Denial of Service Attacks in the Smart Grid: History
View Latest Version
Please note this is an old version of this entry, which may differ significantly from the current revision.
Subjects: Computer Science, Artificial Intelligence
Contributor:
Ines Ortega-Fernandez
,
Francesco Liberati

The smart grid is the current energy management and distribution trend: it merges cyber–physical systems (CPS) infrastructure with information and communication technologies (ICT) to ensure efficient power generation, smart energy distribution in real-time, and optimisation. It also allows for greater integration of alternative energy sources such as solar and wind power, which are heavily reliant on weather patterns. Smart grid applications include extraction of business value, smart charging of electric vehicles, smart distribution, generation and storage of energy, grid optimization, grid self-healing with fault protection technology, and many others. Denial-of-Service (DoS) attacks, in particular, have become critical threats to the smart grid because they target the availability of the grid infrastructure and services: in the context of smart grids, this includes both “ensuring timely and reliable access to and use of information” and “ensuring access to enough power”.

  • smart grids
  • cyberattacks
  • denial-of-Service
  • reinforcement learning
  • cyber detection

1. Introduction

The smart grid is the current energy management and distribution trend: it merges cyber–physical systems (CPS) infrastructure with information and communication technologies (ICT) to ensure efficient power generation, smart energy distribution in real-time, and optimisation [1]. It also allows for greater integration of alternative energy sources such as solar and wind power, which are heavily reliant on weather patterns. Smart grid applications include extraction of business value, smart charging of electric vehicles, smart distribution, generation and storage of energy, grid optimization, grid self-healing with fault protection technology, and many others [2] (Figure 1). However, the use of ICT introduces new threats to the smart grid infrastructure and makes it vulnerable to cyber-attacks: using legacy technologies such as conventional Supervisory Control and Data Acquisition (SCADA) systems or running most CPS protocols over TCP/IP exposes the smart grid to attack vectors found in traditional information systems [3].
Energies 16 00635 g001 550
Figure 1. Smart Grid infrastructure and components.
Denial-of-Service (DoS) attacks, in particular, have become critical threats to the smart grid because they target the availability of the grid infrastructure and services: in the context of smart grids, this includes both “ensuring timely and reliable access to and use of information” [4] and “ensuring access to enough power” [5]. Since the network lacks extensive storage capacity, the generated electrical power must be consumed in a short period of time. A DoS attack could prevent grid measurements from reaching the control centre, so affecting the frequency equilibrium between power generation and consumption [6]: the control centre uses data gathered from multiple sections of the smart grid to determine energy requirements, provide data to energy providers for billing, and for controlling consumption and generation of electricity. Furthermore, any disruption in the network must be addressed quickly in order to avoid major service interruptions. As a result, advanced defence mechanisms that address the special constraints of real-time operation and availability of the smart grid are required to protect against DoS attacks.
Huseinovi et al. provide in [5] a taxonomy of the major power grid applications subject to DoS attacks:
  • The Advanced Metering Infrastructure provides smart meters with bidirectional communication capabilities and data transfer with the control centre. It is a common target of DoS attacks.
  • The Distribution Management System monitors, protects, controls and optimizes the assets of the distribution grid, and might be affected by load frequency disturbance caused by a DoS attack.
  • Wide Area Monitoring, Protection and Control Systems are also subject to DoS attacks [7][8].
  • Demand Side Management might be affected by DoS attacks that target the devices in charge of maintaining the load and supply balance from the demand side.
  • At last, the Energy Management System is in charge of keeping the balance between the energy supply and the demand. A Distributed DoS (DDoS) targeting the Energy Management System will prevent it from controlling the power ratio between consumption and generation, causing problems such as voltage drop/rise.
Due to the large diversity of available cyber–physical layer protocols, the use of an open communication network geographically distributed, and the limited computational abilities of the smart grid devices, among others, securing the smart grid is still an open challenge [9]. While basic security measures (such as authentication mechanisms, encrypted communications or the use of firewalls) can be effective to address simple attacks, advanced threats require continuous monitoring, detection and prevention systems [9], and a quick and efficient response to incidents. In particular, Intrusion Prevention Systems (IPS) can be employed to detect and mitigate DoS attacks by executing automated mitigation actions when a cyberattack is detected, for example, by re-configuring firewall rules, the network topology (in the case of Software Defined Networks (SDNs)) or by implementing different actions in the control layer [10].
Traffic monitoring tools might be used to obtain statistical information about the data exchanged in the ICT interface of the smart grid in order to detect cyberattacks. In particular, the study of traffic flows might be useful to detect DoS attacks that cause packet delays and communication network congestion, and even to detect the presence of new devices in the network. IPSs might be classified into two big groups (Figure 2):
Energies 16 00635 g002 550
Figure 2. Network Intrusion Prevention Systems types and detection methods.
  • Signature-based IPSs, which use signatures and patterns of well-known DoS attacks to compare current network traffic with its expected pattern, raising an alarm when the current behaviour does not match the learned signature or rule. Although these methods are easy to implement, they fail to detect novel or unknown attacks [11].
  • Anomaly-based IPSs, which learn a pattern of the normal behaviour of a network by means of statistical properties, and raise an alarm when the current behaviour does not match the expected pattern, allowing the IPS to detect unknown attacks [12]. However, anomaly-based IPSs are more costly to train and tune, and it is more difficult to obtain the exact root cause of the detected anomaly. The pattern of legitimate behaviour may be learned with a variety of techniques: traditionally, pattern-based intrusion detection has been performed by analysing the contents of each individual network packet to find anomalies that deviate from the learned pattern, using a set of techniques named Deep Packet Inspection. However, inspecting each packet is not efficient in large networks, and is even impossible at network speeds of Gigabits per second. The main alternative to Deep Packet Inspection is flow-based anomaly detection, where the communication patterns (in Netflow [13] or IPFIX [14] format) are studied, instead of the content of each individual packet [15].

