Attacks and countermeasures in communications and power networks

The threat of malicious network attacks has become significant ever since networking became pervasive in our life. When adversaries have enough control over the network measurements and control procedures, the effect of attacks can be as detrimental as the breakdown of the whole network operations. This dissertation studies possible adversarial effects under certain protection strategy, the conditions under which attacks can be detected, and protection strategies to render attacks detectable. Specifically, attacks on two types of networks are considered: communications networks and power networks. First, we consider an attack on communications networks, where a pair of nodes are suspected to belong to the chain of compromised nodes used by the adversary. If the pair belongs to the compromised chain, it forwards attack packets along the chain, and thus there should exist an information flow between the pair. Detection of an information flow based on node transmission timings is formulated as a binary composite hypothesis testing. An unsupervised and nonparametric detector with linear complexity is proposed and tested with real-world TCP traces and MSN VoIP traces. The detector is proved to be consistent for a class of nonhomogeneous Poisson processes. Secondly, the topology attack on power networks is studied. In a so-called man-in-the-middle topology attack, an adversary alters data from certain meters and network switches to mislead the control center with an incorrect network topology while avoiding detection by the control center. A necessary and sufficient condition for the existence of an undetectable attack is obtained, and countermeasures to prevent undetectable attacks are presented. It is shown that any topology attack is detectable if a set of meters satisfying a certain branch covering property are protected from adversarial data modification. The proposed attacks are tested with IEEE 14-bus and IEEE 118-bus system, and their effect on real-time locational marginal pricing is examined. Lastly, a new attack mechanism aimed at misleading the power system control center about the source of data attacks is proposed. As a man-in-the-middle state attack, a data framing attack is proposed to exploit the bad data detection and identification mechanisms at the control center. In particular, the proposed attack frames normal meters as sources of bad data and causes the control center to remove useful measurements from the framed meters. The optimal design of data framing attack is formulated as a quadratically constrained quadratic program (QCQP). It is shown that the proposed attack is capable of perturbing the power system state estimate by an arbitrary degree using only half of the critical measurements. Implications of this attack on power system operations are discussed, and the attack performance is evaluated using benchmark systems.

[1]  Nikita Borisov,et al.  RAINBOW: A Robust And Invisible Non-Blind Watermark for Network Flows , 2009, NDSS.

[2]  M. Ribbens-Pavella,et al.  Bad Data Identification Methods In Power System State Estimation-A Comparative Study , 1985, IEEE Transactions on Power Apparatus and Systems.

[3]  O. Alsaç,et al.  Generalized state estimation , 1998 .

[4]  Rong Zheng,et al.  Bad data injection in smart grid: attack and defense mechanisms , 2013, IEEE Communications Magazine.

[5]  G. Krumpholz,et al.  Power System Observability: A Practical Algorithm Using Network Topology , 1980, IEEE Transactions on Power Apparatus and Systems.

[6]  Kameshwar Poolla,et al.  Smart grid data integrity attacks: characterizations and countermeasuresπ , 2011, 2011 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[7]  Vern Paxson,et al.  Multiscale Stepping-Stone Detection: Detecting Pairs of Jittered Interactive Streams by Exploiting Maximum Tolerable Delay , 2002, RAID.

[8]  Xuxian Jiang,et al.  A First Step towards Live Botmaster Traceback , 2008, RAID.

[9]  Douglas S. Reeves,et al.  Adaptive Watermarking against Deliberate Random Delay for Attack Attribution through Stepping Stones ? , .

[10]  H. Vincent Poor,et al.  Distributed joint cyber attack detection and state recovery in smart grids , 2011, 2011 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[11]  Liyan Jia,et al.  On the nonlinearity effects on malicious data attack on power system , 2012, 2012 IEEE Power and Energy Society General Meeting.

[12]  Sushil Jajodia,et al.  Tracking anonymous peer-to-peer VoIP calls on the internet , 2005, CCS '05.

