Cyber Attacks in Cyber-Physical Microgrid Systems: A Comprehensive Review

Abstract

The importance of and need for cyber security have increased in the last decade. The critical infrastructure of the country, modeled with cyber-physical systems (CPS), is becoming vulnerable because of a lack of efficient safety measures. Attackers are becoming more innovative, and attacks are becoming undetectable, thereby causing huge risks to these systems. In this scenario, intelligent and evolving detection methods should be introduced to replace basic and outworn methods. The ability of artificial intelligence (AI) to analyze data and predict outcomes has created an opportunity for researchers to explore the power of AI in cyber security. This article discusses new-age intelligence and smart techniques such as pattern recognition models, deep neural networks, generative adversarial networks, and reinforcement learning for cyber security in CPS. The differences between the traditional security methods used in information technology and the security methods used in CPS are analyzed, and the need for a transition into intelligent methods is discussed in detail. A deep neural network-based controller that detects and mitigates cyber attacks is designed for microgrid systems. As a case study, a stealthy local covert attack that overcomes the existing microgrid protection is modeled. The ability of the DNN controller to detect and mitigate the SLCA is observed. The experiment is performed in a simulation and also in real-time to analyze the effectiveness of AI in cyber security.

1. Introduction

Microgrids, the new-age form of power grid architecture, are gaining increasing attention from researchers and industries. The possibility of integrating renewable generations, electric vehicles (EV), energy storage, and distributed energy resources into the power grid and coupling them with effective communication links presents an opportunity to improve the efficiency of the power grid [1]. Additionally, microgrids are capable of powering localized loads by operating in an isolated mode [2].

With the aim of reducing carbon emissions, renewable energy generation is encouraged in the power sector, and the transportation sector is moving towards the electrification of vehicles. To achieve sustainable development goals, by 2030, there exists a target to integrate 8000 GW of renewables (compared to the 2800 GW integrated at present). By 2025, at least 100 countries will aim to transition to 100% renewable generation. At present, Norway has achieved the most renewable power integration, with 99%; New Zealand (81%), Brazil (79%), Colombia (74%), Canada (68%), Sweden (67%), and Portugal (65.5%) follow. Saudi Arabia has achieved the least integration (0.1%).

The renewable energy share globally increased from 26.30% to 28.1% from 2020 to 2021. It has been observed that 17% of global CO₂ emissions are due to the transport sector; the global EV market has received huge support, which has led to over 16.5 million EVs on the road. By 2030, 2% of global electrical demand is expected to be due to EVs. Microgrids are the best alternative to conventional grids in terms of grid integration with RES and EVs [3]; the variety of sources and loads that can be integrated into a microgrid is shown in Figure 1.

With the variety of intermittent distributed energy resources that exists, information regarding load availability and demand on the grid should be continuously monitored and communicated to the controller for effective operation and control. The communication network is established based on the open system interconnection (OSI) model, transfer control protocol/internet protocol (TCP/IP) model, extensible authentication protocol (EAP), and microgrid communication [4,5]. Figure 2 denotes the different protocol structures. The development of Internet of Things (IoT) devices and architectures makes it viable to utilize the services of smart meters, smart health, smart transport, and smart grid [6]. IoT architecture is preferred on the demand side, whereas the EAP model is implemented on the supply side. The battlegrounds between countries have constantly been shifting. Intruding upon a country’s cyberspace and attacking the communication channels of the enemy, thereby interrupting their information transfer, is the war strategy likely to be followed in the near future. This kind of war strategy is termed cyber warfare [7], and even the strongest and most developed countries are vulnerable to it. To overcome this, countries are focusing on building cyber security and creating cyber awareness [8,9,10]. According to the crunch base cyber security report [11], over the last decade, there has been an almost 700% increase in cyber security funding. The USA holds the greatest share (76%) of global cyber security funding, and Israel and the UK stand next with 13% and 3%, respectively; all the other countries account for 8%. There are seven different types of attacks, as shown in Figure 3, through which an attacker can create havoc in a country.

Espionage is a form of gentle cyber attack, where an attacking country tries to monitor and steal sensitive information by phishing attacks or botnets [12]. Sabotage attacks or cyber sabotage deliberately destroy critical infrastructure by introducing a malfunction into the system [13]. These attacks are frequently observed in the introduction of a software update bug. Flooding the communication channel with multiple requests, causing the channel to be irresponsive to legitimate users, is defined as a denial of service attack [14]. This attack is dangerous, and causes communication delays or interruptions, thereby affecting military bodies and research bodies. Cyber attacks on power grids are the most dangerous and impactful phenomenon. They can cause interruptions in information sharing, disruption to critical services, and huge economic losses [15].

Propaganda attacks are largely used to influence the audience and their perspective by spreading false news that makes people lose faith and creates agitations in a country; these kinds of attacks look simple, but are effective [16]. Economic disruption attacks target the economic pillars of the country; these attacks try to take down financial systems such as the stock market and the banking sector by stealing money or blocking people’s access available funds [17]. Surprise attacks are performed to create a massive impact in less time, thereby weakening the country’s defense systems.

2. Real-World Cyber Attack Scenarios

The most notable and successful cyber attack was the 2010 Iran nuclear plant attack; this attack targeted the programmable logical controllers (PLCs) in a nuclear plant. The Stuxnet virus used in this attack had an impact on 200,000 computers, and caused damage to almost 1000 machines [18]. The 2012 Aramco cyber attack used the Shamoon virus; this attack was intended to destroy confidential files in Aramco workstations. Some 30,000 Saudi Aramco workstations were affected by this attack [19].

The best examples of cyber warfare are the attacks that took place in the context of the Russia–Ukraine war. These cyber attacks have made the world realize the importance of cyber security. The 2015 cyber attack on Ukraine’s power grid caused a blackout and led to a power outage affecting 2,300,000 people [20]. The attack group, known as Sandworm, used BlackEnergy 3 malware to compromise the information systems of energy distribution companies [21]. A spear-phishing [22] method was used to implement the attack. Following the 2015 attack, less than a year later, one more attack from Russia targeted Ukraine’s capital Kyiv. Industroyer malware [23] was used in this attack to adversely affect protective relays, meaning the data packets of relays were diverted to the wrong IP address. This attack caused a blackout of 1 h. Some of the most notable cyberwarfare incidents are presented in

Table 1. Real-world examples of cyber warfare.

Ref.	Cyber Attack	Target	Attack Type
[24]	Estonian cyber attacks (27 April 2007)	Estonian websites, parliament, banks, ministers	DDoS attacks through ping folds and botnets
[25,26]	Russo–Georgian War (20 July 2008)	Websites of Georgia, Russia, South Osettin and Azerbaijani	DoS
[27]	South Korea cyber attacks (2009)	Websites of major media, financial websites of South Korea and US	DDoS, activation of botnets
[28]	Attacks on the US Department of Defence (2008)	US military computers	Malware
[29]	GhostNet (March 2009)	Spying on political and economic locations of India, Indonesia, Romania and many South Asian countries	Cyber espionage, Advanced, persistent threat
[30]	Titan rain (2003)	US defense contractor computer networks	State-sponsored advance persistent threat
[31]	Shadow network	Targeting classified information of India gov ernment	Malware, cyber spying
[18]	Iran nuclear power plant attack (2010)	200,000 computers and 1000 machines are affected	Stuxnet
[19]	Aramco cyber attack (2012)	30,000 Aramco workstations are affected	Shamoon
[20,21,22]	Ukraine power grid attack (2015)	Power outage for 230,000 people	BlackEnergy 3 malware
[23]	Kyiv energy distribution network (2016)	Blackout for 1 h	Industroyer malware
[32]	US oil resource attack (2021)	Halted working of oil pipelines for 17 states in US	Darkside malware
[33]	Natanz nuclear plant attack (2021)	Destruction of centrifuges	Stuxnet

.

