Hardware performance counters used to protect microgrids from cyberattacks

News

Researchers at King Abdullah University of Science and Technology (KAUST) are using hardware performance counters to protect microgrids from cyberattacks.

Small-scale renewable energy systems can be vulnerable to cyberattacks. A team of KAUST researchers has devised a method to protect this critical infrastructure using low-cost hardware-based malware detection mechanisms
Small-scale renewable energy systems can be vulnerable to cyberattacks. A team of KAUST researchers has devised a method to protect this critical infrastructure using low-cost hardware-based malware detection mechanisms - © 2022 KAUST; Heno Hwang

Microgrids are small ‘power islands’ that provide electricity for services including healthcare, food and water during emergencies. According to KAUST, the relative simplicity and isolation of microgrids makes them attractive targets for cyberattacks aimed at disrupting communities.

Hardware performance counters (HPCs) are special registers embedded within most computers to monitor events, such as how many times a certain command has been performed.

“HPCs were originally used for profiling purposes or to identify bottlenecks within code,” said Ioannis Zografopoulos, who conducted the research with Charalambos Konstantinou at KAUST and colleagues from the University of Texas at Dallas. “However, we have utilised HPCs to detect code patterns that indicate the execution of malicious code on our devices: specifically, the embedded controllers of solar inverters that convert the output of solar photovoltaic panels into usable power for consumers.”

MORE FROM ELECTRONICS

Zografopoulos and co-workers developed tailor-made HPCs that were able to monitor the commands occurring within the inverters, without interfering in their main job of converting solar energy to electricity. Crucially, the team added an extra layer of security by including time series classifiers; these are algorithms that correlate potentially malicious combinations of commands with the time sequence of HPC firing events.

“We can detect malware in inverter controllers with over 97 per cent accuracy using a classifier trained on just a single custom-built HPC,” said Zografopoulos. “This meets our original objective for a low-cost and low-complexity defence countermeasure.”

The team also simulated malware attacks on a replica of the Canadian urban distribution system, containing four inverter-based distributed generators. Their HPC system was able to detect voltage, current and frequency instabilities that could lead to equipment damage or electricity interruptions.

“The main takeaway from our study is that embedded controllers can be equipped with hardware-based malware detection mechanisms that do not add complexity or require additional computational resources,” said Zografopoulos.

The team’s research has been published in Energy Reports.

microgrids
cyber attack