DefRec: Establishing Physical Function Virtualization to Disrupt Reconnaissance of Power Grids’ Cyber-Physical Infrastructures

Abstract

In our recent work, we propose physical function virtualization (PFV) that “hooks” network interactions with real physical devices to build lightweight virtual nodes that follow the actual implementation of network stacks, system invariants, and physical state variations in the real devices. On top of PFV, we propose DefRec, a defense mechanism that significantly increases the effort required for an adversary to infer the knowledge of power grids’ cyber-physical infrastructures.

To perform comprehensive security and performance evaluation, we developed a cyber-physical testbed including four parts, communication networks, implementation of network manipulation tools based on software-defined networking (SDN), real intelligent electronic devices, and simulations of power grids. We have implemented six networks of different topology by grouping and connecting physical ports into different virtual local area networks (VLAN). In addition, we have simulated six different power systems of different sizes based on real operational data. In our evaluation of DefRec, we have successfully used SDN to spoof network traffic that is indistinguishable from the traffic of real devices and evaluated how the proposed research work impacts the performance of communication networks.

Speaker’s Biography

Hui Lin is an Assistant Professor at the Computer Science and Engineering Department in the University of Nevada at Reno. He earned his Ph.D. degree from the University of Illinois at Urbana-Champaign in 2017 in electrical and computer engineering. His research interests include cyber security, intrusion detection systems, and software-defined networking (SDN) in the areas of cyber-physical systems, such as power systems. He has successfully adapted Bro, a runtime network traffic analyzer, to support network protocols (e.g., DNP3) commonly used in power grid infrastructure. The DNP3 analyzer that he developed has been included in Bro and can be downloaded freely by utility companies. His current work focuses on applying SDN in cyber-physical systems; he intends to use SDN’s network programmability to design flexible cyber-physical systems which can quickly respond to cyber-attacks and accidents.