BZPEERReading, trust and collaboration for research
Menu

Discover

GraphFollow connections around a paper, topic or saved view.

Workspaces

HomePick up where your research flow left off.InboxHandle requests, replies and notifications from one place.CollectionsCurate reading lists, evidence sets and shareable dossiers.ResearchSee your private provenance graph, trail and imports.CollaborationMove from discovery into focused discussion rooms.PublishDraft, preview and publish full-text research articles.

Network

ExpertsFind specialists worth following or asking for help.CommunitiesJoin research circles organized around shared work.PartnersSee external organizations active around the same topics.

Opportunities

ListingsBrowse roles, calls and collaborations with clearer fit signals.

Account

Log inReturn to your reading and collaboration workspace.Create accountStart saving work, following people and joining teams.
Log inCreate account

Researcher profile

Katherine Davis

Katherine Davis contributes to research discovery and scholarly infrastructure.

ResearcherAffiliation not importedOpen to collaborate
eess.SYSystems and ControlCryptography and Securityeess.SPMachine LearningArtificial IntelligenceSocial and Information Networks

Trust snapshot

Quick read

Trust 21 - EmergingVerification L1Unclaimed author
9works
0followers
7topics
4close collaborators

Actions

Decide how to stay connected

Follow researcher0

Identity and collaboration

How to connect with this researcher

Claiming links this public author record to a researcher profile and unlocks direct collaboration workflows.

Log in to claim

Direct collaboration

Open a focused conversation when the fit is right

Claim this author entity first to unlock direct invitations.

Research graph

See the researcher in context

Open full explorer

Inspect adjacent work, topics, institutions and collaborators without jumping out to a separate graph page.

Building this graph slice

BZPEER is loading the nearby papers, people, topics and institutions for this page.

Published work

9 published item(s)

preprint2022arXiv

Generating Connected, Simple, and Realistic Cyber Graphs for Smart Grids

Smart grids integrate communication systems with power networks to enable power grids operation and command through real-time data collection and control signals. Designing, analyzing, and simulating smart grid infrastructures as well as predicting the impact of power network failures strongly depend on the topologies of the underlying power network and communication system. Despite the substantial impact that the communication systems bring to smart grid operation, the topology of communication systems employed in smart grids was less studied. The power community lacks realistic generative communication system models that can be calibrated to match real-world data. To address this issue, this paper proposes a framework to generate the underlying topological graphs for the communication systems deployed in smart grids by mimicking the topology of real-world smart grids. In this regard, we have updated the Chung-Lu algorithm to guarantee the communication network connectivity and to match the degree distribution of a real-world smart grid rather than following an expected degree distribution. In addition, key characteristics of communication systems such as diameter, average shortest paths, clustering coefficients, assortativity, and spectral gap were taken into consideration to generate the most similar real-world communication network for smart grid studies. We believe that the proposed algorithm to generate realistic cyber graphs for smart grid studies will benefit the power community.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Infinite Impulse Response Graph Neural Networks for Cyberattack Localization in Smart Grids

This study employs Infinite Impulse Response (IIR) Graph Neural Networks (GNN) to efficiently model the inherent graph network structure of the smart grid data to address the cyberattack localization problem. First, we numerically analyze the empirical frequency response of the Finite Impulse Response (FIR) and IIR graph filters (GFs) to approximate an ideal spectral response. We show that, for the same filter order, IIR GFs provide a better approximation to the desired spectral response and they also present the same level of approximation to a lower order GF due to their rational type filter response. Second, we propose an IIR GNN model to efficiently predict the presence of cyberattacks at the bus level. Finally, we evaluate the model under various cyberattacks at both sample-wise (SW) and bus-wise (BW) level, and compare the results with the existing architectures. It is experimentally verified that the proposed model outperforms the state-of-the-art FIR GNN model by 9.2% and 14% in terms of SW and BW localization, respectively.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Spatio-Temporal Failure Propagation in Cyber-Physical Power Systems