[13]  M. Ribbens-Pavella,et al.  Hypothesis Testing Identification: A New Method For Bad Data Analysis In Power System State Estimation , 1984, IEEE Transactions on Power Apparatus and Systems.

[14]  Douglas S. Reeves,et al.  Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays , 2003, CCS '03.

[15]  Walter Willinger,et al.  On the self-similar nature of Ethernet traffic , 1993, SIGCOMM '93.

[16]  Thomas J. Overbye,et al.  Topology Perturbation for Detecting Malicious Data Injection , 2012, 2012 45th Hawaii International Conference on System Sciences.

[17]  Peng Ning,et al.  Active timing-based correlation of perturbed traffic flows with chaff packets , 2005, 25th IEEE International Conference on Distributed Computing Systems Workshops.

[18]  Nikita Borisov,et al.  SWIRL: A Scalable Watermark to Detect Correlated Network Flows , 2011, NDSS.

[19]  R. Christensen Plane Answers to Complex Questions: The Theory of Linear Models. , 1997 .

[20]  Lamine Mili,et al.  A robust estimation method for topology error identification , 1999 .

[21]  Lang Tong,et al.  On Topology Attack of a Smart Grid: Undetectable Attacks and Countermeasures , 2013, IEEE Journal on Selected Areas in Communications.

[22]  A. Monticelli Modeling circuit breakers in weighted least squares state estimation , 1993 .

[23]  A. Simoes Costa,et al.  Power system state and topology coestimation , 2010, 2010 IREP Symposium Bulk Power System Dynamics and Control - VIII (IREP).

[24]  Zafer Sahinoglu,et al.  On multimedia networks: self-similar traffic and network performance , 1999, IEEE Commun. Mag..

[25]  Lamine Mili,et al.  Identification of multiple interacting bad data via power system decomposition , 1996 .

[26]  Nasir D. Memon,et al.  Efficient Detection of Delay-Constrained Relay Nodes , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[27]  Lang Tong,et al.  Malicious Data Attacks on the Smart Grid , 2011, IEEE Transactions on Smart Grid.

[28]  Zhu Han,et al.  Defending false data injection attack on smart grid network using adaptive CUSUM test , 2011, 2011 45th Annual Conference on Information Sciences and Systems.

[29]  Azer Bestavros,et al.  Self-similarity in World Wide Web traffic: evidence and possible causes , 1996, SIGMETRICS '96.

[30]  I. S. Costa,et al.  Identification of topology errors in power system state estimation , 1993 .

[31]  Zhu Han,et al.  Coordinated data-injection attack and detection in the smart grid: A detailed look at enriching detection solutions , 2012, IEEE Signal Processing Magazine.

[32]  Tom Chothia,et al.  A Survey of Anonymous Peer-to-Peer File-Sharing , 2005, EUC Workshops.

[33]  Peng Ning,et al.  Tracing Traffic through Intermediate Hosts that Repacketize Flows , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[34]  Felix F. Wu,et al.  Network Observability: Identification of Observable Islands and Measurement Placement , 1985, IEEE Power Engineering Review.

[35]  Yong Guan,et al.  Detection of stepping stone attack under delay and chaff perturbations , 2006, 2006 IEEE International Performance Computing and Communications Conference.

[36]  Peter Kruus,et al.  In-Band Wormholes and Countermeasures in OLSR Networks , 2006, 2006 Securecomm and Workshops.

[37]  Christof Paar,et al.  Understanding Cryptography: A Textbook for Students and Practitioners , 2009 .

[38]  Jie Wu,et al.  Survey on anonymous communications in computer networks , 2010, Comput. Commun..

[39]  Klara Nahrstedt,et al.  Detecting False Data Injection Attacks on DC State Estimation , 2010 .

[40]  A. Monticelli State estimation in electric power systems : a generalized approach , 1999 .

[41]  Ali Abur,et al.  A robust WLAV state estimator using transformations , 1992 .

