| 1. |
|
|
| 2. |
- Delcourt, Marguerite, et al.
(författare)
-
Time-Synchronization Attack Detection in Unbalanced Three-Phase Systems
- 2021
-
Ingår i: IEEE Transactions on Smart Grid. - : IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC. - 1949-3053 .- 1949-3061. ; 12:5, s. 4460-4470
-
Tidskriftsartikel (refereegranskat)abstract
- Phasor measurement units (PMU) rely on an accurate time-synchronization to phase-align the phasors and timestamp the voltage and current phasor measurements. Among the symmetrical components computed from the phasors in three-phase systems, the standard practice only uses the direct-sequence component for state estimation and bad data detection (BDD). Time-synchronization attacks (TSAs) can compromise the measured phasors and can, thus, significantly alter the state estimate in a manner that is undetectable by widely used power-system BDD algorithms. In this paper we investigate the potential of utilizing the three-phase model instead of the direct-sequence model for mitigating the vulnerability of state estimation to undetectable TSAs. We show analytically that if the power system is unbalanced then the use of the three-phase model as input to BDD algorithms enables to detect attacks that would be undetectable if only the direct-sequence model was used. Simulations performed on the IEEE 39-bus benchmark using real load profiles recorded on the grid of the city of Lausanne confirm our analytical results. Our results provide a new argument for the adoption of three-phase models for BDD, as their use is a simple, yet effective measure for reducing the vulnerability of PMU measurements to TSAs.
|
|
| 3. |
- Kazari, Kiarash, et al.
(författare)
-
Decentralized Anomaly Detection in Cooperative Multi-Agent Reinforcement Learning
- 2023
-
Ingår i: Proceedings of the 32nd International Joint Conference on Artificial Intelligence, IJCAI 2023. - : International Joint Conferences on Artificial Intelligence. ; , s. 162-170
-
Konferensbidrag (refereegranskat)abstract
- We consider the problem of detecting adversarial attacks against cooperative multi-agent reinforcement learning. We propose a decentralized scheme that allows agents to detect the abnormal behavior of one compromised agent. Our approach is based on a recurrent neural network (RNN) trained during cooperative learning to predict the action distribution of other agents based on local observations. The predicted distribution is used for computing a normality score for the agents, which allows the detection of the misbehavior of other agents. To explore the robustness of the proposed detection scheme, we formulate the worst-case attack against our scheme as a constrained reinforcement learning problem. We propose to compute an attack policy via optimizing the corresponding dual function using reinforcement learning. Extensive simulations on various multi-agent benchmarks show the effectiveness of the proposed detection scheme in detecting state of the art attacks and in limiting the impact of undetectable attacks.
|
|
| 4. |
- Santas, Serkan, et al.
(författare)
-
Continuous authentication security games
- 2021
-
Ingår i: Game Theory and Machine Learning for Cyber Security. - : Wiley. ; , s. 180-203
-
Bokkapitel (övrigt vetenskapligt/konstnärligt)
|
|
| 5. |
- Saritas, Serkan, et al.
(författare)
-
Adversarial Attacks on Continuous Authentication Security: A Dynamic Game Approach
- 2019
-
Ingår i: 10th International Conference, GameSec 2019, Stockholm, Sweden, October 30 – November 1, 2019, Proceedings. - Cham : Springer International Publishing. ; , s. 439-458
-
Konferensbidrag (refereegranskat)abstract
- Identity theft through phishing and session hijacking attacks has become a major attack vector in recent years, and is expected to become more frequent due to the pervasive use of mobile devices. Continuous authentication based on the characterization of user behavior, both in terms of user interaction patterns and usage patterns, is emerging as an effective solution for mitigating identity theft, and could become an important component of defense-in-depth strategies in cyber-physical systems as well. In this paper, the interaction between an attacker and an operator using continuous authentication is modeled as a stochastic game. In the model, the attacker observes and learns the behavioral patterns of an authorized user whom it aims at impersonating, whereas the operator designs the security measures to detect suspicious behavior and to prevent unauthorized access while minimizing the monitoring expenses. It is shown that the optimal attacker strategy exhibits a threshold structure, and consists of observing the user behavior to collect information at the beginning, and then attacking (rather than observing) after gathering enough data. From the operator’s side, the optimal design of the security measures is provided. Numerical results are used to illustrate the intrinsic trade-off between monitoring cost and security risk, and show that continuous authentication can be effective in minimizing security risk.
|
|
| 6. |
- Shahrivar, Pojan, et al.
(författare)
-
Detecting Web Application DAST Attacks with Machine Learning
- 2023
-
Ingår i: Proceedings - 2023 IEEE Conference on Dependable and Secure Computing, DSC 2023. - : Institute of Electrical and Electronics Engineers (IEEE).
-
Konferensbidrag (refereegranskat)abstract
- Dynamic application security testing (DAST) scanning consists of automated requests to web applications with the goal of uncovering exploitable vulnerabilities. While the legitimate use of scanners aids development teams in improving security postures, they are often used by malicious actors in a brute-force manner for attack reconnaissance with a view to eventual compromise. Despite this threat from misuse of DAST to web applications and the critical data they handle, security mechanisms are lacking, with threshold-based classifiers suffering from being overly sensitive, causing excessive false positives. This paper demonstrates the first application of machine learning to specifically detect DAST attacks that augments a next-generation web application firewall implementing OWASP's AppSensor framework. Avoiding the brittle threshold approach and using tumbling windows of time to generate aggregated event features from source IPs, twelve random forest models are trained on millions of real-world events. Results show an optimal window size of 60 seconds achieves an F1 score of 0.94 and a miss rate of 6% on average across three production-grade web applications.
|
|
| 7. |
- Shereen, Ezzeldin, et al.
