TY - JOUR
T1 - RAINCOAT: RAndomization of Network Communication in Power Grid Cyber INfrastructure to Mislead Attackers
AU - Lin, Hui
AU - Kalbarczyk, Zbigniew
AU - Iyer, Ravishankar K.
N1 - Funding Information:
This work was supported in part by the Department of Energy under Award DE-OE0000780, and in part by the National Science Foundation under Award CNS 1314891. Paper no. TSG-00048-2018.
Publisher Copyright:
© 2018 IEEE.
PY - 2018/9
Y1 - 2018/9
N2 - Though attackers aim to introduce different physical perturbations on power grids, they need to rely on periodic data acquisitions performed by control centers to estimate the physical state of the grid and thus to prepare for destructive activities. In this paper, we present Raincoat, which randomizes data acquisitions to disrupt and mislead attackers’ preparations. We transform one data acquisition into multiple rounds. In each round, we dynamically manipulate network flows in the control networks so that randomly selected “online” devices respond with real measurements. Meanwhile, we intelligently spoof measurements for other “offline” devices to mislead attackers into designing ineffective strategies. Based on experiments using large-scale power systems and six real wide area networks, Raincoat is effective against false data injection and control-related attacks with small overhead. The probability of successful attacks can be reduced from 70% to 1%; attacks introduce little damage even if they are executed. Network latency of data acquisition increases on average by less than 6%.
AB - Though attackers aim to introduce different physical perturbations on power grids, they need to rely on periodic data acquisitions performed by control centers to estimate the physical state of the grid and thus to prepare for destructive activities. In this paper, we present Raincoat, which randomizes data acquisitions to disrupt and mislead attackers’ preparations. We transform one data acquisition into multiple rounds. In each round, we dynamically manipulate network flows in the control networks so that randomly selected “online” devices respond with real measurements. Meanwhile, we intelligently spoof measurements for other “offline” devices to mislead attackers into designing ineffective strategies. Based on experiments using large-scale power systems and six real wide area networks, Raincoat is effective against false data injection and control-related attacks with small overhead. The probability of successful attacks can be reduced from 70% to 1%; attacks introduce little damage even if they are executed. Network latency of data acquisition increases on average by less than 6%.
KW - Moving target defense
KW - SCADA
KW - decoy attacks
KW - software-defined networking
UR - http://www.scopus.com/inward/record.url?scp=85053295280&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85053295280&partnerID=8YFLogxK
U2 - 10.1109/TSG.2018.2870362
DO - 10.1109/TSG.2018.2870362
M3 - Article
AN - SCOPUS:85053295280
SN - 1949-3053
VL - 10
SP - 4893
EP - 4906
JO - IEEE Transactions on Smart Grid
JF - IEEE Transactions on Smart Grid
IS - 5
ER -