2. DoS Attacks in the Smart Grid

The smart grid is made up of various elements that form a hierarchical architecture: in general, a set of measurement components (such as smart meters or Programmable Logic Controllers) gather data from the environment and send it to a control centre via communication protocols that run over TCP/IP, inheriting the DoS attack vectors from the internet domain. Because the control centre and the physical layer are usually geographically separated, the cyber–physical infrastructure shares the networking infrastructure with the Internet, allowing attackers and cyber-criminals to gain access to the smart grid. DoS attacks are one of the attacks that can have a greater impact on the smart grid: a DoS attack against the smart grid has the primary effect of disrupting or delaying power delivery; the attack could target a single device or the various sections of the smart grid: generation, transmission, distribution, and consumption [5].
DoS attacks against communication between smart metering equipment and control centres, in particular, may stop signals from reaching their destinations on time, preventing the control centre from maintaining a strong situational awareness of the grid’s condition, and thus leading to grid instability. The attackers may employ many devices (and botnets) to carry out what is called a Distributed DoS attack, and use spoofed IP addresses to mask their identities. This section summarises the most relevant DoS active attack types against the smart grid, which might cause grid instability and/or unavailability. The attacks are classified based on the technique used, and the consequences for the smart grid are discussed. Table 1 summarises the main attack techniques, their targets in the smart grid infrastructure and the main mitigation and detection techniques. This study does not cover passive attacks, where the attacker eavesdrops on communications or analyses traffic in order to obtain information about the smart grid, but without modifying data or interacting with the infrastructure.
Table 1. Summary of the main DoS attacks against the smart grid, relevant works and main identified defence strategies.
Attack Target Defence Strategy Relevant Works
Flooding ICMP
UDP
TCP		 Network monitoring with NIDS
Moving Target Defence
Drop or filter traffic
Anomaly Detection		 [16]
[17]
[18]
[19]
[20]
[21]
Jamming Wireless Communication Layer Signal Strength Measurements
Monitoring of the Carrier Sensing Time
Threshold based detection on the PDR
Consistency Checks
Network monitoring with NIDS
Delayed Disconnect
Intelligent selection of wireless channels
Drop/filter traffic		 [22]
[23]
[24]
[25]
[25]
De-synchronization Global Positioning System (GPS)
Network Time Protocol (NTP)		 Monitor system stability
Monitor the GPS carrier-to-noise ratio
Use IEEE 1588-2008 precision time protocol
Use stable atomic clocks		 [26]
[27]
[28]
Amplification UDP Network monitoring with NIDS
Filter or drop traffic
Deep Packet Inspection
Anomaly detection		 [29]
False Data Injection Unencrypted, unauthenticated communications Deep Packet Inspection
Anomaly Detection		 [30]
[31]
[32]