One of the biggest cyber attacks on oil resources took place in the US on 7 May 2021. This ransomware cyber attack halted the working of oil pipelines in nearly 17 states of the USA. Darkside malware was used in this attack [32]. A similar attack happened in Iran in 2021, where 4300 gas stations could not process payments. The 2021 Natanz cyber attack is one more example of cyber warfare; it is speculated that Israel is responsible for an attack on a nuclear power plant as a part of the Iran and Israel war [33].

These cyber attacks on cyber-physical systems are implemented by accessing information from communication links. Depending on the protocol used for communication, there are several possible different attacks, which are shown in Figure 4.

In the information security domain, data protection is evaluated using the CIA triad and the AAA triad, with C indicating the confidentiality of the data, I indicating the integrity of the data, and A indicating availability in the CIA triad. Authentication, authorization and accountability are the parameters of the AAA triad. Data security is ensured if all the parameters in the CIA triad and AAA triad are satisfied. Cyber attacks target cyber-physical systems such that they disrupt the parameters of the CIA triad.

Table 2. Cyber attacks’ impact on the CIA triad.

Cyber Attack	Confidentiality	Integrity	Availability
Data injection	×	✓	✓
Eavesdropping	×	✓	✓
Masquerading	×	✓	✓
Sniffing	×	✓	✓
Social engineering	×	✓	✓
Traffic analysis	×	✓	✓
Unauthorized access	×	✓	✓
False data injection	✓	×	✓
Load drop attacks	✓	×	✓
Replay attacks	✓	×	✓
Spoofing	✓	×	✓
Time synchronization	✓	×	✓
Worm hole	✓	×	✓
Buffer overflow	✓	✓	×
Denial of service	✓	✓	×
Low rate DoS	✓	✓	×
Smurf	✓	✓	×
Teardrop	✓	✓	×

gives information on the different cyber attacks affecting the CIA triad.

3. Cyber Attacks in Cyber-Physical Systems

There are various cyber attacks targeted towards CPS; the most prominent, frequent, and effective cyber attacks preferred by attackers are false data injection (FDI) attacks, man-in-the-middle (MITM) attacks, and denial of service (DoS) attacks.

3.1. False Data Injection Attacks

False data injection attacks are the most frequently occurring cyber attacks in DC microgrid systems. FDI attacks are targeted towards physical sensors or towards communication links [34]. Intruding into the network and hacking communication links is a more feasible method than gaining physical access to sensors. The primary aim of false data injection attacks is to modify the sensor values transmitted through the communication links [35]. FDI attacks increase the computational burden on the controllers, causing revenue losses and mismanagement of control devices, and lead to load dysfunction and power imbalance. The adversary targets the vulnerabilities in the communication links and injects false data into the existing sensor values using different injection techniques. Structured query language (SQL) injection and cross-site scripting attacks are the most common. In SQL injection attacks, the attacker tries to inject the commands that exploit the authenticity and authorization of the application [36]. The attacker can read, modify, and delete the data using this injection technique. The cross-site scripting technique inserts malicious code into the web application; this attack tries to manage the cookies, hijack the sessions and change the user settings [37]. Some other types of injection techniques are code injection, command injection and change cipher spec (CCS) injection. Figure 5 represents an FDI attack on the sensor values.

Depending upon the knowledge and accessibility of the attacker, FDI attacks are further classified into two types: internal FDI attacks, and external FDI attacks. In the scenario that the attacker possesses complete knowledge of the system and has access to the critical infrastructure, the FDI attack is considered an internal FDI attack. Internal FDI attacks are considered as most effective and dangerous attacks. As the attacker is aware of the system working, the designed FDI attacks are more constructive and stealthy, which makes them difficult to identify. External FDI attacks are performed by an external agent who has limited knowledge of the system’s workings; in this scenario, the attacker completely depends on the vulnerabilities of the communication network.

Depending on the attacker’s knowledge and motive, FDI attacks can be classified as continuous FDI attacks, interim FDI attacks, stealthy FDI attacks, constrained FDI attacks, unconstrained FDI attacks, and time-varying FDI attacks [38].

Let us consider A_i the input vector with n samples, A_i = [a₁, a₂, a₃, ……, a_n]. The attacker injects the false data F_i into the input vector. Where F_i = [f₁, f₂, f₃, ……, f_n] (1) represents the input vector after the FDI attack.

C_i = A_i + F_i

(1)

An attack is considered a continuous FDI attack when the attack continues till the end of the vector from its start. For instance, if the attack is initiated at the third sample, it propagates until the nth sample. (2) denotes the input vector after a continuous FDI attack. C_cont denotes the input vector, where C₁ = a₁ and C₂ = a₂, and other samples are the attacked samples. In a continuous FDI attack, attack_start > 1 and attack_end = n. In the interim FDI attack, the attacker ends the attack within the range of the vector. Here, attack_start > 1 and attack_end < n.

C_cont = [c₁, c₂, c₃, ……, c_n]

(2)

A stealthy FDI attack is the most deceptive attack, where the attacker hides the attack from the defense mechanism. In a stealth attack, the attacker injects false data within the stability range. An attacker who has complete knowledge of the system injects data, such that the value is within the limits of stability, as shown in (3). Another method of stealth attack consists of two parts; the first is to perform the attack on the controller outputs, and the second is to stealthily hide the attack’s impact from the controller.

A_min < C_i < A_max

(3)

Unconstrained and constrained FDI attacks are the other types of FDI attacks. In unconstrained FDI attacks, the attacker has access to all the variables in the communication links, whereas in constrained FDI attacks, the attacker gains only limited access.

3.2. Man-in-the-Middle Attack

In a man-in-the-middle attack, the attacker tries to steal information between two parties that should be secure and private. A man-in-the-middle attack has two steps. Step 1 is intruding into the communication channel or intercepting the data traffic, and step 2 is decrypting the information that is transmitted through the channel [39], as shown in Figure 6. The motivations for a MITM attack can be several, but may include stealing the authorized parties’ identity, modifying the parties’ login credentials, and taking control of financial transactions, etc.

There are certain methods through which an attacker tries to intrude into the network: IP spoofing [40], address resolution protocol (ARP) spoofing [41], and domain name server (DNS) spoofing [42]. In IP spoofing, the attacker, who stands in the middle of the communication between the authorized parties, spoofs the IP address of the sender and receiver. To the sender, the attacker appears as the receiver by spoofing the IP address of the receiver, and vice versa, making the operation look legitimate. ARP is the address resolution protocol used to map the device’s IP address into the media access control (MAC) address.

When an ARP request is sent by one device, an ARP response is obtained by the device matching the request; these responses and requests are formed as an ARP cache. When the attacker gains access to the ARP cache, the attacker tries to match his MAC address with the device’s IP address in the network. This allows the attacker to access the data transfer between the parties. DNS spoofing is a type of attack technique in which the user is directed to a fake account chosen by the attacker; this results from altered domain names in the server. When the user tries to enter confidential information, such as their login credentials, the information is stolen by the attacker.

After intruding into the network using any of the methods mentioned above, the attacker should find a way to decrypt the messages transmitted between the parties. Hypertext transfer protocol secure (HTTPS) spoofing, secure socket layer (SSL) hijacking, SSL stripping, and SSL beast are the methods often used to decrypt messages [43].

3.3. Denial of Service Attack

A denial of service (DoS) attack aims to make the service unavailable to the authorized user by flooding the server with false requests [44,45]. This attack disrupts the availability factor in the CIA triad. CIA stands for confidentiality, integrity and availability; these are the guidelines and policies followed to ensure information security. Disruption to any one of these factors indicates a cyber attack on the system. However, DoS attacks do not cause a breach of confidentiality or integrity, but cause a loss of time and computational resources. Attackers often use DoS attacks to halt the system’s performance and cause financial losses. Sometimes this attack is also carried out to expose the vulnerability of the system. A DoS attack in which an attacker gains access to multiple devices and floods the server with requests is pictorially represented in Figure 7.