Cascading failure in power systems is triggered by a small perturbation that leads to a sequence of failures spread through the system. The interconnection between different components in a power system causes failures to easily propagate across the system. The situation gets worse by considering the interconnection between cyber and physical layers in power systems. A plethora of work has studied the cascading failure in power systems to calculate its impact on the system. Understanding how failures propagate into the system in time and space can help the system operator to take preventive actions and upgrade the system accordingly. Due to the nonlinearity of the power flow equation as well as the engineering constraints in the power system, it is essential to understand the spatio-temporal failure propagation in cyber-physical power systems (CPPS). This paper proposes an asynchronous algorithm for investigating failure propagation in CPPS. The physics of the power system is addressed by the full AC power flow equations. Various practical constraints including load shedding, load-generation balance, and island operation are considered to address practical constraints in power system operation. The propagation of various random initial attacks of different sizes is analyzed and visualized to elaborate on the applicability of the proposed approach. Our findings shed light on the cascading failure evolution in CPPS.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Toward a Mathematical Vulnerability Propagation and Defense Model in Smart Grid Networks

For reducing threat propagation within an inter-connected network, it is essential to distribute the defense investment optimally. Most electric power utilities are resource constrained, yet how to account for costs while designing threat reduction techniques is not well understood. Hence, in this work, a vulnerability propagation and a defense model is proposed based on an epidemic model. The new defense mechanism is then validated through sensitivity of the propagation parameters on the optimal investment with two-node and N-node cases. Further, the model efficacy is evaluated with implementation in one of the communication networks of a cyber-physical power system. Topological impact on the optimal nodal investment is also emphasized. Optimal investment of the neighbors with less degree were found to be highly sensitive to fluctuation in vulnerability exploitability probability.

0 citations0 reviewsNo code linkedOpen access
preprint2021arXiv

Inter-Domain Fusion for Enhanced Intrusion Detection in Power Systems: An Evidence Theoretic and Meta-Heuristic Approach

False alerts due to misconfigured/ compromised IDS in ICS networks can lead to severe economic and operational damage. To solve this problem, research has focused on leveraging deep learning techniques that help reduce false alerts. However, a shortcoming is that these works often require or implicitly assume the physical and cyber sensors to be trustworthy. Implicit trust of data is a major problem with using artificial intelligence or machine learning for CPS security, because during critical attack detection time they are more at risk, with greater likelihood and impact, of also being compromised. To address this shortcoming, the problem is reframed on how to make good decisions given uncertainty. Then, the decision is detection, and the uncertainty includes whether the data used for ML-based IDS is compromised. Thus, this work presents an approach for reducing false alerts in CPS power systems by dealing uncertainty without the knowledge of prior distribution of alerts. Specifically, an evidence theoretic based approach leveraging Dempster Shafer combination rules are proposed for reducing false alerts. A multi-hypothesis mass function model is designed that leverages probability scores obtained from various supervised-learning classifiers. Using this model, a location-cum-domain based fusion framework is proposed and evaluated with different combination rules, that fuse multiple evidence from inter-domain and intra-domain sensors. The approach is demonstrated in a cyber-physical power system testbed with Man-In-The-Middle attack emulation in a large-scale synthetic electric grid. For evaluating the performance, plausibility, belief, pignistic, etc. metrics as decision functions are considered. To improve the performance, a multi-objective based genetic algorithm is proposed for feature selection considering the decision metrics as the fitness function.