[42]  Peng Ning,et al.  False data injection attacks against state estimation in electric power grids , 2011, TSEC.

[43]  Ying Jun Zhang,et al.  Defending mechanisms against false-data injection attacks in the power system state estimation , 2011, 2011 IEEE GLOBECOM Workshops (GC Wkshps).

[44]  E. Handschin,et al.  Bad data analysis for power system state estimation , 1975, IEEE Transactions on Power Apparatus and Systems.

[45]  G. Contaxis,et al.  Identification and updating of minimally dependent sets of measurements in state estimation , 1991 .

[46]  A. Monticelli,et al.  Multiple Bad Data Detectability and Identifiability: A Geometric Approach , 1986, IEEE Transactions on Power Delivery.

[47]  Nasir D. Memon,et al.  Online Sketching of Network Flows for Real-Time Stepping-Stone Detection , 2009, 2009 Annual Computer Security Applications Conference.

[48]  M. Vidyasagar,et al.  Bad Data Rejection Properties of Weughted Least Absolute Value Techniques Applied to Static State Estimation , 1982, IEEE Transactions on Power Apparatus and Systems.

[49]  Lang Tong,et al.  Malicious data attack on real-time electricity market , 2011, 2011 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[50]  L. Tong,et al.  Malicious Data Attacks on Smart Grid State Estimation: Attack Strategies and Countermeasures , 2010, 2010 First IEEE International Conference on Smart Grid Communications.

[51]  Lang Tong,et al.  Detection of Information Flows , 2008, IEEE Transactions on Information Theory.

[52]  Lamine Mili,et al.  Robust state estimation of electric power systems , 1994 .

[53]  A. Abur,et al.  A fast algorithm for the weighted least absolute value state estimation (for power systems) , 1991 .

[54]  David R. Karger,et al.  A new approach to the minimum cut problem , 1996, JACM.

[55]  Dawn Xiaodong Song,et al.  Detection of Interactive Stepping Stones: Algorithms and Confidence Bounds , 2004, RAID.

[56]  K. Clements,et al.  Bayesian-based hypothesis testing for topology error identification in generalized state estimation , 2004, IEEE Transactions on Power Systems.

[57]  K. Clements,et al.  Detection and identification of topology errors in electric power systems , 1988 .

[58]  A. Ott,et al.  Experience with PJM market operation, system design, and implementation , 2003 .

[59]  Bruno Sinopoli,et al.  False Data Injection Attacks in Electricity Markets , 2010, 2010 First IEEE International Conference on Smart Grid Communications.

[60]  Douglas S. Reeves,et al.  Robust Correlation of Encrypted Attack Traffic through Stepping Stones by Flow Watermarking , 2011, IEEE Transactions on Dependable and Secure Computing.

[61]  Sally Floyd,et al.  Wide area traffic: the failure of Poisson modeling , 1995, TNET.

[62]  Henrik Sandberg,et al.  Stealth Attacks and Protection Schemes for State Estimators in Power Systems , 2010, 2010 First IEEE International Conference on Smart Grid Communications.

[63]  Ali Abur,et al.  Identifying the unknown circuit breaker statuses in power networks , 1995 .

[64]  Adl.V. Jaen,et al.  Substation data validation by a local three-phase generalized state estimator , 2005, IEEE Transactions on Power Systems.

[65]  Henrik Sandberg,et al.  Network-layer protection schemes against stealth attacks on state estimators in power systems , 2011, 2011 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[66]  Felix F. Wu,et al.  Detection of Topology Errors by State Estimation , 1989, IEEE Power Engineering Review.

[67]  Karl Henrik Johansson,et al.  On Security Indices for State Estimators in Power Networks , 2010 .

[68]  Fernando L. Alvarado,et al.  Weighted Least Absolute Value state estimation using interior point methods , 1994 .

[69]  H. Vincent Poor,et al.  Strategic Protection Against Data Injection Attacks on Power Grids , 2011, IEEE Transactions on Smart Grid.