2.1. Flooding Attacks

A flooding attack tries to overwhelm the network, resulting in delayed or interrupted communication between legitimate devices. It might be performed by taking advantage of multiple network protocols, such as ICMP, UDP, or TCP. The attack is simple to execute but causes significant network disruption.
TCP SYN Flooding [33] takes advantage of the three-way handshake mechanism of the TCP/IP protocol, and therefore all smart grid protocols running on top of TCP/IP (such as Modbus TCP) are vulnerable to SYN flood attacks. The attacker sends an SYN request packet to the victim, which replies with an SYN/ACK packet and keeps a port open waiting for an ACK packet from the attacker to establish the connection. However, the attacker never sends the ACK packet, forcing the client to keep the port open until the connection expires (Figure 3). The main outcome of a successful SYN flooding attack is that the victim runs out of available ports to initiate new connections with legitimate devices.
Energies 16 00635 g003 550
Figure 3. Conceptual diagram of the TCP SYN Flood attack. The attacker uses spoofed IP addresses, so the victim never gets a response to the SYN-ACK packets, forcing it to keep open ports and exhausting its resources.
UDP Flooding attacks are executed when an attacker generates a high amount of packets to random destination ports of the victim. If the port is closed, the victim will respond with an ICMP packet; if the amount of generated ICMP packets is large enough, it might overwhelm the network preventing legitimate packets from reaching their destination: in [16], Asri et al. show how a UDP flooding attack could take down the entire grid infrastructure. The UDP attack prevents the control centre from gathering usage data from the grid, and as a result, the power plant stops producing electricity, causing the entire network to fail. Likewise, Ping flooding [34] tries to overwhelm the network with ICMP packets: the targeted device becomes overloaded with ICMP Echo Request (ping) packets. The attacker tries to consume all the available bandwidth, preventing legitimate packets from reaching their destination.
Depending on the role of the victim in the smart grid, the attack might have different consequences in the physical environment. Flooding attacks might increase delays on time-critical messages, such as those exchanged between the control centre and smart meters [18][19][20]. The DoS attack might not only interrupt communications but also exhaust the victim’s resources in terms of CPU consumption, preventing it from performing legitimate tasks [21]. Common defence strategies include the deployment of network monitoring through Network Intrusion Detection Systems (NIDS) and anomaly detection [16][18][20], or the use of advanced moving target defence mechanisms as proposed in [17].

2.2. Jamming Attacks

A recent DoS attack vector in wireless networks is initiated by jamming the signals at the physical layer to deny or delay the communication between smart grid devices [35]. The attackers might use a variety of techniques, from the simple continual transmission of interference signals to advanced attacks that exploit vulnerabilities on application layer protocols [22]. In [23], Temple et al. implement a jamming attack with two different goals: to deny the electrical service during a certain time window, and to produce physical disturbance of power grid frequency by causing load shedding, assuming an attacker with perfect knowledge of the infrastructure. Li et al. investigate in [24] both jamming and anti-jamming techniques in a multichannel wireless network that connects remote sensors and the control centre in a smart grid, modelling the interaction between the grid sensors and the attacker as a zero-sum stochastic game.
The detection and mitigation techniques for jamming attacks usually study parameters associated with the stability of the signals in the network, such as the signal strength indicator and the packet loss rate [25]. Other strategies are based on consistency checks, delayed disconnect, or detection of media access control layer misbehaviour through network monitoring [22], the intelligent selection of the communication channel to avoid the use of channels that are under attack [24].