DoS attacks are distinguished based on the point of attack in the communication system. If the attack targets a specific application, it is defined as an application layer attack. In this kind of attack, the application is flooded with multiple HTTP requests; this attack is measured in requests per second (RPS). If a DoS attack is performed by exploiting the vulnerabilities in communication protocols, it is defined as a network layer attack; this attack disrupts the entire network and is measured in bits per second (BPS). Finally, the most common form of DoS attack is the volumetric attack, which targets the bandwidth of the communication channel. The bandwidth of the communication channel is flooded, creating congestion in network traffic; this attack is measured in BPS. Different techniques for implementing DoS attacks are SYN scan, smurf attack, teardrop attack, ARP attack, and fraggle attack. Another variant of the DoS attack is the distributed denial of service (DDoS) attack [46]. In this attack, a group of devices are used to attack the network; in the DoS attack, the attacker uses a single device.

In CPS, there are two different ways the attacker can destabilize the system using DoS attacks. One is by completely blocking the channel bandwidth by flooding it with false information; another is by introducing a buffer in the communication flow. For a brief amount of time, the communication between the two nodes is halted by the attacker, thereby introducing some delay in the information flow. This delay in the information flow disrupts the control operation of the microgrid and creates instability. The introduction of a buffer is even more dangerous, as it cannot be identified easily. There are different methods proposed in the literature to overcome DoS attacks on CPS. The packet marking scheme is used in [47], wherein the packets are traced back using probabilistic packet marking to identify the packet source address. In [48], a policy reinforcement learning method is used; this includes event-triggering control, robust control theory, and game theory approaches. Within this approach, a relationship between the cyber system and the physical system is established in order to detect DoS attacks.

4. Defense Mechanisms

In the process of achieving data security, information security and protection of the critical assets of the infrastructure, two types of security mechanisms are implemented: network-level security and device-level security. Information transfer in cyber-physical systems often occurs between the sensors and controllers. Multiple defense mechanisms are implemented at the networking level to defend against cyber attacks. If the defense mechanisms are implemented in the controller and control algorithm to analyze the incoming data, both for detection and to mitigate the effects of the attack on the system, the scenario is considered a device-level cyber attack.

4.1. Network-Level Cyber Security

Networking infrastructure is equipped with basic-level securities such as user authentications, firewall [49], anti-virus, data encryption, and cryptography. User authentication comes under application-level security; here, the client is asked to enter confidential credentials to access information [50]. Anti-virus software is an external software installed into the client system to monitor the incoming data packets through the network [51]. This comes under perimeter security.

Cryptography is one of the oldest yet most effective techniques used in network security; it is considered the data security method. Cryptography hides the actual data from intermediate intrusions by changing the plain text into cipher text; this process is known as encryption. Based on the level of confidentiality required, cryptography is implemented in two ways: symmetric key cryptography and asymmetric key cryptography. Symmetric key cryptography has a lower security level than asymmetric key cryptography. Data transmitted by the sender are encrypted with a key before transmission [52]. If the key is the same for both sender and receiver, it is known as symmetric key cryptography; however, there is a possibility of a breach in confidentiality as the key is public. In asymmetric key cryptography, the decryption key at the receiver end is different from that at the sender end; the message can only be decrypted through the private key of the receiver [53]. Within this cryptography method, the transmission is secured with a key, and the data are secured with encryption. Still, there is a chance of cyber attacks if the attacker gains access to the key or the attacker decodes the decryption algorithm.

Firewall security is an age-old technique invented in 1989 and used to protect networks from malicious data and cyber attacks. Depending upon the perimeter that needs to be secured, the firewall is placed on the perimeter’s border to continuously monitor the incoming and outgoing data packets. A firewall can be used for perimeter security; this is referred to as the “perimeter firewall”. Firewalls can also be used in network security, termed the “enclave firewall”, and can be used as end point security, termed the “desktop firewall”. Depending on their role, firewalls are classified either as a packet-filtering firewall, proxy service firewall, stateful inspection firewall, next-generation firewall or a unified threat management firewall [54]. Packet-filtering firewalls filter the incoming data based on the source address, destination address and the other fields present in the data packet [55]. Proxy service firewalls are used in the application layer to filter the malicious data entering into the system. Stateful inspection firewalls monitor the network traffic based on the protocol, port and state of the network traffic. Next-generation firewalls perform deep packet inspection that includes intrusion prevention and application-level inspection.

Intrusion detection systems (IDS) and intrusion prevention systems are specifically designed to detect and mitigate cyber attacks caused by unauthorized intrusions into the network. IDS are placed after the firewall and monitor for any malicious activities present in the network traffic; they alert the network administrator if any threat is detected [56,57]. An IDS is classified as a network intrusion detection system (NIDS) or a host intrusion detection system (HIDS). An NIDS is a software-defined system that monitors, captures and analyses network traffic. It detects malicious data packets by comparing them with already-known attack patterns. However, the operation of an NIDS is very difficult in busy and complex networks. An HIDS is a host-based system installed on individual devices; it monitors the information received on the particular device and generates alerts for any malicious packets found. Depending on the operation, an IDS is classified as a signature-based IDS [58] or an anomaly-based IDS [59].

A signature-based IDS works on detecting the patterns in the data packets. The signature-based IDS searches the database for attack patterns; if there is any similarity with the attack patterns, it sends an alert. The drawback of this system is it only detects known attack patterns, and there is a possibility of false negatives for new and unknown attacks. An anomaly-based IDS monitors the deviation from the normal, and a confidence interval creates a boundary that it marks as an anomaly. The disadvantage of this method is the high possibility of false positives for policy changes and new authentic intrusions. A hybrid IDS is introduced to overcome the disadvantages of the signature and anomaly-based IDS; it uses both techniques. Signature-based IDS detect known attacks, and anomaly-based IDS detect unknown attacks. The intrusion prevention system (IPS) is an extension of IDS which not only detects intrusions, but is also capable of blocking malicious data from entering the network [60].

Still, these security systems are not strong enough to address the present, innovative cyber attacks that are rapidly evolving. CPS systems are complex, and network-level defense mechanisms must be continuously modified to secure communication links; this is not feasible. Additionally, adversaries are implementing attacks that can go undetected. Therefore, in addition to network-level security, device-level security should be implemented.

4.2. Device-Level Cyber Security

Device-level security analyzes a system’s parameters, and its ability to detect and mitigate cyber attacks. In [61], the authors propose an adversarial perturbation method that protects the system from model-stealing attacks. The adversary tries to steal the model structure and rebuild the structure, using reverse engineering to perform stealth attacks. A dynamic event-triggered protocol is designed with a model predictive control approach in [62] to mitigate deception attacks and packet dropouts. In [63], the authors propose a blockchain method of protection to protect the data in an unmanned aerial vehicle. Ref. [64] proposes a heterogenous improved risk analysis model to detect the risk of intrusions in large engineering projects. Within this method, large projects are divided into stakeholder networks and project schedule networks, and then the relationship between these network layers is assessed in order to carry out the risk assessment. A distributed state-estimated algorithm is proposed in [65], where the bad data or fault data are detected by performing a weighted least-square method on every estimated sample. In [66], a signal temporal logic method is designed to detect the FDI attacks and also to quantify them; the threshold value is determined such that the parameter’s value is always higher than the threshold in normal operating conditions, and above this value it is deemed a faulty scenario. Software-defined networking (SDN) is proposed in [67]; a separate networking model is designed based on the system performance. The incoming threats to the system are detected using this method. Additionally, SDN is used to design a routing algorithm for video conferences [68]. In [69], a multiagent system is proposed to detect the malicious data present in the system due to a load curtailment FDI attack. Batteries are used to temporarily compensate the curtailed loads due to attacks. Refs. [70,71] discuss an innovative game theory approach to detecting and analyzing cyber attacks. A distributed control approach is demonstrated in [72], which analyzes the effect of a DoS attack in the system. Wireless underground sensors, used in the areas such as mining and other underground applications, are highly prone to cyber attacks and reliability issues. Magnetic induction-based wireless underground sensors are proposed in [73] to increase the reliability of the sensors. Although multiple device-level cyber attack detection mechanisms are proposed in the literature, all of them are model-dependent and highly sensitive toward parametric changes. When there is an increase in system complexity, a change in system architecture, and during transient conditions, the performance of the model-dependent detection mechanisms reduces. Artificial intelligence methods are proposed to avoid model dependency and increase the system’s performance. AI algorithms for cyber security and their applications are discussed in the following sections.

