Dynamic Defense for Adaptive Resilience Against Emerging Threats in Microgrid Cybersecurity Games
Loading...
Authors
Rath, Suman
Issue Date
2025
Type
Dissertation
Language
en_US
Keywords
Cyber-Physical Systems , Cybersecurity , Deep Reinforcement Learning , Game Theory , Microgrids , Rootkits
Alternative Title
Abstract
The drive for decarbonization in the energy sector has necessitated the introduction of sustainability in the power industry. This can be accomplished by integrating more renewable energy sources via microgrids that allow localized generation and consumption of electricity. Microgrids rely on embedded devices and communication networks to achieve controllability. The interdependence of physical and cyber layers in such systems makes them vulnerable to process-level rootkit attacks that can manipulate system states to hinder the achievement of nominal functionality, leading to instability. Rootkits also tend to eavesdrop on nominal system behavior to learn how to hide their actions from the microgrid defender in an effective manner. These abilities can prove to be particularly lethal for the power grid, allowing the malware to achieve persistence. Despite their ability to create undetectable, long-term manipulations in the system, rootkits have not been studied adequately by grid cybersecurity researchers. To study process-level rootkits in an analytical manner, this dissertation models their interactions with the grid defender as a multi-stage, non-cooperative, zero-sum, Markov game. The Markov game formulation ensures that no explicit assumptions are made regarding the malware's behavior, to represent its stochastic nature in an accurate manner. Additionally, to enable the defender to formulate dominant strategies for maximum utility in this game, the dissertation presents a centralized deep reinforcement learning-based framework that utilizes the knowledge of physical laws to identify infected components and perturbs adjacency matrix elements to establish resiliency in an autonomous manner, without any operator supervision. The understanding of physical laws allows the reinforcement learning-based defense framework to be scaled up to larger grid sizes without imposing significantly higher computational overheads. Acknowledging the limitations of single-point failure of centralized deep reinforcement learning, the dissertation also presents the concept of a decentralized deep Q-network (DQN)-based framework where one DQN agent is deployed at each distributed energy resource (DER). Each agent in this framework is primarily concerned with achieving system recovery to defend its corresponding DER from manipulations from wide-area communication networks. Several simulation results are provided to demonstrate the action of the developed strategies in mitigating manipulations within the cyber-physical microgrid environment. Further, the dissertation provides several case studies showcasing the scalability of the proposed framework and its superiority over conventional defense strategies. To assist decision-making for individual DQN agents within the microgrid by identifying cyber-attacks, a federated learning-based Intrusion Detection System (IDS) is also developed. This IDS is a robust tool to identify specific manipulation templates that may be executed by rootkits. A framework is also presented to analyze the progression stages of malwares such as rootkits within the smart grid environment. This framework is meant to serve as a reference guide for security researchers to understand and thwart attempts of attackers who try to deploy rootkits within the grid at their very early stages, without limiting the defenders' capabilities to only stop them after manipulation begins.