2.3. De-Synchronization Attacks

Since many smart grid applications depend on synchronous measurements, they rely on exact timing information. Spoofing the Global Positioning System (GPS) signals is one method of carrying out de-synchronization attacks in the smart grid. Most measuring equipment employs the GPS to obtain exact timing: characteristics such as frequency and voltage are often sampled on a regular basis thanks to the GPS timing signal, and the measurements are aligned to a common time domain by the control centre. A de-synchronization attack occurs when a malicious attacker alters the sampling time by forging a GPS signal, causing the measuring device to sample the signal at the incorrect time (Figure 4). The misaligned measurement reaches the control centre, which acquires an inaccurate grid status. Zang et al. investigate in [26] the smart grid de-synchronization threats in three smart grid applications: transmission line fault detection and location, voltage stability monitoring, and event location. They demonstrate how a time de-synchronization attack might degrade such applications’ performance, resulting in erroneous operations in the smart grid.
Energies 16 00635 g004 550
Figure 4. Example of a jamming attack on the GPS signal, which causes misaligned measurements to arrive at the control centre.
A different set of de-synchronization attacks in the smart grid are performed by exploiting vulnerabilities in the Precision Time Protocol (PTP). PTP is one of the IEEE 1588 protocols that permit time synchronization between devices with varied clock resolutions, precision, and stability with microsecond accuracy [36]. PTP is widely used in the smart grid at the substation level to obtain sample values with 1 μs accuracy. The PTP master is connected to the substation bus: the master receives timing from a GPS signal and distributes accurate time reference to all connected devices via synchronization messages under PTP [28]. However, PTP is vulnerable to different attacks, including DoS, packet manipulation and selective packet delay [27]. The authors of [28] exploit the PTP protocol, by introducing a variable delay in the PTP master communication path, and manipulating the clock of the connected devices. A delay attack against PTP will manipulate the clocks of all connected devices, affecting the functionality of merging units and potentially targeting all applications relying on precise timing, such as sampled values, fault localization, differential protection, or synchrophasor measurements.
The defence and mitigation techniques against jamming attacks include the use of cross-layer monitoring of the GPS carrier-to-noise ratio to detect time de-synchronization attacks [37], or the use of highly stable atomic clocks or time synchronization with the precision time protocol defined by IEEE 1588-2008 [38]. Moreover, authentication mechanisms can be used to prevent spoofing, which is the main enabler of de-synchronization attacks.