4.3. Cyber Security for CPS

Traditional IT security often focuses on network-level cyber attacks. There are a few security measures that are designed to detect and mitigate the basic security threats caused by network breaching. However, the advent of cyber-physical systems has led to the amalgamation of cyber systems and physical systems, giving rise to an entirely new problem statement. This advent of CPS led to the design of industrial network infrastructures, such as generic object-oriented system-wide events (GOOSE), international electrotechnical commission IEC61850, and distributed network protocol DNP3. Additionally, there the possibility of cyber attacks occurring at the device level; these are carried out by manipulating the information received by the controller or the information sent by sensors. The defense mechanisms developed in the information technology (IT) system are implemented at the network level by analyzing only the network parameters. Additionally, adversaries are smart enough to bypass the existing security measures with innovative attack methods. Therefore, CPS security is designed by analyzing the physical parameters using intelligent attack detection and mitigation methods. The security mechanism developed for the CPS is embedded inside the plant controller, making it difficult to breach and manipulate. As there are various applications in CPS, the common security approach for all the systems will not ensure reliability. CPS security is flexible depending on the system’s operation and control, making it more reliable and robust.

5. Artificial Intelligence in Cyber-Physical Systems

Artificial intelligence models’ classification and predictive capability have produced diversified applications among cyber-physical systems. The evolution of AI has made it possible to estimate the remaining useful life (RUL) of the CPS, which makes it very important for the maintenance of the plant. [74] uses recurrent neural networks for predicting the RUL of the aero engine. AI is also used in study of earth and environmental sciences; [75] uses deep learning (DL)-based methods to identify subsurface sedimentary structures. AI is also used for designing automatic ground-penetrating radar, which detects the presence of underground pipelines; deep learning models are used in this article [76]. Image processing and image colorization is one of the applications of AI that is popularly used. [77] proposes the cycleGAN method to regenerate color image replicas of actual images. Traffic flow prediction is performed in [78], using spatial-temporal recurrent neural networks based on human mobility.

5.1. Artificial Intelligence for Cyber Security

With the introduction of CPS and smart systems, the attack surface is rapidly growing, making it very difficult for traditional methods to provide reliable security. Additionally, adversaries are opting for innovative methods to outfox security mechanisms. Therefore, there is a need to adopt intelligent and advanced mechanisms to provide efficient cyber security for systems. Artificial intelligence’s ability to analyze billions of data (and identify patterns in the data) and its precise predictive ability makes it very effective in cyber security applications [79]. AI methods provide many advantages compared to traditional methods. With the rapid increase in the variety of cyber threats, traditional software-based systems have failed to identify these threats and upgrade accordingly, whereas AI’s ability to learn from past experiences helps it to adapt to the new incoming threats. By using sophisticated techniques, AI can detect attack patterns in incoming data and anomalies in the data, and predict incoming threats. Other advantages that AI possesses compared to existing techniques are battling botnets, better endpoint protection, and breaching risk prediction.

When using AI for cyber security or any other application, the dataset plays a major role. The preparation of the dataset lays the foundation for the efficient performance of the AI system, as the AI model is trained on the dataset provided. Generally, for traditional systems, a historical dataset is considered, which includes all the malware data, attack patterns, and event occurrences. However, historical data are difficult to acquire, expensive, and can also be misleading in some cases. Therefore, CPS and particularly microgrid systems follow synthetic dataset creation methods. A synthetic dataset is created using simulation and using mathematical models; the advantages of synthetic dataset creation are that the data are easy to obtain, there is flexibility in the scaling of datasets, and edge cases can be created to train the model for outlier identification. Mathematical models are used for dataset creation for simple systems, and systems with more complexity use simulation for data creation.

Initially, basic machine learning algorithms, also called shallow models, are used for cyber security; later, deep learning techniques that are capable of dealing with complex networks are introduced, and further reinforcement learning methods, which are futuristic and claim to be self-learning methods, are proposed. Figure 8 presents the classification of various ML models used for cyber security.

Machine learning models, referred to as shallow models, are further classified into supervised learning and unsupervised learning, based on their learning procedure. In unsupervised learning, the classified outputs are formed into clusters; these algorithms mostly depend on the internal pattern of the data. The k-means algorithm detects malicious entries into the network [80]; the k-means algorithm groups the unlabeled data into clusters. The value of K indicates the no. of clusters. This technique divides the data into different groups, which gives insights into data analysis on unknown and known attack patterns. Sequential pattern mining [81], a subset of data mining, is another data analysis method which unearths knowledge of the attack patterns; this method will send an alert if any malicious activity or abnormal activity is registered. Another data mining method used to detect web intrusion is the a priori algorithm [82]; the a priori method, which runs on the specific rule set, will keep track of frequently occurring data patterns and indicate if any new pattern is detected.

Supervised learning methods are already specified with class labels in order to verify model classification or predictions. The k-nearest neighbor (KNN) method is used to classify incoming entries as normal or malicious entries [83]. Naïve Bayes is a statistical method that uses a probabilistic method based on Bayesian theory; the probability of a field prone to attack can thus be calculated [84]. Support vector machine (SVM) is a classification method that separates the intrusions and normal entries from the dataset. SVM uses a kernel that facilitates the classification of even complex and nonlinear data; SVMs can transform the data into the next dimension if the decision boundary cannot be determined in this dimension [85]. Decision trees and random forests are tree-based classifiers [86]. Based on the training data, a tree-like structure is created in a decision tree; predictions can be made based on the tree’s structure, and any unknown entities can be sorted out [87,88]. The random forest also follows a similar method, but instead of a single tree, a large group of trees are created, and the final structure of the tree for classification is decided using a voting process [89,90,91].

Deep learning (DL) models are designed to handle complex and non-linear systems; DL models are considered superior to ML models in terms of system-handling capability. The architecture of DL models also differs from that of ML models; there is no fixed algorithm for this model [92]. The DL model consists of neurons placed in different layers; the working of neurons in the DL model is inspired by the working of the human brain, and the neurons of each layer are interconnected. Information is transmitted from the input layer to the output through multiple hidden layers. The DL model consists of two stages: the training stage and the testing stage. The training stage consists of modifying weights for each connection during multiple iterations, making the DL model learn the patterns of the data feeding into the network.

Later, the efficiency of the trained model is tested on the testing data. Deep neural networks (DNN) have the structure discussed above, with multiple hidden layers; an increase in the depth of the network gives the model the ability to classify the nonlinear data [93,94]. Convolution neural networks (CNN) are widely used for image classification; the data to be classified is converted into image format, and the malicious data is identified [95,96]. Recurrent neural networks (RNN) are used for time series data; this network model predicts the occurrence of the next data sample based on the previous output and the present inputs [97]. However, this model suffers from memory issues; often, the outliers and extreme cases are considered attack vectors.

