Active Power Flow Tracing for Preventive Control in Deregulated Power Systems

Adhip, *

January 2017

Modern day power systems present an open access environment, inspiring participation from small scale and large power suppliers. With multiple players in the system driven by the market, proper monitoring and control of system becomes a major concern. This transformation is accompanied by dynamic consumption patterns and rising power demands. The expanding network encompassing EHV/AC network, HVDC and FACTS devices, along with increased penetration of renewable sources, viz. solar and wind energy at medium and low voltage levels, adds to the problem. Independent System Operators (ISO) are entrusted with ensuring smooth operation, and employing proper preventive measures to eliminate a possible cascade tripping leading to a partial or large-scale blackout. To aid the operator in the process of ensuring secure operation of the grid, there are many tools that provide required information and guidance. Power flow tracing is one such tool that aids the operator in congestion management, transmission pricing, transaction evaluation, loss allocation and reactive power optimization. In this thesis, a novel active power flow tracing approach is proposed that takes into account, the real-time operating conditions and network topology. It provides the decomposition of active power flow in a line into respective components injected by various generators in the system. It also provides the contribution of the generators to various loads in the system. The approach is simple and computationally fast, making it an ideal tool to aid preventive control decisions. Based on the proposed active power flow tracing, a congestion management approach is developed. The approach indicates the least number of generators that need to be coordinated for generation rescheduling, so as to alleviate overloading in affected transmission lines and transformers. The approach also takes into consideration the operating constraints on the system, while computing the optimal rescheduling amongst selected generators using LP technique. The thesis also presents a real power loss allocation approach based on the proposed power flow tracing. Loss allocation is an important part of tariff design as the cost associated with losses amounts to a sizable fraction of total revenue collected from the loads. The approach provides information as to how losses are distributed among loads and how much each generator is providing for the loss share of each load. The approaches developed in the thesis are illustrated on a sample 10-bus equivalent system, IEEE 30-bus, and IEEE 39-bus systems. Results for typical case studies are presented for practical systems of 72-bus equivalent and 203-bus equivalent of Indian Southern grid.

Power System Security

Power Flow Tracing

Congestion Management

Virtual Power Flow

Generator Sensitivity

Virtual Real Power Flows

High Voltage Direct Current (HVDC)

Electrical Engineering

A two-level Probabilistic Risk Assessment of cascading failures leading to blackout in transmission power systems

Henneaux, Pierre

19 September 2013

In our society, private and industrial activities increasingly rest on the implicit assumption that electricity is available at any time and at an affordable price. Even if operational data and feedback from the electrical sector is very positive, a residual risk of blackout or undesired load shedding in critical zones remains. The occurrence of such a situation is likely to entail major direct and indirect economical consequences, as observed in recent blackouts. Assessing this residual risk and identifying scenarios likely to lead to these feared situations is crucial to control and optimally reduce this risk of blackout or major system disturbance. The objective of this PhD thesis is to develop a methodology able to reveal scenarios leading to a blackout or a major system disturbance and to estimate their frequencies and their consequences with a satisfactory accuracy.<p><p>A blackout is a collapse of the electrical grid on a large area, leading to a power cutoff, and is due to a cascading failure. Such a cascade is composed of two phases: a slow cascade, starting with the occurrence of an initiating event and displaying characteristic times between successive events from minutes to hours, and a fast cascade, displaying characteristic times between successive events from milliseconds to tens of seconds. In cascading failures, there is a strong coupling between events: the loss of an element increases the stress on other elements and, hence, the probability to have another failure. It appears that probabilistic methods proposed previously do not consider correctly these dependencies between failures, mainly because the two very different phases are analyzed with the same model. Thus, there is a need to develop a conceptually satisfying probabilistic approach, able to take into account all kinds of dependencies, by using different models for the slow and the fast cascades. This is the aim of this PhD thesis.<p><p>This work first focuses on the level-I which is the analysis of the slow cascade progression up to the transition to the fast cascade. We propose to adapt dynamic reliability, an integrated approach of Probabilistic Risk Analysis (PRA) developed initially for the nuclear sector, to the case of transmission power systems. This methodology will account for the double interaction between power system dynamics and state transitions of the grid elements. This PhD thesis also introduces the development of the level-II to analyze the fast cascade, up to the transition towards an operational state with load shedding or a blackout. The proposed method is applied to two test systems. Results show that thermal effects can play an important role in cascading failures, during the first phase. They also show that the level-II analysis after the level-I is necessary to have an estimation of the loss of supplied power that a scenario can lead to: two types of level-I scenarios with a similar frequency can induce very different risks (in terms of loss of supplied power) and blackout frequencies. The level-III, i.e. the restoration process analysis, is however needed to have an estimation of the risk in terms of loss of supplied energy. This PhD thesis also presents several perspectives to improve the approach in order to scale up applications to real grids.<p> / Doctorat en Sciences de l'ingénieur / info:eu-repo/semantics/nonPublished

Physique

Power transmission -- Risk assessment

Monte Carlo method

Monte-Carlo, Méthode de

Blackout

Risk analysis

Monte Carlo methods

Power system security

Power system reliability

Network security monitoring and anomaly detection in industrial control system networks

Mantere, M. (Matti)

