Abstract
Recent public disclosures on attacks targeting the power industry showed that savvy attackers are now capable of occulting themselves from conventional rule-based network intrusion detection systems (IDS), bringing about serious threats. In order to leverage the work of rule-based IDS, this paper presents an artificially intelligent physical-model-checking intrusion detection framework capable of detecting tampered-with control commands from control centers of power grids. Unlike the work presented in the literature, the work in this paper utilizes artificial intelligence (AI) to learn the load flow characteristics of the power system and benefits from the fast responses of the AI to decode and understand contents of network packets. The output of the AI is processed through an expert system to verify that incoming control commands do not violate the physical system operational constraints and do not put the power system in an insecure state. The proposed content-aware IDS is tested in simulation on a 14-bus IEEE benchmark system. Experimental verification on a small power system, with an IEC 61850 network architecture is also carried out. The results showed the accuracy of the proposed framework in successfully detecting malicious and/or erroneous control commands.
Highlights
The software embedded into the agents has two threads running in the circuit breakers connected to Generator 1 (G1), Load 1 (L1), the Long Path (LP) connecting busses 1 parallel
The results show busses that the1 circuit breakers connected to Generator 1 (G1), Load 1 (L1), the Long Path (LP) connecting model accurately represents the actual system
This paper presented a cyber-security algorithm, which utilizes artificial intelligence techniques, to defend against bad control commands targeting circuit breakers in power systems
Summary
Resilient and secure operation of the power grid relies on judicious cooperation between several cyber and physical entities. [1] presented how a switching control command could be manipulated by an attacker to maliciously open circuit breakers causing blackouts. Recent public disclosures emphasized the brutality of control-related attacks on critical processes, such as the Stuxnet and the Crash Override malwares targeting industrial control systems and power plants [5,6]. Notwithstanding the fact that the aforementioned attacks targeted critical infrastructure, the gravity of these attacks is accentuated by their ability to obscure themselves from conventional rule-based Intrusion Detection Systems (IDS)s. In such attacks, the modified control fields are re-encoded in the proper packet format before being transmitted on the network [1,7]. There is a need for new innovative solutions that detect attacks that might disrupt of the operation of the power grid
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
