Decoy-based Moving Target defense Against Cyber-physical Attacks On Smart Grid

The design of successful covert cyber-physical attacks against smart grids requires a good level of knowledge about the dynamics of the target power system. Consequently, in the reconnaissance phase of a cyber-physical attack on a power system, the attacker usually needs to perform an accurate identification of the dynamics of the underlying control system. To degrade the accuracy of the system identification process, artificial noise can be added to the system measurements sent from the plant to the controller. While this approach might be effective in degrading the accuracy of recovering the parameters of the underlying target system, it comes at the expense of degrading the control system performance. In this paper, and inspired by the concept of decoy flare in air defense, a moving target defense mechanism is developed by leveraging an auxiliary set of virtual state-based decoy systems. More precisely, in this approach, the plant maintains and simulates a set of several decoy system models, designed to be indistinguishable from actual system models. At each time step, the plant sends a randomly permuted version of the corresponding measurements, of both the decoys and real system, to the controller which then evaluates and sends the corresponding optimal control of each system. The plant applies the received control inputs to the corresponding decoy models and the real system, respectively. The indistinguishability of the deployed decoy models, combined with the time-varying nature of the utilized permutation and system parameters, hinders the attacker's ability to perform an accurate system identification process. The effectiveness of the proposed approach is confirmed by considering an application example of an Automatic Generation Control (AGC) system. Based on our simulation results, the proposed decoy-based approach degrades the attacker's ability to correctly identify the underlying state-space model of the considered system from the intercepted control inputs and sensor measurements. It also does not impose any penalty on the control performance of the underlying system.