Kim, Jin Sub2014-02-252019-01-282014-01-27bibid: 8442269https://hdl.handle.net/1813/36092The threat of malicious network attacks has become significant ever since networking became pervasive in our life. When adversaries have enough control over the network measurements and control procedures, the effect of attacks can be as detrimental as the breakdown of the whole network operations. This dissertation studies possible adversarial effects under certain protection strategy, the conditions under which attacks can be detected, and protection strategies to render attacks detectable. Specifically, attacks on two types of networks are considered: communications networks and power networks. First, we consider an attack on communications networks, where a pair of nodes are suspected to belong to the chain of compromised nodes used by the adversary. If the pair belongs to the compromised chain, it forwards attack packets along the chain, and thus there should exist an information flow between the pair. Detection of an information flow based on node transmission timings is formulated as a binary composite hypothesis testing. An unsupervised and nonparametric detector with linear complexity is proposed and tested with real-world TCP traces and MSN VoIP traces. The detector is proved to be consistent for a class of nonhomogeneous Poisson processes. Secondly, the topology attack on power networks is studied. In a so-called manin-the-middle topology attack, an adversary alters data from certain meters and network switches to mislead the control center with an incorrect network topology while avoiding detection by the control center. A necessary and sufficient condition for the existence of an undetectable attack is obtained, and countermeasures to prevent undetectable attacks are presented. It is shown that any topology attack is detectable if a set of meters satisfying a certain branch covering property are protected from adversarial data modification. The proposed attacks are tested with IEEE 14-bus and IEEE 118-bus system, and their effect on real-time locational marginal pricing is examined. Lastly, a new attack mechanism aimed at misleading the power system control center about the source of data attacks is proposed. As a man-in-the-middle state attack, a data framing attack is proposed to exploit the bad data detection and identification mechanisms at the control center. In particular, the proposed attack frames normal meters as sources of bad data and causes the control center to remove useful measurements from the framed meters. The optimal design of data framing attack is formulated as a quadratically constrained quadratic program (QCQP). It is shown that the proposed attack is capable of perturbing the power system state estimate by an arbitrary degree using only half of the critical measurements. Implications of this attack on power system operations are discussed, and the attack performance is evaluated using benchmark systems.en-USNetwork securityInformation flow detectionSmart grid securitydissertation or thesis