Abstract

In this paper, we analyze control-related attacks in supervisory control and data acquisition systems for power grids. This class of attacks introduces a serious threat to power systems, because attackers can directly change the system's physical configuration using malicious control commands crafted in a legitimate format. To detect such attacks, we propose a semantic analysis framework that integrates network intrusion detection systems with a power flow analysis capable of estimating the execution consequences of control commands. To balance detection accuracy and latency, the parameters of the power flow analysis algorithm are dynamically adapted according to real-time system dynamics. Our experiments on IEEE 24-bus, 30-bus, and 39-bus systems and a 2736-bus system demonstrate that by opening three transmission lines, an attacker can put the tested system into an insecure state, and the semantic analysis can complete detection in 200 ms for the large-scale 2736-bus system with about 0.78% false positives and 0.01% false negatives, which allow for timely responses to intrusions.

Original languageEnglish (US)
Pages (from-to)163-178
Number of pages16
JournalIEEE Transactions on Smart Grid
Volume9
Issue number1
DOIs
StatePublished - Jan 2018

Keywords

  • Adaptive power flow analysis
  • Bro
  • Intrusion detection system
  • Semantic analysis
  • Supervisory control and data acquisition (SCADA)

ASJC Scopus subject areas

  • Computer Science(all)

Fingerprint Dive into the research topics of 'Runtime semantic security analysis to detect and mitigate control-related attacks in power grids'. Together they form a unique fingerprint.

  • Cite this