Hussam Tarazi, Sara Sutton, John Olinjyk, Benjamin Bond, Julian Rrushi
{"title":"基于物理的数字变电站异常检测看门狗模型","authors":"Hussam Tarazi, Sara Sutton, John Olinjyk, Benjamin Bond, Julian Rrushi","doi":"10.1016/j.ijcip.2024.100660","DOIUrl":null,"url":null,"abstract":"<div><p><span>The security of cyber–physical systems (CPS) presents new challenges stemming from computations that work primarily with live physics data. Although there is a body of previous research on detection of malware on CPS, more effective designs are needed to address limitations such mimicry attacks and other forms of evasive techniques. Relay algorithms in particular, such as differential and harmonic protection algorithms, are essential to protecting physical equipment such as </span>power transformers from faults. Relay algorithms, though, are often disabled, altered, or otherwise suppressed by malware.</p><p>In this paper, we first provide background on the main types of failures that may occur in an electrical power substation<span> after relay algorithms are disabled by malware. We also provide some initial insights into malware methods that involve physics-informed data manipulations, which in turn may lead to power outages and physical damage to power transformers. We then describe the design of a watchdog algorithm that is continuously on the look out for anomalies in the execution time of relay algorithms along with their associated performance counters. We implemented the watchdog approach in Python, and evaluated it empirically on emulations of differential and harmonic protection algorithms on a computing machine.</span></p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"44 ","pages":"Article 100660"},"PeriodicalIF":4.1000,"publicationDate":"2024-01-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A watchdog model for physics-based anomaly detection in digital substations\",\"authors\":\"Hussam Tarazi, Sara Sutton, John Olinjyk, Benjamin Bond, Julian Rrushi\",\"doi\":\"10.1016/j.ijcip.2024.100660\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p><span>The security of cyber–physical systems (CPS) presents new challenges stemming from computations that work primarily with live physics data. Although there is a body of previous research on detection of malware on CPS, more effective designs are needed to address limitations such mimicry attacks and other forms of evasive techniques. Relay algorithms in particular, such as differential and harmonic protection algorithms, are essential to protecting physical equipment such as </span>power transformers from faults. Relay algorithms, though, are often disabled, altered, or otherwise suppressed by malware.</p><p>In this paper, we first provide background on the main types of failures that may occur in an electrical power substation<span> after relay algorithms are disabled by malware. We also provide some initial insights into malware methods that involve physics-informed data manipulations, which in turn may lead to power outages and physical damage to power transformers. We then describe the design of a watchdog algorithm that is continuously on the look out for anomalies in the execution time of relay algorithms along with their associated performance counters. We implemented the watchdog approach in Python, and evaluated it empirically on emulations of differential and harmonic protection algorithms on a computing machine.</span></p></div>\",\"PeriodicalId\":49057,\"journal\":{\"name\":\"International Journal of Critical Infrastructure Protection\",\"volume\":\"44 \",\"pages\":\"Article 100660\"},\"PeriodicalIF\":4.1000,\"publicationDate\":\"2024-01-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Critical Infrastructure Protection\",\"FirstCategoryId\":\"5\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1874548224000015\",\"RegionNum\":3,\"RegionCategory\":\"工程技术\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Critical Infrastructure Protection","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1874548224000015","RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
A watchdog model for physics-based anomaly detection in digital substations
The security of cyber–physical systems (CPS) presents new challenges stemming from computations that work primarily with live physics data. Although there is a body of previous research on detection of malware on CPS, more effective designs are needed to address limitations such mimicry attacks and other forms of evasive techniques. Relay algorithms in particular, such as differential and harmonic protection algorithms, are essential to protecting physical equipment such as power transformers from faults. Relay algorithms, though, are often disabled, altered, or otherwise suppressed by malware.
In this paper, we first provide background on the main types of failures that may occur in an electrical power substation after relay algorithms are disabled by malware. We also provide some initial insights into malware methods that involve physics-informed data manipulations, which in turn may lead to power outages and physical damage to power transformers. We then describe the design of a watchdog algorithm that is continuously on the look out for anomalies in the execution time of relay algorithms along with their associated performance counters. We implemented the watchdog approach in Python, and evaluated it empirically on emulations of differential and harmonic protection algorithms on a computing machine.
期刊介绍:
The International Journal of Critical Infrastructure Protection (IJCIP) was launched in 2008, with the primary aim of publishing scholarly papers of the highest quality in all areas of critical infrastructure protection. Of particular interest are articles that weave science, technology, law and policy to craft sophisticated yet practical solutions for securing assets in the various critical infrastructure sectors. These critical infrastructure sectors include: information technology, telecommunications, energy, banking and finance, transportation systems, chemicals, critical manufacturing, agriculture and food, defense industrial base, public health and health care, national monuments and icons, drinking water and water treatment systems, commercial facilities, dams, emergency services, nuclear reactors, materials and waste, postal and shipping, and government facilities. Protecting and ensuring the continuity of operation of critical infrastructure assets are vital to national security, public health and safety, economic vitality, and societal wellbeing.
The scope of the journal includes, but is not limited to:
1. Analysis of security challenges that are unique or common to the various infrastructure sectors.
2. Identification of core security principles and techniques that can be applied to critical infrastructure protection.
3. Elucidation of the dependencies and interdependencies existing between infrastructure sectors and techniques for mitigating the devastating effects of cascading failures.
4. Creation of sophisticated, yet practical, solutions, for critical infrastructure protection that involve mathematical, scientific and engineering techniques, economic and social science methods, and/or legal and public policy constructs.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