0 citations0 reviewsNo code linkedOpen access
preprint2021arXiv

Man-in-The-Middle Attacks and Defense in a Power System Cyber-Physical Testbed

Man-in-The-Middle (MiTM) attacks present numerous threats to a smart grid. In a MiTM attack, an intruder embeds itself within a conversation between two devices to either eavesdrop or impersonate one of the devices, making it appear to be a normal exchange of information. Thus, the intruder can perform false data injection (FDI) and false command injection (FCI) attacks that can compromise power system operations, such as state estimation, economic dispatch, and automatic generation control (AGC). Very few researchers have focused on MiTM methods that are difficult to detect within a smart grid. To address this, we are designing and implementing multi-stage MiTM intrusions in an emulation-based cyber-physical power system testbed against a large-scale synthetic grid model to demonstrate how such attacks can cause physical contingencies such as misguided operation and false measurements. MiTM intrusions create FCI, FDI, and replay attacks in this synthetic power grid. This work enables stakeholders to defend against these stealthy attacks, and we present detection mechanisms that are developed using multiple alerts from intrusion detection systems and network monitoring tools. Our contribution will enable other smart grid security researchers and industry to develop further detection mechanisms for inconspicuous MiTM attacks.

0 citations0 reviewsNo code linkedOpen access
preprint2021arXiv

Multi-Source Data Fusion for Cyberattack Detection in Power Systems

Cyberattacks can cause a severe impact on power systems unless detected early. However, accurate and timely detection in critical infrastructure systems presents challenges, e.g., due to zero-day vulnerability exploitations and the cyber-physical nature of the system coupled with the need for high reliability and resilience of the physical system. Conventional rule-based and anomaly-based intrusion detection system (IDS) tools are insufficient for detecting zero-day cyber intrusions in the industrial control system (ICS) networks. Hence, in this work, we show that fusing information from multiple data sources can help identify cyber-induced incidents and reduce false positives. Specifically, we present how to recognize and address the barriers that can prevent the accurate use of multiple data sources for fusion-based detection. We perform multi-source data fusion for training IDS in a cyber-physical power system testbed where we collect cyber and physical side data from multiple sensors emulating real-world data sources that would be found in a utility and synthesizes these into features for algorithms to detect intrusions. Results are presented using the proposed data fusion application to infer False Data and Command injection-based Man-in- The-Middle (MiTM) attacks. Post collection, the data fusion application uses time-synchronized merge and extracts features followed by pre-processing such as imputation and encoding before training supervised, semi-supervised, and unsupervised learning models to evaluate the performance of the IDS. A major finding is the improvement of detection accuracy by fusion of features from cyber, security, and physical domains. Additionally, we observed the co-training technique performs at par with supervised learning methods when fed with our features.

0 citations0 reviewsNo code linkedOpen access
preprint2021arXiv

Statistics for Building Synthetic Power System Cyber Models

A realistic communication system model is critical in power system studies emphasizing the cyber and physical intercoupling. In this paper, we provide characteristics that could be used in modeling the underlying cyber network for power grid models. A real utility communication network and a simplified inter-substation connectivity model are studied, and their statistics could be used to fulfill the requirements for different modeling resolutions.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

Design and Evaluation of A Cyber-Physical Resilient Power System Testbed

A power system is a complex cyber-physical system whose security is critical to its function. A major challenge is to model and analyze its communication pathways with respect to cyber threats. To achieve this, the design and evaluation of a cyber-physical power system (CPPS) testbed called Resilient Energy Systems Lab (RESLab) is presented that captures realistic cyber, physical, and protection system features. RESLab is architected to be a fundamental tool for studying and improving the resilience of complex CPPS to cyber threats. The cyber network is emulated using Common Open Research Emulator (CORE) that acts as a gateway for the physical and protection devices to communicate. The physical grid is simulated in the dynamic time frame using PowerWorld Dynamic Studio (PWDS). The protection components are modeled with both PWDS and physical devices including the SEL Real-Time Automation Controller (RTAC). Distributed Network Protocol 3 (DNP3) is used to monitor and control the grid. Then, exemplifying the design and validation of these tools, this paper presents four case studies on cyber-attack and defense using RESLab, where we demonstrate false data and command injection using Man-in-the-Middle and Denial of Service attacks and validate them on a large-scale synthetic electric grid.

0 citations0 reviewsNo code linkedOpen access