Botnets Breaking Transformers: Localization of Power Botnet Attacks Against the Distribution Grid

03/18/2022
by   Lynn Pepin, et al.
0

Traditional botnet attacks leverage large and distributed numbers of compromised internet-connected devices to target and overwhelm other devices with internet packets. With increasing consumer adoption of high-wattage internet-facing "smart devices", a new "power botnet" attack emerges, where such devices are used to target and overwhelm power grid devices with unusual load demand. We introduce a variant of this attack, the power-botnet weardown-attack, which does not intend to cause blackouts or short-term acute instability, but instead forces expensive mechanical components to activate more frequently, necessitating costly replacements / repairs. Specifically, we target the on-load tap-changer (OLTC) transformer, which uses a mechanical switch that responds to change in load demand. In our analysis and simulations, these attacks can halve the lifespan of an OLTC, or in the most extreme cases, reduce it to 2.5% of its original lifespan. Notably, these power botnets are composed of devices not connected to the internal SCADA systems used to control power grids. This represents a new internet-based cyberattack that targets the power grid from the outside. To help the power system to mitigate these types of botnet attacks, we develop attack-localization strategies. We formulate the problem as a supervised machine learning task to locate the source of power botnet attacks. Within a simulated environment, we generate the training and testing dataset to evaluate several machine learning algorithm based localization methods, including SVM, neural network and decision tree. We show that decision-tree based classification successfully identifies power botnet attacks and locates compromised devices with at least 94% improvement of accuracy over a baseline "most-frequent" classifier.

READ FULL TEXT

page 15

page 16

research
06/10/2023

Analysis of Cascading Failures Due to Dynamic Load-Altering Attacks

Large-scale load-altering attacks (LAAs) are known to severely disrupt p...
research
11/28/2019

Modelling Load-Changing Attacks in Cyber-Physical Systems

Cyber-Physical Systems (CPS) are present in many settings addressing a m...
research
02/24/2023

Edge-Based Detection and Localization of Adversarial Oscillatory Load Attacks Orchestrated By Compromised EV Charging Stations

In this paper, we investigate an edge-based approach for the detection a...
research
04/24/2022

Learning to Attack Powergrids with DERs

In the past years, power grids have become a valuable target for cyber-a...
research
05/19/2022

Defending Against Adversarial Attacks by Energy Storage Facility

Adversarial attacks on data-driven algorithms applied in pow-er system w...
research
07/17/2023

Uncovering Load-Altering Attacks Against N-1 Secure Power Grids: A Rare-Event Sampling Approach

Load-altering attacks targetting a large number of IoT-based high-wattag...
research
09/27/2019

Modeling and Detection of Future Cyber-Enabled DSM Data Attacks using Supervised Learning

Demand-Side Management (DSM) is a vital tool that can be used to ensure ...

Please sign up or login with your details

Forgot password? Click here to reset