2.4. Amplification Attacks

Amplification attacks are a kind of volumetric DoS attack which involves reflection and amplification: the attacker spoofs an IP address (reflection), while exploiting UDP-based protocols that provide a much larger response than the request from the attacker (amplification) to overwhelm a network [39]. In contrast to flooding attacks, amplification attacks consume fewer resources from the attacker side but are more difficult to implement. Amplification attacks have four main characteristics [40]:
  • Distributed: usually, multiple servers using the UDP protocol are used to launch the attack.
  • Camouflage: attackers spoof their IP addresses into the addresses of the victim. Victims receive a lot of traffic from amplifiers (the server that is abused by the attackers).
  • Reflexivity: the traffic is never received directly from the attacker, but indirectly by the amplifier’s reflection.
  • Amplification: the traffic reflected from the amplifier servers to the victims is much larger than the traffic sent to amplifiers from the attackers.
The main three types of amplification attacks targeting the smart grid are DNS, NTP and SNMP amplification. The Domain Name System (DNS) protocol translates domain names into IP addresses. In the context of smart grids, any device connected to a supervisory, control and data acquisition system has an IP address that is stored in the DNS server. In a DNS amplification attack, the attacker sends UDP packets with forged IP addresses to a DNS resolver, which acts as an amplifier server. The forged IP is the victim’s IP. Each UDP packet requests the DNS resolver to send the largest response possible (by sending the “ANY” argument). When the DNS resolver receives the request, it sends to the victim a large response, overwhelming the networks and causing service interruption [41].
Likewise, a Network Time Protocol (NTP) amplification attack uses an NTP server as an amplifier: in the smart grid, NTP servers are used to perform time synchronization between current and voltage measurements from different devices in the grid. In the NTP amplification case, the attacker creates a reflection attack between the master nodes (that receive packets) and the slave nodes in the substations. The attacker sends UDP packets with forged IP addresses to the NTP server using the “monlist” command, which forces the server into responding with the latest 600 IP addresses that have made requests to the NTP server. The IP in the UDP packets is, again, the victim’s IP, which receives a large UDP packet overwhelming the network. Finally, the Simple Network Management Protocol (SNMP) is widely used in management consoles dedicated to manage and maintain Programmable Logic Controllers. If an attacker gains access to an SNMP server it would be able to use it to scan the network and create a list of local devices, which will become the amplifiers of the attack. The attacker forges UDP packets, requesting the devices to respond with as much data as possible: the SNPM server (in this case the victim) will receive a large volume of data from all the devices, becoming overwhelmed by the amount of petitions and data [42].
In [29], Yang et al. propose an intrusion detection system specific for synchrophasor measurements, capable of detecting man-in-the-middle and amplification attacks by combining protocol-based whitelists with behavioural anomaly detection, by performing deep packet inspection on the network frames. The consequences (and the defence and mitigation techniques) of amplification attacks are similar to those of flooding attacks: the main objective of amplification attacks is to saturate the available bandwidth of a network (or the processing capabilities of the device processing the network packets) with numerous and large network packets, targeting the network layer of the TCP/IP protocol stack.

2.5. False Data Injection Attacks

In this type of attack, the malicious actor intercepts the communication network traffic (for example, by sniffing unencrypted communications from the network) and extracts the actual values of the network frame. The attacker forges false packets to force the control centre into executing wrong actions of various types. While False Data Injection (FDI) attacks target the integrity of the network packets, they might also be used as a DDoS tool [30][43] when they cause interruptions on different smart grid applications. A common assumption is that FDI attacks require complete knowledge of the grid topology. However, recent works show how an attacker with limited knowledge is also able to successfully perform FDI attacks [44]. In [30], Vuković et al. consider an attacker that manipulates the data exchanged between the control centre and the neighbouring nodes. The attacker successfully manipulates the data to disable the distributed state estimation system, preventing it from finding correct state estimates. They show the impact of the attack on the IEEE 118 bus power system, where the FDI attack prevents the distributed state estimation from converging, leading to DoS due to erroneous state and power flow estimations, preventing the control centre from taking adequate actions.
The most critical estimations, and therefore the main targets of FDI attacks in a smart grid, are energy demand, energy supply, grid-network states and electricity pricing estimation. FDI attacks result in abnormal state estimations and might be detected by performing Deep Packet Inspection, anomaly detection, or through system-theoretic approaches [31]. In addition, when the FDI attack targets distributed state estimation (as discussed in [30]), a distributed detection approach is recommendable: a mitigation strategy is presented in [30], based on fully distributed attack detection (which is able to understand which region of the grid is impacted by the FDI attack), followed by a mitigation algorithm that isolates the attacked region, so that the distributed state estimation can converge. In [32], Zang et al. propose to detect FDI attacks using deep autoencoders and generative adversarial networks to learn the unconformity between abnormal and normal measurements; they use deep autoencoders to reduce the dimensionality of the input data, which serves as the input of the generative adversarial network for anomaly detection.