To overcome this, models such as long short-term memory (LSTM) and gated recurrent unit (GRU) are introduced; these contain the memory element, and their network architecture also differs from that of the classical RNN [98]. Generative adversarial networks (GaN) and autoencoders are unsupervised techniques in deep learning, where the outputs are not specified. The GaN model consists of two networks, namely the generator and discriminator. The generator takes the input data sample and generates a sample of data; the generated sample is compared with the training data or real sample using a discriminator. The discriminator, after comparison, decides whether the incoming data sample is real or fake [99,100]. An autoencoder is a neural network architecture, and this technique is often used for video and image classification [101]. The input data are compressed to the lower dimension, which is referred to as latent space; the latent space consists of data containing the most prominent features. From the latent space, the autoencoder tries to recreate the input data at the output; normal and fake data are classified by comparing the autoencoder output. During the training phase, autoencoders are trained to recreate the input near the output; a higher variation in the output and input indicates the attacked data.

Reinforcement learning is the advanced and futuristic architecture proposed to practice self-learning [102]. RL, also known as reward-based learning, works on the reward obtained by the action it performed in the previous iteration. The agent is present in a customized environment with predefined rules, goals and reward criteria. The model reaching the goal with high reward points is considered the optimized model; the RL model continuously updates its decision-making or policy based on the rewards.

5.2. Cyber Security Databases

There are some repositories specifically dedicated to the collection of data to perform security analysis. Readily available datasets on multiple domains provide researchers with a great platform to implement the designed mitigation mechanisms. IMPACT is a repository that produces the network operations data of cyber defense technology [103]. KYOTO is a traffic-related dataset generated by Kyoto University [104]. KDD’99CUP is the most popular dataset, which contains 41 features; this dataset contains the threat combinations of DoS, remote-to-local, user-to-remote, and probing [105]. The KDD’99CUP dataset has a class imbalance issue and more redundant samples; these issues are resolved in the NSL–KDD dataset [106]. The DARPA dataset is prepared in MIT Lincoln laboratory with authenticated IDS. LLDOS 1.0 and LLDOS 2.0.2 attacks are considered [107]. UNSW–NB15 is a large dataset that includes nine threat types; this dataset was collected from a cyber security lab at the University of New South Wales [108]. This data set is often used in anomaly detection. To validate the threat of insider attacks, the CERT dataset was designed, and detection algorithms track the user behavior [109]. The Bot–IoT dataset is used to evaluate the reliability issues of IoT data; it is a collection of simulated and authentic IoT data that includes various attack scenarios [110]. MAWI is a Japanese-designed dataset used to identify DDoS threats; this dataset is regulated by Japanese educational and research institutions [111]. The EnronSpam dataset is a collection of ham and spam emails; it is used to identify phishing and spear-phishing attacks [112]. Malware is a combination of multiple malicious files created from different projects; this dataset is used for malware analysis and malware detection [113]. DREBIN is a dataset created by the Drebin project to further research on Android malware; this dataset contains 179 malware categories [114]. The CAIDA dataset was prepared to study DDoS and DoS attacks; machine learning models can be assessed for their performance in DDoS detection using the CAIDA’07 and CAIDA’08 datasets [115]. Further, there are many more created datasets that aid the detection of cyber attacks; detection of these attacks becomes much easier when using data-driven methods. Some existing works related to cyber attack detection using AI techniques are given below.

Popular real-time datasets such as KDD99 and DARPA are considered to evaluate the deep learning and machine learning algorithms’ performance. Initially, machine learning algorithms were implemented on the KDD99 dataset, and the performances obtained are as follows. Naïve Bayes had a 97% accuracy [116], SVM a 93% accuracy [117], decision tree a 94.3% accuracy [118], random forest a 98.9% accuracy, [119] and deep belief networks a 96.5% accuracy [120]. Further, the same KDD99 dataset was classified using deep learning models, and performances were as follows: GRU with 99.42% [121], and CNN-LSTM with 99.7% [122,123,124]. A c-supported SVM technique was designed in [125] to improve industrial and operational safety. The KDD CUP 99 dataset was used for the simulation and for training the algorithm in the virtual reality environment, achieving an 86.7% accuracy and a 2.3% false positive rate. In [126], lightweight neural networks were developed for fault detection in hybrid smart grids; this method reduces the computational burden and increases the system’s throughput.

Table 3. Cyber attack detection using AI algorithms.

Ref.	Algorithm	Objective	Accuracy
[127]	Deep Neural Network	Anomaly detection for DoS attacks, deception attacks and injection attacks	Dos attack: 98%, Deception attack: 91.76%, Injection attack: 96.75%
[128]	Artificial Neural Network	Cyber attack detection from NSL-KDD dataset and UNSW- NB15	NSL-KDD: 91%, UNSW-NB15: 96%
[129]	LSTM and GRU	Sensor attack detection using deep neural net work	LSTM: 97.3%, GRU: 97.1%
[130]	Artificial Neural Network	Intrusion detection	MLP: 90.18%, Linear regression: 89.5%
[131]	Deep Neural Network	Detection of FDI attack	90%
[132]	Random forest	Network traffic threat classification using KDD99 dataset	99%
[133]	Gated recurrent unit	Network traffic threat classification using KDD99 dataset	98.6%
[134]	Deep Belief Network	Anomaly detection using KYOTO dataset	98%
[135]	Support Vector Machines	Detection of distributed denial of service attack using DARPA dataset	95.1%
[136]	XGBOOST	Classification of spam emails using ENRON spam	98.6%
[137]	Decision tree	Botnet traffic identification using TCP dataset from Dartmouth University	97%
[138]	DBSCAN	Identify the outliers from KDD-99 dataset and separation of high density clusters from normal clusters	98%
[139]	Sequential Pattern Mining	Identification of attack patterns from DARPA dataset	93%
[140]	Deep belief networks	Malware detection	96%

shows the details of AI algorithms used for cyber security, and their detection accuracy.

5.3. Challenges for AI in Cyber Security

One of the major limitations of the use of AI in cyber security is the availability of datasets. Datasets play a major role in AI model training and its workings. Normally, historical datasets are used to train an AI model; these datasets contain all the malware details, attack patterns, and attack events. Using the signatures of the events in the dataset, AI will be able to detect cyber attacks. However, this historical dataset will not contain the new attack patterns and will not be readily available; in some cases, these data can be misleading, as the attacker is aware of the historical datasets. To avoid this, synthetic dataset creation is adapted; the advantages of this method are mentioned above. The disadvantage of this method is the complexity of creating the dataset; complex and nonlinear systems are difficult to simulate and model mathematically. Therefore, dataset preparation is considered the preliminary hurdle for AI in cyber security, and should be addressed before implementation. AI is considered an intelligent and adaptive system; therefore, cyber security experts prefer its design of security measures. However, the hard fact is that the adversaries also may be using AI to overcome security mechanisms. Therefore, security experts should be aware of both the advantages as well as the threats posed by AI in the field of cyber security.

6. Role of AI in Microgrid Control and Safety

Microgrid systems, considered the application of cyber-physical systems, are more complex and critical in their operation compared to the classical CPS. The characteristics of microgrids include energy management, demand-side management, generation, load scheduling, and interoperability. To achieve these characteristics, industrial IoT is implemented, and network frameworks such as GOOSE, DNP3, and IEC 61850 are used. The applications of artificial intelligence in DC microgrid systems are shown in Figure 9. The energy management system is important in DC microgrid systems’ control and operation. Due to the presence of multiple distributed generations and a variety of loads on the microgrid system, energy management becomes crucial to attaining optimized power consumption. As the level of importance is high for EMS, it becomes the target of adversaries, who attempt to disrupt its operation. EMS basically collects the data from the variable sensors and gives them to various meta-heuristic methods, math heuristic methods, and state estimation for optimization. State estimation is considered one of the most effective energy management strategies of microgrid systems. The estimated state variables are used to monitor and control various aspects of the microgrid, such as load forecasting, stability analysis, contingency analysis, bad data detection, and optimal power dispatch [141,142]. Voltage control is one of the objectives of the microgrid system; in microgrids, voltage control is performed through the distribution generators controlled by power electronic devices. In such cases, the attackers try to breach the control layers and modify the sensor variables, causing a change in the reference voltage levels of the microgrid [143,144]. Additionally, the cyber attacks target the microgrid frequency control [145,146] and the protection systems [147]. Several attack mitigation strategies for cyber attacks on microgrid energy systems are proposed in the literature, based on the analysis of measured data. Detection schemes are classified into static and dynamic detection. Detection mechanisms used for attack detection in the steady state are known as static detection methods; meanwhile, dynamic detection schemes utilize systems dynamics for attack detection. The Bayesian detection method [148], discrete wavelet transform method with DNN [149], Kulback–Leibler distance method [150], and transmission line variations techniques [151] are used to detect FDIA within state estimation methods. Detection of cyber attacks on the load frequency control of power systems is discussed in [152,153], in which dynamic detection methods are used. An image-processing method based on parameter variations is used for FDIA detection in [154].

