Improvise, Adapt, Overcome: Dynamic Resiliency Against Unknown Attack Vectors in Microgrid Cybersecurity Games

TL;DR

This paper introduces a deep reinforcement learning strategy for microgrid cybersecurity that dynamically detects and isolates rootkit attacks, enhancing system resilience without physical network changes.

Contribution

It proposes a novel RL-based approach to identify and respond to rootkit attacks in microgrids, improving cybersecurity resilience against unknown attack vectors.

Findings

The strategy effectively detects rootkit access levels.

It isolates manipulations without changing network topology.

Simulation results show robustness and adaptability.

Abstract

Cyber-physical microgrids are vulnerable to rootkit attacks that manipulate system dynamics to create instabilities in the network. Rootkits tend to hide their access level within microgrid system components to launch sudden attacks that prey on the slow response time of defenders to manipulate system trajectory. This problem can be formulated as a multi-stage, non-cooperative, zero-sum game with the attacker and the defender modeled as opposing players. To solve the game, this paper proposes a deep reinforcement learning-based strategy that dynamically identifies rootkit access levels and isolates incoming manipulations by incorporating changes in the defense plan. A major advantage of the proposed strategy is its ability to establish resiliency without altering the physical transmission/distribution network topology, thereby diminishing potential instability issues. The paper also presents several simulation results and case studies to demonstrate the operating mechanism and robustness of the proposed strategy.