Behind Closed Doors

Process-Level Rootkit Attacks in Cyber-Physical Microgrid Systems

Conference paper (2022)

Authors

Suman Rath Oklahoma State University

Ioannis Zografopoulos King Abdullah University of Science and Technology (KAUST)

P.P. Vergara Barrios Intelligent Electrical Power Grids -

Vassilis C. Nikolaidis Democritus University of Thrace

Charalambos Konstantinou King Abdullah University of Science and Technology (KAUST)

Research Group

Intelligent Electrical Power Grids () (TU Delft)

DOI: https://doi.org/10.1109/PESGM48719.2022.9916907

Virtual twin Rootkit Cyber-physical microgrid Intelligent malware Data-driven prediction

More Info

expand_more

To reference this document use:

http://resolver.tudelft.nl/uuid:78423276-36b8-4db0-9eea-5facac8851ed

Published Date

2022

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Electrical Engineering, Mathematics and Computer Science

Department

Electrical Sustainable Energy

Research Group

Intelligent Electrical Power Grids

Abstract

Embedded controllers, sensors, actuators, advanced metering infrastructure, etc. are cornerstone components of cyber-physical energy systems such as microgrids (MGs). Harnessing their monitoring and control functionalities, sophisticated schemes enhancing MG stability can be deployed. However, the deployment of ‘smart’ assets increases the threat surface. Power systems possess mechanisms capable of detecting abnormal operations. Furthermore, the lack of sophistication in attack strategies can render them detectable since they blindly violate power system semantics. On the other hand, the recent increase of process-aware rootkits that can attain persistence and compromise operations in undetectable ways requires special attention. In this work, we investigate the steps followed by stealthy rootkits at the process level of control systems pre- and post-compromise. We investigate the rootkits' precompromise stage involving the deployment to multiple system locations and aggregation of system-specific information to build a neural network-based virtual data-driven model (VDDM) of the system. Then, during the weaponization phase, we demonstrate how the VDDM measurement predictions are paramount, first to orchestrate crippling attacks from multiple system standpoints, maximizing the impact, and second, impede detection blinding system operator situational awareness.

Files

Behind_Closed_Doors_Process_Le... (.pdf)

(.pdf | 1.26 Mb)

- Embargo expired in 01-07-2023