Traditionally implemented model-based methods require complete domain expertise to design energy management systems (EMS). Moreover, the unpredictability and uncertainty in the microgrid often leads to the redesigning of EMS, leading to high design costs and maintenance costs. To overcome this, a model-free-based methodology is proposed, using AI to design EMS. In [155,156] GAN is used to model the uncertainties in the output power of RES in a DC microgrid, and to achieve optimal energy management. Load and source forecasting has become the most important part of DC microgrid control. Due to the integration of various RES in DC microgrid systems and dynamic loading scenarios, source forecasting and load forecasting is performed. Based on the time window of forecasting, it is differentiated into short-term, mid-term, and long-term forecasting methods. [157,158] explain the load forecasting and source forecasting methods; SVM, ANN, and self-organizing maps are also discussed. Fault detection in microgrids differs from distributed systems because of RES. In [159], fault detection is performed using machine learning techniques such as SVM, Naïve Bayes, KNN and decision trees. Demand-side management is one of the characteristics of a smart grid. Demand-side management (DSM) is implemented mainly in areas wherein there is a time-based pricing mechanism; depending on the time of the day, the tariff is varied by the utility. In such scenarios, to achieve cost optimization, the DSM mechanism is used, which schedules the operation of loads in order to reduce the overall cost of the end user. Ref. [160] demonstrates the DSM using ANN in smart grid environments.

Figure 10 shows the control architecture of the distributed control DC microgrid [161,162]. This architecture consists of four nodes, which communicate with neighboring nodes. There are two control layers: the primary control layer and the secondary control layer. The sensor value information from the neighboring converters is transferred to the particular converter through the secondary control layer. The received information is processed and passed through the control algorithm, and the control outputs are sent to the plant; the control outputs are sent to the plant through the primary layer communication. Given the presence of multiple source and loads in the microgrid systems, the control and optimization plays a crucial role. Different control and optimization techniques of microgrids are proposed in the literature. In [163], the optimization and analysis of microgrid operation are performed using distributed algorithms; the initialization-free algorithm focuses on generation cost optimization in economic dispatch problems. To develop a safe consensus algorithm for the distributed control of microgrids, a differential privacy-based consensus algorithm is designed in [164]. This study shows that the privacy policy directly correlates to the number of neighbors; thus, each node decides its privacy level.

The present literature consists of different model-dependent control and optimization mechanisms. The inclusion of AI in microgrid control can improve the system’s efficiency. The estimating ability and adaptive capability of the AI and DL methods should be utilized as much as possible.

Microgrid Cyber Security Using AI

Cyber attacks in microgrid systems not only cause issues with data integrity and confidentiality, but cause huge economic losses. Communication of sensor and operational data between each node is essential to attain the efficient operation of microgrid systems. Therefore, monitoring and analyzing the data continuously plays a major role in attaining data integrity. This becomes challenging when the attack is made at the device level rather than the network level. In this scenario, the basic network-level security used in the classical CPS fails to identify the attacks. Therefore, there is a need to develop a cyber security algorithm that is capable of detecting and mitigating device-level and network-level cyber attacks.

The secondary and primary layers, which carry critical sensor information, are prone to cyber attacks. The attack on the communication layers leads to the disruption in the control technique, and causes the maloperation of the DC microgrid. As discussed in the above sections, AI can detect and mitigate cyber attacks. In [165] an ANN-based FDI attack mitigation mechanism is proposed; an FDI attack is performed on the bus voltage sensors. Reference value estimation is performed using ANN, and compared with the bus voltage. The error from the comparison results in a correction factor when passed through a proportional-integral (PI) controller. This correction factor is added to the bus voltage value before passing to the secondary control to nullify the attack. In [166], model predictive control (MPC) along with an artificial neural network (ANN) was used to generate the attack mitigation factor when there is an FDI attack on the bus voltage sensor. An ANN with a PI controller is used in [167] to detect and mitigate the FDI attack on the voltage sensors. A non-linear autoregressive network with an exogenous inputs (NARX) network is used in [168] to train the actual data and the attack data of the voltage sensors; when there is a difference between the NARX model output and the actual output, an FDI attack is detected.

In all the above articles studied, the attacker created a virtual attack layer just before the secondary layer. This attack layer manipulates the sensor values by injecting false data. Therefore, mitigation is also proposed before the secondary layer. In the whole process, the actual control algorithm is not disturbed. However, the proposed control algorithms, along with the mitigation mechanism, combine model-dependent and model-free parameters. Model-dependent parameters such as PI controllers should be integrated with model-free techniques such as the ANN model. This combination often results in high design complexity and increased computational burden. Additionally, the reduction in the efficiency of the PI controllers during parametric change affects the operation of the detection and mitigation mechanism. Therefore, a unified AI-based mechanism is needed to achieve microgrid control and mitigate cyber attacks.

The following section presents the design of a unified controller based on DL models to detect and mitigate stealth FDI attacks on DC microgrids. A stealth FDI attack is made on the DC-DC converter in one of the nodes of the DC microgrid. Manipulating the operation of DC-DC converter destabilizes the DC microgrid system.

7. Case Study of Stealth FDI Attack on DC-DC Converter

From the looming threat of cyber attacks, researchers and engineers have built efficient detection and mitigation strategies to protect the CPS from attackers [169]. However, the covert attack strategy implemented by attackers makes it difficult to find the presence of the attack in the system. The adversary tries to mimic the system’s behavior and tries to prevent the effect of the attack from reaching the controller; this causes the controller to assume normal operation. These attack types demand the adversary to know the system’s working, making it even more difficult to detect and mitigate. This article proposes a strategy to detect and mitigate covert attacks on DC-DC converters, the major component in CPS, such as microgrids and smart grids.

Covert attacks, or stealth attacks, are studied in the literature based on the type of attack and their criticality. In [170], the authors discussed stealth attacks and their effects on critical infrastructure; a taxonomy is proposed to discuss the risk posed by stealth attacks for each stage of the system. Stealthy covert attacks in cyber-physical systems are discussed in [171]; the study discusses modeling different types of stealth attacks from an adversary’s perspective. The decoupling and zero dynamics methods are discussed, which make attacks completely stealthy. In [172], a steal attack methodology for a smart grid is proposed, in which the attack detection probability is reduced by minimizing the Kulback–Leibler (KL) divergence. The KL divergence term is reduced by obtaining a proper tradeoff between the loss of mutual information and the reduction in attack detection. An attack index is introduced in [173] to detect a stealth attack on current sensor information in a distributed controlled DC microgrid. In [174], a man-in-the-middle stealth attack is performed on battery energy storage systems with the help of an artificial neural network. Two ANNs are used: one to estimate the power of BESS, and the other to estimate the state of charge of the BESS for the adversary. The above-discussed literature discusses the effective implementation of stealth attacks with various techniques, and proposes some detection mechanisms. This article performs a false data injection-based stealth attack on the artificial intelligence-controlled DC-DC converter.

