Dissertation/Thesis Abstract

Cybersecurity testing and intrusion detection for cyber-physical power systems
by Pan, Shengyi, Ph.D., Mississippi State University, 2014, 161; 3665497
Abstract (Summary)

Power systems will increasingly rely on synchrophasor systems for reliable and high-performance wide area monitoring and control (WAMC). Synchrophasor systems greatly use information communication technologies (ICT) for data exchange which are vulnerable to cyber-attacks. Prior to installation of a synchrophasor system a set of cyber security requirements must be developed and new devices must undergo vulnerability testing to ensure that proper security controls are in place to protect the synchrophasor system from unauthorized access. This dissertation describes vulnerability analysis and testing performed on synchrophasor system components. Two network fuzzing frameworks are proposed; for the IEEE C37.118 protocol and for an energy management system (EMS).

While fixing the identified vulnerabilities in information infrastructures is imperative to secure a power system, it is likely that successful intrusions will still occur. The ability to detect intrusions is necessary to mitigate the negative effects from a successful attacks. The emergence of synchrophasor systems provides real-time data with millisecond precision which makes the observation of a sequence of fast events feasible. Different power system scenarios present different patterns in the observed fast event sequences. This dissertation proposes a data mining approach called mining common paths to accurately extract patterns for power system scenarios including disturbances, control and protection actions and cyber-attacks from synchrophasor data and logs of system components. In this dissertation, such a pattern is called a common path, which is represented as a sequence of critical system states in temporal order. The process of automatically discovering common paths and building a state machine for detecting power system scenarios and attacks is introduced. The classification results show that the proposed approach can accurately detect these scenarios even with variation in fault locations and load conditions.

This dissertation also describes a hybrid intrusion detection framework that employs the mining common path algorithm to enable a systematic and automatic IDS construction process. An IDS prototype was validated on a 2-line 3-bus power transmission system protected by the distance protection scheme. The result shows the IDS prototype accurately classifies 25 power system scenarios including disturbances, normal control operations, and cyber-attacks.

Indexing (document details)
Advisor: Morris, Thomas H.
Commitee: Dampier, David A., Fu, Yong, Jones, Bryan A.
School: Mississippi State University
Department: Electrical and Computer Engineering
School Location: United States -- Mississippi
Source: DAI-B 76/04(E), Dissertation Abstracts International
Source Type: DISSERTATION
Subjects: Computer Engineering
Keywords: Cyber security, Intrusion detection, Mining common paths, Power system, Synchrophasor test bed
Publication Number: 3665497
ISBN: 9781321380774
Copyright © 2019 ProQuest LLC. All rights reserved. Terms and Conditions Privacy Policy Cookie Policy
ProQuest