This entry is adapted from the peer-reviewed paper 10.3390/en16020635

References

  1. Pham, L.N.H. Exploring Cyber-Physical Energy and Power System: Concepts, Applications, Challenges, and Simulation Approaches. Energies 2023, 16, 42.
  2. Fang, X.; Misra, S.; Xue, G.; Yang, D. Smart Grid—The New and Improved Power Grid: A Survey. IEEE Commun. Surv. Tutor. 2012, 14, 944–980.
  3. Radoglou-Grammatikis, P.I.; Sarigiannidis, P.G. Securing the Smart Grid: A Comprehensive Compilation of Intrusion Detection and Prevention Systems. IEEE Access 2019, 7, 46595–46620.
  4. Pillitteri, V.Y.; Brewer, T.L. Guidelines for Smart Grid Cybersecurity; NIST: Gaithersburg, MD, USA, 2014.
  5. Huseinović, A.; Mrdović, S.; Bicakci, K.; Uludag, S. A survey of denial-of-service attacks and solutions in the smart grid. IEEE Access 2020, 8, 177447–177470.
  6. Cheng, Z.; Yue, D.; Hu, S.; Huang, C.; Dou, C.; Chen, L. Resilient load frequency control design: DoS attacks against additional control loop. Int. J. Electr. Power Energy Syst. 2020, 115, 105496.
  7. Fekete, B.M.; Revenga, C.; Todd, M. The Global Risks Report 2018 13th Edition. Available online: http://www3.weforum.org/docs/WEF_GRR18_Report.pdf (accessed on 15 October 2022).
  8. Liu, J.; Xiao, Y.; Li, S.; Liang, W.; Chen, C.P. Cyber security and privacy issues in smart grids. IEEE Commun. Surv. Tutor. 2012, 14, 981–997.
  9. Goudarzi, A.; Ghayoor, F.; Waseem, M.; Fahad, S.; Traore, I. A Survey on IoT-Enabled Smart Grids: Emerging, Applications, Challenges, and Outlook. Energies 2022, 15, 6984.
  10. Fares, A.A.Y.R.; de Caldas Filho, F.L.; Giozza, W.F.; Canedo, E.D.; Lopes de Mendonça, F.L.; Amvame Nze, G.D. DoS Attack Prevention on IPS SDN Networks. In Proceedings of the 2019 Workshop on Communication Networks and Power Systems (WCNPS), Brasilia, Brazil, 3–4 October 2019; pp. 1–7.
  11. Raja, D.J.S.; Sriranjani, R.; Parvathy, A.; Hemavathi, N. A Review on Distributed Denial of Service Attack in Smart Grid. In Proceedings of the IEEE 2022 7th International Conference on Communication and Electronics Systems (ICCES), Coimbatore, India, 2–24 June 2022; pp. 812–819.
  12. Berthier, R.; Sanders, W.H.; Khurana, H. Intrusion Detection for Advanced Metering Infrastructures: Requirements and Architectural Directions. In Proceedings of the 2010 First IEEE International Conference on Smart Grid Communications, Gaithersburg, MD, USA, 4–6 October 2010; pp. 350–355.
  13. Cisco, I. NetFlow Configuration Guide Release 12.4; Cisco Documentation; Cisco Systems: San Jose, CA, USA, 2007.
  14. Quittek, J.; Zseby, T.; Claise, B.; Zander, S. Requirements for IP Flow Information Export (IPFIX); RFC Editor, October 2004. Available online: https://www.rfc-editor.org/info/rfc3917 (accessed on 15 October 2022).
  15. Sperotto, A.; Schaffrath, G.; Sadre, R.; Morariu, C.; Pras, A.; Stiller, B. An overview of IP flow-based intrusion detection. IEEE Commun. Surv. Tutor. 2010, 12, 343–356.
  16. Asri, S.; Pranggono, B. Impact of distributed denial-of-service attack on advanced metering infrastructure. Wirel. Pers. Commun. 2015, 83, 2211–2223.
  17. Groat, S.; Dunlop, M.; Urbanksi, W.; Marchany, R.; Tront, J. Using an IPv6 moving target defense to protect the Smart Grid. In Proceedings of the 2012 IEEE PES Innovative Smart Grid Technologies (ISGT), Washington, DC, USA, 16–20 January 2012; pp. 1–7.
