Figure 5 - uploaded by Maruthi T. Ravichandran
Content may be subject to copyright.
Source publication
Critical infrastructure systems (i.e., power plants, transportation networks, chemical plants, etc.) and their sensor networks are vulnerable to cyber-physical attacks. Cyber-attacks refer to the malicious manipulation of the sensor data, while physical attacks refer to the intentional damage of the plant components, by an adversary. The goal of th...
Citations
... By compromising the DER inverters, the attacker can severely deteriorate or collapse the microgrids, resulting in a significant loss of power systems. Different attacks have been proposed in recent years, among which the power bot attack is a critical threat to reliable inverter operations owing to its complexity and drastic destruction [10,11]. A single attack scheme, such as simply modifying the parameters of an inverter's controller, is likely to be detected [1,12]. ...
... Specifically, the attacker can modify the topologies and parameters of inverters' controllers and manipulate the data exchanged among different DERs. An illustration of the three power bot attack types and the established cyber-secured detection method is shown in Fig. 2. To effectively identify the three types of attacks, the devised coordinated detection method utilizes two real-time detectors: a synchronous detector (SD) [11] and a Duffing oscillator detector (DOD) [27]. To ensure the real-time power bot attack detection and normal uninterrupted DER operations, two combined sinusoidal signals with low magnitudes are applied as probe signals with the following two features: ① probe signals pose no impact on the DER inverter performance, and ② probe signals cannot be easily eavesdropped owing to the programmable characteristics. ...
... the frequency f, and ε is a small threshold. The designed probe signals ensure that their impact on the target DERs within one period is zero; in other words, the probe signals do not change the overall DER controller performance, and thus, the disturbances to the physical systems can also be avoided [1,11]. Specifically, the probe signals s d (t) and s q (t) in Fig. 2 can be expressed as follows: ...
Communication-dependent and software-based distributed energy resources (DERs) are extensively integrated into modern microgrids, providing extensive benefits such as increased distributed controllability, scalability, and observability. However, malicious cyber-attackers can exploit various potential vulnerabilities. In this study, a programmable adaptive security scanning (PASS) approach is presented to protect DER inverters against various power bot attacks. Specifically, three different types of attacks, namely controller manipulation, replay, and injection attacks, are considered. This approach employs both software-defined networking technique and a novel coordinated detection method capable of enabling programmable and scalable networked microgrids (NMs) in an ultra-resilient, time-saving, and autonomous manner. The coordinated detection method efficiently identifies the location and type of power-bot attacks without disrupting normal NM operations. Extensive simulation results validate the efficacy and practicality of the PASS for securing NMs.
... STATE OF DETECTOR SIGNALS UNDER NORMAL OPERATIONbe adjusted whenever necessary. The attack detection function can be a shifting window average as follows[6] ...
An active synchronous detection method (ASDM) is presented to detect deception attacks on inverter controllers in microgrids without impeding system operations. First, microgrid control center generates specified small probing signals and inject them into controllers. The output signals are then obtained and compared with pre-determined values to locate infracted controller components. Test results show that ASDM can quickly and precisely detect various deception attacks in microgrids.
This paper proposes a probing signal-based replay attack detection method that avoids control performance degradation. Employing probing signals in actuators to detect replay attacks is a well-known and effective strategy: the replay attack replaces the sensor reading with stored sensor data, and thus, no response to the probing signal is present at the sensor. Applying the probing signal, however, introduces a perturbation to the actual system output, which is either regulated to a reference value or controlled to track a desired trajectory. Therefore, the probing signal enables attack detection but simultaneously yields control performance degradation. Clearly, a trade-off exists upon determining the probing signal: a larger amplitude increases the detection probability, especially in the presence of measurement noise, but degrades the control performance; a smaller amplitude of probing signal affects the control performance less but lowers the attack detectability. To address this problem, a disturbance observer (DOB) approach is proposed in this work, where the effect of the probing signal is compensated at the output and the anomaly is detected by looking at the output of the DOB instead of the system. In this way, probing is still effective for replay attack detection, but the regulation and/or tracking performance of the system is compromised much less. An optimization of DOB parameters is presented to satisfy specifications for both attack detection probability and control performance. Simulation results on vehicle platooning and experiment results using unmanned ground vehicle system are presented that validate the efficacy of the proposed method.