7.1. Proposed Methodology

The criticality and the level of stealthiness of the covert attacks depend on the knowledge of the adversary. If the adversary has complete knowledge and access to the system, the attack is very dangerous; however, this is usually not the case. An adversary will have limited knowledge of the system, and will usually try to attack the nodes that are more vulnerable and critical to the system (but not every node). This type of attack is referred to in the literature as a local covert attack. The impact of a local covert attack depends on the amount of stealthiness in the attack. The proposed DC-DC converter contains an input voltage sensor (V_in), an output voltage sensor (V_o), an input current sensor (I_in) and the output current sensor (I_o). These sensor values are fed to the controller through the communication channel. An adversary located in the communication layer tries to gain access to the output variables. As shown in Figure 11, the controller receives the plant input variables (V_in, I_in) and plant output variables (V_o, I_o). Voltage controller and current controller are the deep neural networks with circles in the figure indicating neurons in each layer.

7.1.1. Modelling of Stealth Local Covert FDI Attack (SLCA-FDIA)

In general, a microgrid protection system consists of the security measures which are embedded in a controller that tracks the system parameters that reach the controller as feedback variables. The traditional security measures might be equipped to deal with the FDI attacks that destabilize the system. However, the adversary aims to carry out a stealthy local covert attack on the converter by hiding the impact of the attack on to the controller. In this case, the device-level security fails to identify the presence of an attack.

In this case, the attack is performed beyond the controller. If no stealthification happens, the impact of the stealth attack reaches the controller, and the controller detects and mitigates the attack. However, the adversary hides the attack by removing the impact of the FDI attack on the feedback variables received by the controller. Therefore, during a stealth attack, the microgrid protection system assumes it to be the normal operating condition, thereby failing to identify the presence of an attack. Therefore, a special deep learning-designed controller with a decision block is implemented to detect and mitigate the SLCA-FDIA.

The adversary tends to inject FDI attacks on the plant output sensors and finely tune their action, so detecting the attack is difficult for the protection devices. A stealth local covert attack is modeled such that the adversary has partial writing access to the output variables, and partial writing access to the control inputs. The adversary designs a plant model B_a(s) that is similar to the actual plant model B(s). The modified output vector and the control input vector after the SLCA are shown in (4) and (5).

$$y^{*}=\left[\begin{array}{c}{V}_O\left(t\right)\\ I_o\left(t\right)\end{array}\right]\to \left[\begin{array}{c}{V}_o\left(t\right)-V_a\left(t\right)\\ I_o\left(t\right)\end{array}\right]$$

(4)

$$D^{*}=\left[\begin{array}{c}{D}_1\\ D_2\end{array}\right]\to \left[\begin{array}{c}{D}_1+a\\ D_2\end{array}\right]$$

(5)

If there is no SLCA on the converter, i.e., D_a = 0 the output vector is given as (6)

$$y^{*}\left(t\right)=\left[\begin{array}{cc}{B}_{11}& B_{12}\\ B_{21}& B_{22}\end{array}\right]\left[\begin{array}{c}{D}_1\\ D_2\end{array}\right]$$

(6)

B₁₁, B₁₂, B₂₁ and B₂₂ are the plant transfer function matrices If there is an SLCA on the converter, i.e., D_a ≠ 0, the output vector is given as (7) and (8).

$$y_s^{*}\left(t\right)=\left[\begin{array}{cc}{B}_{11}& B_{12}\\ B_{21}& B_{22}\end{array}\right]\left[\begin{array}{c}{D}_1+D_a\\ D_2\end{array}\right]-\left[\begin{array}{c}{V}_a\left(t\right)\\ 0\end{array}\right]$$

(7)

$$y_s^{*}\left(t\right)=\left[\begin{array}{c}{y}^{*}\left(t\right)+B_{11}{D}_a-V_a\left(t\right)\\ y^{*}\left(t\right)+B_{21}{D}_a\end{array}\right]$$

(8)

For an attack to be completely stealthy,

B₂₁D_a = 0
and B₁₁D_a = V_a(t)

(9)

(9) indicates that the adversary plant design should be such that the attack should not propagate to the controller.

7.1.2. Deep Learning Controller Design

An artificial neural network-based controller using deep learning is designed to control the DC-DC converter and detect and mitigate the SLCA. The proposed SLCA mitigation controller consists of two controllers: a voltage controller and a current controller. The voltage controller is the deep learning controller which takes V_in, V_o and V_ref as inputs, giving the output as duty D₁. Similarly, the current controller also consists of a deep learning controller with I_in and I_o as inputs, giving the output as duty D₂.

A stepwise detailed explanation of the deep learning workflow is given below.

• A set of training examples d_t is collected.
• The deep learning model architecture is designed by determining the hyperparameters, such as the number of hidden layers, the number of hidden neurons in each layer, and the learning rate.
• The initialization of weights and biases is carried out.
• The training parameters of the model, such as activation function, optimizer and loss function, are determined.
• The model is trained with training data.
• The deep learning model is evaluated with testing data.
• The trained deep learning model is deployed.

A generalized working model of the deep neural network is explained below. A set of training samples d_t is considered. After applying the random search algorithm using the Keras tuner, the structure of the neural network with x_n input nodes and two hidden layers ${\alpha }_i^1$, ${\alpha }_i^2$ and output node $\hat{y}$ is considered. Each hidden layer consists of 10 neurons each, and the learning rate (η) 0.1 is taken for training the deep learning model. To initialize the weights and biases, the Xavier uniform method is implemented, and its mathematical representation is given in (10).

$$w_{i,j}~Ս\left[\frac{-\sqrt{6}}{\sqrt{n_{in}+n_{out}}},\frac{\sqrt{6}}{\sqrt{n_{in}+n_{out}}}\right]$$

(10)

n_in are the no. of input connections to the neuron, and n_out are the no. of output connections of the neuron. Root mean square error (RMSE), as shown in (11), is the evaluation metric considered for model training as well as evaluation.

$$RMSE={\left[\frac{1}{{2d}_t}\sum _{i=1}^{d_t}{|\hat{\mathrm{y}}-y|}^2\right]}^{\frac{1}{2}}$$

(11)

Various combinations of training parameters are applied to the deep learning model to finalize the best fit for the model. RMSE is the evaluation metric used for training parameter optimization. The sigmoid activation function with Adam optimizer, run for 100 epochs, gives the desirable RMSE value. The deep learning model’s training process is shown below in (12)–(14).

ϕ₁ = ω¹ ∗ x + β¹
α¹ = f (ϕ₁)

(12)

ϕ₂ = ω² ∗ α¹ + β²
α² = f (ϕ₂)

(13)

$$\begin{gathered} {\varphi }_3={\omega }^3\ast {\alpha }^2+{\beta }^3 \\ {\alpha }^3=f\left({\varphi }_3\right)=\hat{y} \end{gathered}$$

(14)

Here, ϕ denotes the weighted sum of inputs and bias, α denotes the output of the neuron, and f denotes the activation function. The training process continues until the error value converges to the performance goal specified, or the model reaches the specified epochs. Training parameters for deep neural network are specified in

Table 4. Deep neural network controller training parameters.

Specification	Deep Learning Controller
Network type	FFBP
Activation function	Sigmoid
Optimizer	Adam
No. of hidden layers	2
Neurons in each hidden layer	10
Weight initialization method	Xavier uniform
Evaluation metric	RMSE
Learning rate	0.1
No. of epochs	100

.

In this article, it is considered that the adversary is attacking the duty D₁ obtained from the voltage controller, and to make the attack stealthy, the output voltage of the plant is modified to remove the effect of the FDI attack on the control input.

7.1.3. Detection and Mitigation of SLCA-FDIA

The decision block is placed before the plant, where it takes the control inputs generated from the controller. If there is no SLCA, the decision block receives D₁ and D₂. If there is an SLCA, the decision block receives $D_1^{*}$ and D₂. In the decision block, the control logic is built to detect and mitigate the FDI attack. The duty D₁ is compared with D₂ with some threshold value ε; the ε value accounts for small noises and errors that occur within the controller. It is ensured that the ε value will not destabilize the system. (15) denotes the decision block logic.