  18. Choi, K.; Chen, X.; Li, S.; Kim, M.; Chae, K.; Na, J. Intrusion Detection of NSM Based DoS Attacks Using Data Mining in Smart Grid. Energies 2012, 5, 4091–4109.
  19. Jin, D.; Nicol, D.M.; Yan, G. An event buffer flooding attack in DNP3 controlled SCADA systems. In Proceedings of the 2011 Winter Simulation Conference (WSC), Phoenix, AZ, USA, 11–14 December 2011; pp. 2614–2626.
  20. Zhang, F.; Mahler, M.; Li, Q. Flooding attacks against secure time-critical communications in the power grid. In Proceedings of the 2017 IEEE International Conference on Smart Grid Communications (SmartGridComm), Dresden, Germany, 23–27 October 2017; pp. 449–454.
  21. Li, Q.; Ross, C.; Yang, J.; Di, J.; Balda, J.C.; Mantooth, H.A. The effects of flooding attacks on time-critical communications in the smart grid. In Proceedings of the 2015 IEEE Power & Energy Society Innovative Smart Grid Technologies Conference (ISGT), Washington, DC, USA, 18–20 February 2015; pp. 1–5.
  22. Pelechrinis, K.; Iliofotou, M.; Krishnamurthy, S.V. Denial of Service Attacks in Wireless Networks: The Case of Jammers. IEEE Commun. Surv. Tutor. 2011, 13, 245–257.
  23. Temple, W.G.; Chen, B.; Tippenhauer, N.O. Delay makes a difference: Smart grid resilience under remote meter disconnect attack. In Proceedings of the 2013 IEEE International Conference on Smart Grid Communications (SmartGridComm), Vancouver, BC, Canada, 21–24 October 2013; pp. 462–467.
  24. Li, H.; Lai, L.; Qiu, R.C. A denial-of-service jamming game for remote state monitoring in smart grid. In Proceedings of the 2011 45th Annual Conference on Information Sciences and Systems, Baltimore, MD, USA, 23–25 March 2011; pp. 1–6.
  25. Chatfield, B.; Haddad, R.J.; Chen, L. Low-Computational Complexity Intrusion Detection System for Jamming Attacks in Smart Grids. In Proceedings of the 2018 International Conference on Computing, Networking and Communications (ICNC), Maui, HI, USA, 5–8 March 2018; pp. 367–371.
  26. Zhang, Z.; Gong, S.; Dimitrovski, A.D.; Li, H. Time Synchronization Attack in Smart Grid: Impact and Analysis. IEEE Trans. Smart Grid 2013, 4, 87–98.
  27. Gaderer, G.; Treytl, A.; Sauter, T. Security aspects for IEEE 1588 based clock synchronization protocols. In Proceedings of the 2006 IEEE International Workshop on Factory Communication Systems, Turin, Italy, 28–30 June 2006; pp. 247–250.
  28. Moussa, B.; Debbabi, M.; Assi, C. A Detection and Mitigation Model for PTP Delay Attack in an IEC 61850 Substation. IEEE Trans. Smart Grid 2018, 9, 3954–3965.
  29. Yang, Y.; McLaughlin, K.; Sezer, S.; Littler, T.; Pranggono, B.; Brogan, P.; Wang, H. Intrusion detection system for network security in synchrophasor systems. In Proceedings of the IET International Conference on Information and Communications Technologies, Beijing, China, 27–29 April 2013.
  30. Vuković, O.; Dán, G. Security of Fully Distributed Power System State Estimation: Detection and Mitigation of Data Integrity Attacks. IEEE J. Sel. Areas Commun. 2014, 32, 1500–1508.
  31. Chen, P.Y.; Yang, S.; McCann, J.A.; Lin, J.; Yang, X. Detection of false data injection attacks in smart-grid systems. IEEE Commun. Mag. 2015, 53, 206–213.
