Deep Reinforcement Learning for Penetration Testing of Cyber-Physical Attacks in the Smart Grid

The fast expansion of interconnectivity in cyberphysical critical infrastructures like smart grids has given rise to concerning exposures and vulnerabilities. Although penetration testing (PT) has been an effective approach to searching for vulnerabilities in software, devices, and networks from the attacker's view, the strong cyber-physical coupling in these large-scale infrastructures has made it challenging to manually pinpoint critical vulnerabilities, particularly at system levels due to the complexity, dimensionality, and uncertainty therein. To better protect the security of cyber-physical systems, this paper proposes a deep reinforcement learning (DRL)-based PT framework to efficiently and adaptively identify critical vulnerabilities in smart grids. Using replay attacks as an example, the paper models the attack as a Markov Decision Process with three actions - stop, record, and replay - to learn the optimal timing and ordering of replays in different operating scenarios. A cyber-physical cosimulation platform with dedicated simulators for the physical part, cyber part, control part, and attacker part of a smart distribution grid was developed as a sandbox environment to train the DRL agent. Scenarios with different levels of difficulty are tested to validate the learning capability and performance in finding critical attack paths of the DRL-based PT. The simulation results show that DRL-based PT can learn to find the optimal attack path against system stability when the grid is under high load demand, solar power generation, and weather variation. These results are promising first steps toward a highly customizable framework to pen-test complex cyber-physical systems with automatic DRL agents and various attack schemes.