Detection of Cyber-Physical Attacks on Digital Substation Protection

数字化变电站保护网络物理攻击检测

• 批准号: RGPIN-2022-05346
• 负责人: Kundur, Deepa
• 金额: $ 5.54万
• 依托单位: University of Toronto
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2022
• 资助国家: 加拿大
• 起止时间: 2022-01-01 至 2023-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=751613
• 关键词: Detection; Cyber; Physical; Attacks; Digital

Smart grid systems are undergoing a transformation through the convergence of information technology (IT) and operational technology (OT), merging enterprise-level knowledge with operational insights. This vital enhancement improves system automation and visibility, but comes at cost of increasing cyberattack surface. Cyberattacks on smart grid systems have become growingly intelligent exhibiting characteristics that are polymorphic, patient and persistent often involving supply chain deployment. Given the stealth and sophistication of the current cyberthreat landscape, there is a compelling need for early and accurate detection of cyber and coordinated cyber-physical attacks, which is a critical first step for smart grid response and recovery. Moreover, protective relays, the fastest line of defence against power system faults and disturbances, are a rapidly growing target of attacks. This research program addresses the timely and ambitious problem of cyber-physical attack detection in modern smart grid systems with a focus on digital substation protection devices. The resulting data-rich environment arising from IT/OT convergence enables data-driven cyber-physical modelling paradigms and analytics. As such, the proposed research program explores the brave new world of opportunities for data analytics techniques in smart grid attack detection through the following objectives. We aim to: 1) Design enhanced training approaches to increase the robustness of deep learning-based attack detection through the use of generative adversarial networks and adversarial training techniques; 2) Develop a framework for collaborative intrusion detection that incorporates federated learning to detect coordinated cyber-physical attacks; 3) Construct IT/OT honeypots using reinforcement learning to deceptively lure real-world attack signatures for improved modeling and detection of emerging attacks. The proposed approaches have the potential to be transformative to the field of smart grid cyber-physical security. Not only will the results of this research provide the ability to deter cyber-physical attacks before they can be executed, but they will facilitate identification of potential sources of supply chain attacks that is currently considered one of the most compelling problems in smart grid security. Current utility practices that are based on the introduction of security standards and the application of cybersecurity best practices are insufficient, making the proposed research crucial for Canada's critical energy infrastructure defence strategy. Moreover, it is well known that under-resourced communities are more likely to be the victims of IT-based cyberattacks. This work aims to address the potentially heightened power grid threats on these vulnerable populations facilitated through IT/OT convergence illuminating possible inequities in accessibility to safe and secure power.

智能电网系统正在通过信息技术（IT）和运营技术（OT）的融合进行转型，将企业级知识与运营见解相结合。这一重要的增强功能提高了系统自动化和可见性，但代价是增加了网络攻击面。对智能电网系统的网络攻击已经变得越来越智能，表现出多态性，耐心和持久性的特点，通常涉及供应链部署。 鉴于当前网络威胁的隐蔽性和复杂性，迫切需要及早准确地检测网络和协调的网络物理攻击，这是智能电网响应和恢复的关键第一步。此外，保护继电器，对电力系统故障和干扰的最快的防线，是一个快速增长的攻击目标。该研究计划解决了现代智能电网系统中网络物理攻击检测的及时和雄心勃勃的问题，重点是数字变电站保护设备。IT/OT融合产生的数据丰富的环境使数据驱动的网络物理建模范式和分析成为可能。因此，拟议的研究计划通过以下目标探索智能电网攻击检测中数据分析技术的勇敢新世界。我们的目标是：1）设计增强的训练方法，通过使用生成对抗网络和对抗训练技术来提高基于深度学习的攻击检测的鲁棒性; 2）开发一个协作入侵检测框架，其中包含联邦学习来检测协调的网络物理攻击; 3）使用强化学习构建IT/OT蜜罐，以欺骗性地引诱真实世界的攻击特征，以改进对新兴攻击的建模和检测。所提出的方法有可能成为智能电网网络物理安全领域的变革。这项研究的结果不仅将提供在网络物理攻击被执行之前阻止它们的能力，而且它们将有助于识别供应链攻击的潜在来源，这是目前被认为是智能电网安全中最引人注目的问题之一。目前基于采用安全标准和应用网络安全最佳做法的公用事业做法是不够的，因此拟议的研究对加拿大的关键能源基础设施防御战略至关重要。此外，众所周知，资源不足的社区更有可能成为基于信息技术的网络攻击的受害者。这项工作的目的是解决潜在的加剧电网对这些弱势群体的威胁，通过IT/OT融合，阐明在获得安全和有保障的电力方面可能存在的不平等。