D₂ − ε < D₁ < D₂ + ε

(15)

During no SLCA, $D_1^{*}$ = D₁, and the condition (15) satisfies. If there is an SLCA, $D_1^{*}$ > D₁, and the condition (15) fails. If (15) fails, it indicates the attack on the voltage controller input; during this case, D₂ is sent as the control input to the plant. In normal scenarios, if (15) satisfies, D₁ is considered the control input.

7.2. Simulation Results

The proposed methodology for the detection and mitigation of stealthy local covert FDI attacks is primarily implemented in MATLAB Simulink, and further evaluated using a real-time hardware setup. A DC-DC buck converter is simulated in MATLAB 2022a, and the control logic is designed using a deep learning toolbox. DC-DC converter specifications are given in

Table 5. Buck converter component ratings.

Component	Rating
Inductor L	100 µH
Capacitor C	10 µF
Input voltage Vin	50 V
Output voltage Vo	20–40 V
Voltage ripple	1% of Vo
Current ripple	15% of Io (peak)
Load range	50 W of 200 W

.

A deep learning controller taking the plant input variables V_in and I_in and the plant output variables V_o and Io as its inputs provides the output D₁ and D₂. In the no attack condition, the DL controller output is as shown in Figure 12, where the input voltage is given as 50 V, and the reference voltage is considered to be 25 V. The output duty generated by both the voltage controller and the current controller is 0.5.

An FDI attack is performed on the output of the voltage controller before reaching the decision block. False data D_a is injected into the voltage controller output D₁. Figure 13 shows the voltage controller output and current controller output at 0.25 s, where false data of 0.2 is injected. The output of the current controller is not affected by the FDI attack on the voltage controller output; it is constant at 0.5, whereas the voltage controller output is increased to 0.7. Figure 13 shows the attack on voltage controller duty. Figure 14a indicates voltage controller duty, and Figure 14b indicates the FDI attack on the duty at 0.25 s. Figure 14c shows the final duty $D_1^{*}$ sent to the decision block. After performing the FDI attack on the voltage controller output, the adversary tries to hide the attack by performing a stealth local covert attack and making the controller assume it is in a normal operating condition. Figure 15a shows the output voltage of the converter at 2.5 s; when the FDI attack is made, an increase in output voltage is observed from 25 V to 35 V. To hide this attack, −10 V (a calculated value from the adversary plant model) is added to the output voltage at 2.5 s, as shown in Figure 15b. It can be observed from Figure 15c that the controller receives an unattacked and steady-state reference value of 25 V.

To overcome the SLCA of an FDI attack, the generated control inputs are passed through the decision block. As shown in Figure 16a, the attacked voltage controller output and current controller output are passed through the decision block. The decision block gives an output of 0.5, as shown in Figure 16b; this represents the final duty, which is the current controller output that corresponds to the reference voltage. The duty received from the decision block is given to the DC-DC buck converter to obtain the reference value of 25 V.

7.2.1. FDI Attack on the Output Voltage Sensor

In this case, the performance of the proposed algorithm is evaluated when there is an FDI attack on the output voltage sensor. Figure 17a shows the FDI attack on the output voltage sensor, where the adversary tries to manipulate the sensor data by changing the values from 25 V to 35 V at 0.22 s, 35 V to 40 V at 0.41 s, 40 V to 45 V at 0.62 s, 45 V to 35 V at 0.73 s and back to 25 V at 0.85 s. During all these sensor data manipulations, the actual output voltage of the converter remains stable at the reference value.

7.2.2. FDI Attack on the Input Voltage Sensor

An FDI attack is performed on the input voltage sensor by injecting the false data into the sensor values. The input voltage is changed from 50 V to 65 V at 0.35 s, and back to 50 V at 0.7 s, as shown in Figure 18a. The designed control scheme efficiently mitigates the attack and keeps the output voltage constant at a reference value of 25 V, as shown in Figure 18b.

7.2.3. FDI Attack on the Input Voltage Sensor and Stealth Attack

In this case, a complex scenario, in which the adversary tries to perform a stealth FDI attack on the voltage controller output and an FDI attack on the input voltage sensor, is considered. The robustness of the designed control mechanism is verified by implementing both attacks simultaneously. From Figure 19a, we observe that the D₁ is manipulated by injecting false data and changing the value from 0.5 to 0.39 at 0.35 s, and 0.39 to 0.6 at 0.5 s, before finally settling to 0.7 at 0.7 s. At the same time, the input voltage sensor data are also falsified by changing the value from 50 V to 65 V at 0.35 s, and back to 50 V at 0.7 s, as shown in Figure 19b. Figure 19c shows the output voltage of the converter which remains unchanged and maintained at a reference level of 25 V. This shows that the designed control scheme is effectively designed to handle multiple attacks with a wide range of false data values.

7.3. Hardware Implementation

To test the applicability and accuracy of the proposed control scheme in real-world scenarios, a real-time hardware setup was built in a laboratory environment, as shown in Figure 20. Initially, the designed control scheme’s ability to control the DC-DC buck converter is analyzed. The converter’s reference voltage is varied from 25 V to 35 V. Figure 21a shows the change in the pulse width corresponding to the change in the output of the control algorithm. From Figure 21b, we can observe that the converter’s output voltage changes from 25 V to 35 V, and it takes approximately 10 ms for the transition to occur.

The predicted control inputs from the voltage controller and current controller and the adversary’s FDI attack on the voltage control input is shown in Figure 22. The DL controller produces the controller inputs D₁ and D₂ by considering input voltages and currents, and output voltages and currents. During normal operation, a duty of 0.5 is obtained for both the voltage and current controller, as shown in Figure 22a,c. The adversary performs an FDI attack (D_a) of 0.2 on the controller input D₁; it is modified to $D_1^{*}$, which is 0.7, as shown in Figure 22b. The decision block receives the attacked voltage duty $D_1^{*}$ and the normal current duty (D₁). The decision block decides on the duty that should be passed to the plant, based on the objective function specified in (15).

The performance of the designed control algorithm during the SLCA of the FDIA attack can be observed in Figure 23. Figure 23a gives the output voltage controller duty, and Figure 23b shows the FDI attack. Even though a stealth attack is performed by manipulating the output voltage sensor before reaching the controller, the proposed technique mitigates the attack. Figure 23c shows the output voltage of the converter, which is the desired reference value.

8. Conclusions and Future Scope

This article reviews different cyber threats that adversaries pose toward critical cyber-physical systems, and the transition of cyber security towards AI. The attacks on CPS are performed on a large scale, resulting in disasters, such as the failure of the entire critical infrastructure of a country. The cyberwarfare methods needed to do so are discussed in detail. To overcome cyber attacks from adversaries, various defense mechanisms are employed at the network level and device level. After studying the basic defense mechanisms and their shortcomings in attack detection in CPS, we can conclude that there is a need for intelligent attack detection and mitigation mechanisms. The general network infrastructure used in microgrids is discussed, and the cyber attacks targeting the network framework are represented. The most common and effective cyber attacks, such as FDIA, DoS, and MITM attacks, are discussed in detail. Additionally, the difference between normal IT security and CPS security is studied by analyzing the challenges involved in detecting and mitigating cyber attacks. Artificial intelligence provides effective methods for cyber attack detection that are studied elaborately.

After identifying the advantages of AI in cyber attack detection, some of the literature on AI as an attack detection mechanism is studied. We found that the complex control structure of CPS becomes even more complex with the inclusion of a data-driven attack detection mechanism. To reduce complexity and increase operational efficiency, a complete data-driven methodology should be proposed for CPS control and for cyber attack detection. To illustrate the importance of this methodology, a case study is performed, in which a stealth FDI attack is formulated and its mitigation is performed using deep neural networks. Further, real-time hardware implementation is performed to prove the method’s effective operation. Further, AI techniques can be implemented on the most complicated CPS for mitigating different types of cyber attacks.