RAINCOAT: Randomize Network Communication in Power Grid Cyber Infrastructure to Mislead Cyber Attackers
November 17, 2017
Abstract: In preparing attacks on power grids, attackers can use periodic data acquisitions performed by control centers. In this paper, we present Raincoat, which randomizes data acquisitions to disrupt and mislead attackers. We transform one data acquisition into multiple rounds. In each round, we dynamically manipulate network flows in the control networks so that randomly selected “online” devices respond with real measurements. Meanwhile, we intelligently spoof measurements for other “offline” devices to mislead attackers into designing ineffective strategies. Based on experiments using large-scale power systems and six real wide area networks, Raincoat is effective against false data injection and control-related attacks with small overhead. The probability of successful attacks can be reduced from 70% to 5%; attacks introduce little damage even if they are executed. When Raincoat is used, the differences of state estimation accuracy is within ±2%, and network latency of data acquisition increases on average by less than 5%.