DataSheet1_Cyber-attack research for integrated energy systems by the correlated matrix based object-oriented modeling method.pdf

The rise of an integrated energy system requires the integration of multiple sources of energy to be embraced and transited over the power grid; that means the information and communication systems of traditional power systems will be extended, and their complexity will be increased. As the information and communication systems play a more important role in the infrastructure of the power system, a cyber-attack on them may have an impact on the power system and cause a serious threat to the integrated energy system. To analyze the threat to the complex and integrated system, some researchers provide some modeling methods to study the impact of cyber-attacks on the information and communication systems, such as the Attack Tree Model, Attack Graph Model, Petri Net Model for cyber-attack, Attack Description Language Model, State Transition Graph Model, etc. However, these modeling methods have some shortcomings. For example, they cannot describe the systematical cyber-attack and show the secure status during the cyber-attack; it is hard for them to analyze the larger and more complicated information and communication systems. To overcome the shortages, in this paper, a correlated matrix-based object-oriented model is proposed for cyber-attack modeling. With this model, the relationship between the attacker and victim can be directly built; the cyber-attack path and packets from the attacker can be tracked; and the status of the nodes and links can be shown during a cyber-attack. There are two steps to build the cyber-attack model. Firstly, the procedure and approach of the cyber-attack will be modeled by an object-oriented method; then, a correlated matrix model will be built for network topology, attack path, and attack procedure. By combining these two models, the whole cyber-attack model is created. Finally, to demonstrate the modeling method and its benefits, we use the MITM (Man-in-the-middle Attack) attack on measurement data of an AVC (Automation Voltage Control) system as examples, and build a hardware-in-the-loop (HIL) co-simulation platform to verify the model.