Research On Moving Target Defense For Smart Grid Cyber-Physical Security

Smart grids have evolved into a typical cyber-physical system(CPS)as the communication network within them is interconnected with wide area network(WAN).However,power systems are at risk of cyberattacks owing to the close integration of cyberspace and physical space,and the difficulties in system operation and planning are increased owing to cross-area interconnection of power grids.Before launching cyberattacks,an attacker usually needs to gather sufficient knowledge about the CPS infrastructure from network resources.Based on this,powerful cyberattacks are designed,such as false data injection attacks(FDIA),which are dangerously covert and barely detectable for general passive defense techniques.Supervisory control and data acquisition(SCADA)system,as one of the critical infrastructures incorporated within smart grids,plays an important role in the operation and management of power system.To achieve wide-area sensing and intelligent monitoring for smart grids,SCADA system integrates modern computing and communication technologies into intelligent electronic devices(IED)deployed in substations,e.g.,remote terminal units(RTU),programmable logic controller(PLC).This integration opens up new attack vectors: IEDs can become targets of cyberattacks and carriers of knowledge about power systems.Therefore,the security of smart grid communication network needs urgent research.This article first partitions large-scale power system into zones to alleviate the problem of massive data processing,and then designs a proactive defense strategy–moving target defense(MTD)to harden the security of smart grids.The main contributions can be summarized as follows:· We propose a power system zone partitioning method considering transmission congestion.Owing to the transmission capacity limitation,transmission congestion may occur with a regional influence on power systems.Considering this problem,we use an improved spectral clustering algorithm to partition the system into zones based on transmission congestion identification.In our method,the zone partitioning problem is transformed into a graph segmentation problem by abstracting the power system as an undirected weighted graph,where the similarities between buses are measured by the power transfer distribution factor(PTDF)corresponding to the potential congested branches.Zone partitioning results show that the locational marginal price(LMP)in the same zone is similar,which can represent regional price signals and provide regional auxiliary decisions.· We design an MTD technique based on adaptive forwarding path migration(AFPM)for the SCADA network.Static characteristics of SCADA system are often exploited to perform malicious activities on smart grids.AFPM focuses on improving the defense capability and optimizing the network performance of path mutation with the purpose of addressing the two major problems existing in the current studies of path mutation.Considering the transient problems caused by the dynamic switching of the forwarding path,we formalize the mutation constraints based on the satisfiability modulo theory(SMT)to select the forwarding path.Considering the limited defense capability of the traditional path mutation mechanism,we design the mutation path generation algorithm based on the network security capacity matrix to obtain an optimal combination of mutation path and mutation period.Finally,we compare and analyze various cyber defense techniques used in the SCADA network,and demonstrate experimentally that AFPM is effective against passive monitoring while ensuring the quality of service(Qo S).· We propose an MTD technique based on measurement selection randomization against coordinated cyber-physical attack(CCPA)for smart grids.This kind of attack may lead to large-scale line outages,or even cascading failures,because the impact of the physical attack can be covered by the coordinated cyberattack.Our MTD strategy focuses on applying controlled randomization to the measurements considered in state estimation with the purpose of invalidating the knowledge that is required for the adversary to launch false data injection attacks(FDIA).To ensure that the system is observable by the measurement set adopted for state estimation,we establish the MTD model based on the observability constraints to guide the selection of the measurement set.We take the attacked state as the evaluation metric and demonstrate the effectiveness of our MTD strategy through extensive simulations.· We propose a network-based multidimensional MTD(NMMTD)technique for smart grids.FDIA designers need to derive the measurement matrix used in state estimation from historical measurements.NMMTD focuses on expanding the attack space into multiple dimensions by randomizing the attackers’ data acquisition in multiple rounds with the purpose of disrupting the development of FDIA in the preparation stage.To reduce the traffic burden,we design the packet random dropping policy for end-to-end oblivious communications.We demonstrate the effectiveness of NMMTD in preventing attackers from intercepting data packets and securing power system against FDIA with little impact on both the network and system performances.· We design a cyber-physical MTD(CPMTD)technique based on a bi-level framework for smart grids.Static characteristics of the system enable an easier vulnerability analysis of the critical infrastructures by the adversary with a strong capability of strategic reconnaissance required for FDIA-like cyberattacks.CPMTD combines the Cyber-MTD and Physical-MTD strategies to prevent FDIA-like cyberattacks and improve FDIA detection.Among them,Cyber-MTD uses the NMMTD developed by the previous work to mislead and disrupt FDIA-like cyberattacks during attack preparation,and Physical-MTD changes the measurement matrix of state estimation by periodically disturbing the transmission line susceptances to delay and mitigate FDIA in the execution stage.Finally,we evaluate the network performance of CPMTD through network security analysis in two attack cases,and demonstrate the improvement of FDIA detection without significantly increasing operation cost.