(författare)
-
A Reinforcement Learning Approach to Undetectable Attacks Against Automatic Generation Control
- 2024
-
Ingår i: IEEE Transactions on Smart Grid. - : Institute of Electrical and Electronics Engineers (IEEE). - 1949-3053 .- 1949-3061. ; 15:1, s. 959-972
-
Tidskriftsartikel (refereegranskat)abstract
- Automatic generation control (AGC) is an essential functionality for ensuring the stability of power systems, and its secure operation is thus of utmost importance to power system operators. In this paper, we investigate the vulnerability of AGC to false data injection attacks that could remain undetected by traditional detection methods based on the area control error (ACE) and the recently proposed unknown input observer (UIO). We formulate the problem of computing undetectable attacks as a multi-objective partially observable Markov decision process. We propose a flexible reward function that allows to explore the trade-off between attack impact and detectability, and use the proximal policy optimization (PPO) algorithm for learning efficient attack policies. Through extensive simulations of a 3-area power system, we show that the proposed attacks can drive the frequency beyond critical limits, while remaining undetectable by state-of-the-art algorithms employed for fault and attack detection in AGC. Our results also show that detectors trained using supervised and unsupervised machine learning can both significantly outperform existing detectors.
|
|
| 8. |
- Shereen, Ezzeldin, et al.
(författare)
-
Adversarial Robustness of Multi-agent Reinforcement Learning Secondary Control of Islanded Inverter-based AC Microgrids
- 2023
-
Ingår i: 2023 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2023 - Proceedings. - : Institute of Electrical and Electronics Engineers (IEEE).
-
Konferensbidrag (refereegranskat)abstract
- Secondary control of voltage magnitude and frequency is essential to the stable and secure operation of microgrids (MGs). Recent years have witnessed an increasing interest in developing secondary controllers based on multi-agent reinforcement learning (MARL), in order to replace existing model-based controllers. Nonetheless, unlike the vulnerabilities of model-based controllers, the vulnerability of MARLbased MG secondary controllers has so far not been addressed. In this paper, we investigate the vulnerability of MARL controllers to false data injection attacks (FDIAs). Based on a formulation of MG secondary control as a partially observable stochastic game (POSG), we propose to formulate the problem of computing FDIAs as a partially observable Markov decision process (POMDP), and we use state-of-the-art RL algorithms for solving the resulting problem. Based on extensive simulations of a MG with 4 distributed generators (DGs), our results show that MARL-based secondary controllers are more resilient to FDIAs compared to state of the art model-based controllers, both in terms of attack impact and in terms of the effort needed for computing impactful attacks. Our results can serve as additional arguments for employing MARL in future MG control.
|
|
| 9. |
- Shereen, Ezzeldin, et al.
(författare)
-
Correlation-based Detection of PMU Time Synchronization Attacks
- 2018
-
Ingår i: 2018 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2018. - 9781538679548
-
Konferensbidrag (refereegranskat)abstract
- Real-time monitoring and control in power systems is increasingly dependent on Phasor Measurement Units (PMUs). PMUs depend on precise time synchronization, and thus it is essential to ensure the security of time synchronization. In this paper we consider the detection of low-rate time synchronization attacks against PMUs. Based on a general clock model and a PMU measurement model we provide a closed form expression for the correlation between the clock frequency adjustments and the measured PMU phase angles in the absence of an attack. Leveraging the intuition that an attack would affect the correlation between these two quantities, we propose a model-based and a non-parametric correlation-based detector for time synchronization attacks. We evaluate the proposed detectors using extensive simulations. Our results show that they outperform traditional change detection techniques for clocks with low accuracy, for which attack detection is most challenging.
|
|
| 10. |
- Shereen, Ezzeldin, et al.
(författare)
-
Detection and Localization of PMU Time Synchronization Attacks via Graph Signal Processing
-
Annan publikation (övrigt vetenskapligt/konstnärligt)abstract
- Time Synchronization Attacks (TSAs) against Phasor Measurement Units (PMUs) constitute a major threat to modern smart grid applications. By compromising the time reference of a set of PMUs, an attacker can change the phase angle of their measured phasors, with potentially detrimental impact on grid operation and control. Going beyond traditional residual-based techniques in detecting TSAs, in this paper we propose the use of Graph Signal Processing (GSP) to model the power grid so as to facilitate the detection and localization of TSAs. We analytically show that modeling the state of the power system as a low-pass graph signal can significantly improve the resilience of the grid against TSAs. We propose TSA detection and localization methods based on GSP, leveraging state-of-the-art machine learning algorithms. We provide empirical evidence for the efficiency of the proposed methods based on extensive simulations on two IEEE benchmark systems. In fact, our methods can detect at least 77% more TSAs of significant impact and identify an additional 13% of the attacked PMUs compared to state-of-the-art techniques.
|
|
