My dissertation focuses on improving the security of the cyber-physical infrastructure of power grids against remote insider attacks . Power systems include a control structure that is common to other CPSes, as shown in the figure below. In this structure, system administrators use a control network to collect measurements related to physical processes and to issue commands to perform control operations. In remote insider attacks, external attackers penetrate control networks, through which they use existing measurement collections to study operational state and prepare for attacks. To execute attacks, attackers issue or modify commands that are crafted in legitimate formats. I proposed original designs to counter attacks at each stage of the attack's timeline.
Detection: Detect attacks' execution. I developed the first IDS that fully supports network protocols used in CPSes and extended the IDS with a newly designed power flow analysis algorithm.
Response: Remedy attacks' consequences. I designed a self-healing network infrastructure that, under the constraints of both cyber and physical infrastructures, simultaneously (i) reduces the overhead to reconnect compromised devices to networks and (ii) increases the service availability.
Preemption: Disrupt and mislead attacks' preparations. In this on-going work, I design a moving target defense (MTD) mechanism that (i) collects measurements from randomly selected devices instead of from all devices and (ii) obfuscates measurements from physical operations to provide misleading information based on which attackers design the malicious operations.