  32. Zhang, Y.; Wang, J.; Chen, B. Detecting False Data Injection Attacks in Smart Grids: A Semi-Supervised Deep Learning Approach. IEEE Trans. Smart Grid 2021, 12, 623–634.
  33. Bogdanoski, M.; Suminoski, T.; Risteski, A. Analysis of the SYN flood DoS attack. Int. J. Comput. Netw. Inf. Secur. 2013, 5, 1–11.
  34. Gupta, N.; Jain, A.; Saini, P.; Gupta, V. DDoS attack algorithm using ICMP flood. In Proceedings of the IEEE 2016 3rd International Conference on Computing for Sustainable Global Development (INDIACom), New Delhi, India, 16–18 March 2016; pp. 4082–4084.
  35. Huseinovic, A.; Mrdovic, S.; Bicakci, K.; Uludag, S. A Taxonomy of the Emerging Denial-of-Service Attacks in the Smart Grid and Countermeasures. In Proceedings of the 2018 26th Telecommunications Forum (TELFOR), Belgrade, Serbia, 20–21 November 2018; pp. 1–4.
  36. Eidson, J.C.; Fischer, M.; White, J. IEEE-1588 Standard for a precision clock synchronization protocol for networked measurement and control systems. In Proceedings of the 34th Annual Precise Time and Time Interval Systems and Applications Meeting, Reston, VA, USA, 3–5 December 2002; pp. 243–254.
  37. Fan, Y.; Zhang, Z.; Trinkle, M.; Dimitrovski, A.D.; Song, J.B.; Li, H. A Cross-Layer Defense Mechanism Against GPS Spoofing Attacks on PMUs in Smart Grids. IEEE Trans. Smart Grid 2015, 6, 2659–2668.
  38. Baumgartner, B.; Riesch, C.; Schenk, W. The impact of gps vulnerabilities on the electric power grid. In Proceedings of the XX IMEKO TC–4 International Symposium on Research on Electrical and Electronic Measurement for the Economic Upturn, Benevento, Italy, 15–17 September 2014; pp. 183–188.
  39. Anagnostopoulos, M. Amplification DoS Attacks. In Encyclopedia of Cryptography, Security and Privacy; Jajodia, S., Samarati, P., Yung, M., Eds.; Springer: Berlin/Heidelberg, Germany, 2019; pp. 1–3.
  40. Zhang, Y.; Cheng, Y. An Amplification DDoS Attack Defence Mechanism using Reinforcement Learning. In Proceedings of the 2019 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computing, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI), Leicester, UK, 19–23 August 2019; pp. 634–639.
  41. Anagnostopoulos, M.; Kambourakis, G.; Kopanos, P.; Louloudakis, G.; Gritzalis, S. DNS amplification attack revisited. Comput. Secur. 2013, 39, 475–485.
  42. Gondim, J.J.; de Oliveira Albuquerque, R.; Orozco, A.L.S. Mirror saturation in amplified reflection Distributed Denial of Service: A case of study using SNMP, SSDP, NTP and DNS protocols. Future Gener. Comput. Syst. 2020, 108, 68–81.
  43. Liang, G.; Weller, S.R.; Zhao, J.; Luo, F.; Dong, Z.Y. The 2015 Ukraine Blackout: Implications for False Data Injection Attacks. IEEE Trans. Power Syst. 2017, 32, 3317–3318.
  44. Rahman, M.A.; Mohsenian-Rad, H. False data injection attacks with incomplete information against smart power grids. In Proceedings of the 2012 IEEE Global Communications Conference (GLOBECOM), Anaheim, CA, USA, 3–7 December 2012; pp. 3153–3158.
More
© Text is available under the terms and conditions of the Creative Commons Attribution (CC BY) license; additional terms may apply. By using this site, you agree to the Terms and Conditions and Privacy Policy.
This entry is offline, you can click here to edit this entry!
Video Production Service
Feedback