Search Menu
DOE PAGES title logo U.S. Department of Energy
Office of Scientific and Technical Information
Search Scholarly Publications

Title: Model-Based Detection of Coordinated Attacks (DCA) in Distribution Systems

Journal Article · · IEEE Open Access Journal of Power and Energy
ORCiD logo [1]; ORCiD logo [1]
  1. Virginia Polytechnic Inst. and State Univ. (Virginia Tech), Blacksburg, VA (United States)
+ Show Author Affiliations

The fast-paced growth in digitization of smart grid components enhances system observability and remote-control capabilities through efficient communication. However, enhanced connectivity results in heightened system vulnerability towards cybersecurity risks in the cyber-physical power system. Coordinated cyber-attacks (CCA), when undetected, lead to system-wide impact in terms of large disturbances or widespread outages. Detecting CCA in the cyber layer is critical to thwart cyber-attacks in real-time before the attack impacts the physical system. The challenge of locating CCA stems from the complex grid dynamics, making it difficult to distinguish between normal operational variations and cyber-attack impact. CCA often employs multiple attack vectors targeting geographically distributed components, further complicating CCA identification. Existing research in intrusion detection is primarily focused on the transmission network and limited to detecting individual attacks. In this paper, a novel proactive DCA strategy is proposed for early detection of CCA by establishing correlations among distinct attack events through model-based reinforcement learning that utilizes abductive reasoning to conclude the attacker goal. The solution includes understanding the system model, learning the system dynamics, and correlating individual cyber-attacks to extract the attacker’s objective. The developed learning algorithm identifies the most probable attack path to reach the attacker’s objective by predicting the next attack steps. A DNP3-based cyber-physical co-simulation testbed is developed to test the proposed algorithm using the IEEE 13-node test feeder.

Research Organization:
Univ. of Central Florida, Orlando, FL (United States); Virginia Polytechnic Inst. and State Univ. (Virginia Tech), Blacksburg, VA (United States)
Sponsoring Organization:
USDOE Office of Energy Efficiency and Renewable Energy (EERE), Renewable Power Office. Solar Energy Technologies Office
Grant/Contract Number:
EE0009339
OSTI ID:
2525449
Journal Information:
IEEE Open Access Journal of Power and Energy, Journal Name: IEEE Open Access Journal of Power and Energy Vol. 11; ISSN 2687-7910
Publisher:
IEEECopyright Statement
Country of Publication:
United States
Language:
English

References (30)

SCADA modeling for performance and vulnerability assessment of integrated cyber-physical systems
  • Stefanov, Alexandru; Liu, Chen-Ching; Govindarasu, Manimaran
  • International Transactions on Electrical Energy Systems, Vol. 25, Issue 3 https://doi.org/10.1002/etep.1862
journal December 2013
Lifelong control of off-grid microgrid with model-based reinforcement learning journal October 2021
Commodity market exposure to energy-firm distress: Evidence from the Colonial Pipeline ransomware attack journal January 2023
Coordinated data falsification attack detection in the domain of distributed generation using deep learning journal January 2022
Man‐in‐the‐middle attacks and defence in a power system cyber‐physical testbed journal June 2021
Large scale dynamic security screening and ranking using neural networks journal May 1997
Defending Against Data Integrity Attacks in Smart Grid: A Deep Reinforcement Learning-Based Approach journal January 2019
Method for Extracting Patterns of Coordinated Network Attacks on Electric Power CPS Based on Temporal–Topological Correlation journal January 2020
Hybrid Control Network Intrusion Detection Systems for Automated Power Distribution Systems
  • Parvania, Masood; Koutsandria, Georgia; Muthukumary, Vishak
  • 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks https://doi.org/10.1109/DSN.2014.81
conference June 2014
DBSCAN on Resilient Distributed Datasets conference July 2015
Vulnerability analysis for simultaneous attack in smart grid security conference April 2017
Saudi Arabia's response to cyber conflict: A case study of the Shamoon malware incident conference June 2013
Decentralized Intrusion Prevention (DIP) Against Co-Ordinated Cyberattacks on Distribution Automation Systems journal January 2020
Cyberattack Correlation and Mitigation for Distribution Systems via Machine Learning journal January 2023
A coordinated cyber attack detection system (CCADS) for multiple substations conference June 2016
Nomograms for assistance in voltage security visualization conference March 2009
A reinforcement learning approach for sequential decision-making process of attacks in smart grid conference November 2017
A World Model Based Reinforcement Learning Architecture for Autonomous Power System Control conference October 2021
Coordinated Topology Attacks in Smart Grid Using Deep Reinforcement Learning journal February 2021
A Multistage Game in Smart Grid Security: A Reinforcement Learning Solution journal September 2019
Real-time intrusion detection in power system operations journal May 2013
Distributed Intrusion Detection System in a Multi-Layer Network Architecture of Smart Grids journal December 2011
Integrated Anomaly Detection for Cyber Security of the Substations journal July 2014
Converter-Based Moving Target Defense Against Deception Attacks in DC Microgrids journal September 2022
Detection of Falsified Commands on a DER Management System journal March 2022
Enhancing Cyber-Resiliency of DER-Based Smart Grid: A Survey journal September 2024
Machine Learning-based Intrusion Detection for Smart Grid Computing: A Survey journal April 2023
Cyber–Physical System Security of Distribution Systems journal January 2021
Coordinated Cyber-Attack Detection Model of Cyber-Physical Power System Based on the Operating State Data Link journal April 2021
Cyber-attacks to critical energy infrastructure and management issues: overview of selected cases journal September 2020

Similar Records

Related Subjects

24 POWER TRANSMISSION AND DISTRIBUTION
97 MATHEMATICS AND COMPUTING
Abductive reasoning
abductive reasoning
coordinated attacks
cyber-physical systems
cyberattacks
cybersecurity
distribution systems
intrusion detection
model-based reinforcement learning
smart grid