Modeling and Detecting False Data Injection Attacks against Railway Traction Power Systems

TL;DR

This paper investigates false data injection attacks on railway traction power systems, analyzing attack strategies and proposing a detection system that effectively identifies such attacks with low false positives.

Contribution

It introduces a global attack detection system combining a bad data detector and a novel secondary detector tailored for railway TPS, capable of identifying sophisticated FDI attacks.

Findings

FDI attacks can significantly disrupt railway power systems.

The proposed GAD system detects attacks effectively under noisy conditions.

Simulations confirm the system's low false positive and negative rates.

Abstract

Modern urban railways extensively use computerized sensing and control technologies to achieve safe, reliable, and well-timed operations. However, the use of these technologies may provide a convenient leverage to cyber-attackers who have bypassed the air gaps and aim at causing safety incidents and service disruptions. In this paper, we study false data injection (FDI) attacks against railways' traction power systems (TPSes). Specifically, we analyze two types of FDI attacks on the train-borne voltage, current, and position sensor measurements - which we call efficiency attack and safety attack -- that (i) maximize the system's total power consumption and (ii) mislead trains' local voltages to exceed given safety-critical thresholds, respectively. To counteract, we develop a global attack detection (GAD) system that serializes a bad data detector and a novel secondary attack detector designed based on unique TPS characteristics. With intact position data of trains, our detection system can effectively detect the FDI attacks on trains' voltage and current measurements even if the attacker has full and accurate knowledge of the TPS, attack detection, and real-time system state. In particular, the GAD system features an adaptive mechanism that ensures low false positive and negative rates in detecting the attacks under noisy system measurements. Extensive simulations driven by realistic running profiles of trains verify that a TPS setup is vulnerable to the FDI attacks, but these attacks can be detected effectively by the proposed GAD while ensuring a low false positive rate.