intrusion Detection system in smart grids using big data analytics.

The smart grid is an electrical grid that has a duplex communication. This communication is between the utility and the consumer. Digital system, automation system, computers and control are the various systems of Smart Grid. It finds applications in a wide variety of systems. Some of its applications have been designed to reduce the risk of power system blackout. Dynamic vulnerability assessment is done to identify, quantify, and prioritize the vulnerabilities in a system. This paper presents a novel approach for classifying the data into one of the two classes called vulnerable or non-vulnerable by carrying out Dynamic Vulnerability Assessment (DVA) based on some data mining techniques such as Multichannel Singular Spectrum Analysis (MSSA), and Principal Component Analysis (PCA), and a machine learning tool such as Support Vector Machine Classifier (SVM-C) with learning algorithms that can analyze data. The developed methodology is tested in the IEEE 57 bus, where the cause of vulnerability is transient instability. The results show that data mining tools can effectively analyze the patterns of the electric signals, and SVM-C can use those patterns for analyzing the system data as vulnerable or non-vulnerable and determines System Vulnerability Status.

Intrusion detection has been an active field of research for more than 35 years. Numerous systems had been built based on the two fundamental detection principles, knowledge-based and behavior-based detection. Anyway, having a look at day-to-day news about data breaches and successful attacks, detection effectiveness is still limited. Even more, heavy-weight intrusion detection systems cannot be installed in every endangered environment. For example, Industrial Control Systems are typically utilized for decades, charging off huge investments of companies. Thus, some of these systems have been in operation for years, but were designed afore without security in mind. Even worse, as systems often have connections to other networks and even the Internet nowadays, an adequate protection is mandatory, but integrating intrusion detection can be extremely difficult - or even impossible to date. We propose a new lightweight current-based IDS which is using a difficult to manipulate measurement base and verifiable ground truth. Focus of our system is providing intrusion detection for ICS and SCADA on a low-priced base, easy to integrate. Dr. WATTson, a prototype implemented based on our concept provides high detection and low false alarm rates.