19 May 2015

Abstract Industrial control system (ICS) networks used to be isolated environments, typically separated by physical air gaps from the wider area networks. This situation has been changing and the change has brought with it new cybersecurity issues. The process has also exacerbated existing problems that were previously less exposed due to the systems’ relative isolation. This process of increasing connectivity between devices, systems and persons can be seen as part of a paradigm shift called the Internet of Things (IoT). This change is progressing and the industry actors need to take it into account when working to improve the cybersecurity of ICS environments and thus their reliability. Ensuring that proper security processes and mechanisms are being implemented and enforced on the ICS network level is an important part of the general security posture of any given industrial actor. Network security and the detection of intrusions and anomalies in the context of ICS networks are the main high-level research foci of this thesis. These issues are investigated through work on machine learning (ML) based anomaly detection (AD). Potentially suitable features, approaches and algorithms for implementing a network anomaly detection system for use in ICS environments are investigated. After investigating the challenges, different approaches and methods, a proof-ofconcept (PoC) was implemented. The PoC implementation is built on top of the Bro network security monitoring framework (Bro) for testing the selected approach and tools. In the PoC, a Self-Organizing Map (SOM) algorithm is implemented using Bro scripting language to demonstrate the feasibility of using Bro as a base system. The implemented approach also represents a minimal case of event-driven machine learning anomaly detection (EMLAD) concept conceived during the research. The contributions of this thesis are as follows: a set of potential features for use in machine learning anomaly detection, proof of the feasibility of the machine learning approach in ICS network setting, a concept for event-driven machine learning anomaly detection, a design and initial implementation of user configurable and extendable machine learning anomaly detection framework for ICS networks. / Tiivistelmä Kehittyneet yhteiskunnat käyttävät teollisuuslaitoksissaan ja infrastruktuuriensa operoinnissa monimuotoisia automaatiojärjestelmiä. Näiden automaatiojärjestelmien tieto- ja kyberturvallisuuden tila on hyvin vaihtelevaa. Laitokset ja niiden hyödyntämät järjestelmät voivat edustaa usean eri aikakauden tekniikkaa ja sisältää useiden eri aikakauden heikkouksia ja haavoittuvaisuuksia. Järjestelmät olivat aiemmin suhteellisen eristyksissä muista tietoverkoista kuin omista kommunikaatioväylistään. Tämä automaatiojärjestelmien eristyneisyyden heikkeneminen on luonut uuden joukon uhkia paljastamalla niiden kommunikaatiorajapintoja ympäröivälle maailmalle. Nämä verkkoympäristöt ovat kuitenkin edelleen verrattaen eristyneitä ja tätä ominaisuutta voidaan hyödyntää niiden valvonnassa. Tässä työssä esitetään tutkimustuloksia näiden verkkojen turvallisuuden valvomisesta erityisesti poikkeamien havainnoinnilla käyttäen hyväksi koneoppimismenetelmiä. Alkuvaiheen haasteiden ja erityispiirteiden tutkimuksen jälkeen työssä käytetään itsejärjestyvien karttojen (Self-Organizing Map, SOM) algoritmia esimerkkiratkaisun toteutuksessa uuden konseptin havainnollistamiseksi. Tämä uusi konsepti on tapahtumapohjainen koneoppiva poikkeamien havainnointi (Event-Driven Machine Learning Anomaly Detection, EMLAD). Työn kontribuutiot ovat seuraavat, kaikki teollisuusautomaatioverkkojen kontekstissa: ehdotus yhdeksi anomalioiden havainnoinnissa käytettävien ominaisuuksien ryhmäksi, koneoppivan poikkeamien havainnoinnin käyttökelpoisuuden toteaminen, laajennettava ja joustava esimerkkitoteutus uudesta EMLAD-konseptista toteutettuna Bro NSM työkalun ohjelmointikielellä.

anomaly detection

cybersecurity

industrial control system security

information security

intrusion detection

machine learning

network security

automaatiojärjestelmien turvallisuus

koneoppiminen

kyberturvallisuus

poikkeamien havainnointi

tietoturva

tunkeutumisen havainnointi

Obrana proti útokům sociálního inženýrství / Defense against social engineering attacks

Škopec, Antonín

January 2015

This theses concerns with social engineering and defense against it. Social engineering attacks represents significant threat for organizations and their information systems, especially because they target weakest link in information systems security, its users. That way attacker can easily bypass even highly sophisticated security system. This theses tries to deal with question, how to effectively secure human factor of information system.

PRACTICAL CONFIDENTIALITY-PRESERVING DATA ANALYTICS IN UNTRUSTED CLOUDS

Savvas Savvides (9113975)

27 July 2020

<div> <div> <div> <p>Cloud computing offers a cost-efficient data analytics platform. This is enabled by constant innovations in tools and technologies for analyzing large volumes of data through distributed batch processing systems and real-time data through distributed stream processing systems. However, due to the sensitive nature of data, many organizations are reluctant to analyze their data in public clouds. To address this stalemate, both software-based and hardware-based solutions have been proposed yet all have substantial limitations in terms of efficiency, expressiveness, and security. In this thesis, we present solutions that enable practical and expressive confidentiality- preserving batch and stream-based analytics. We achieve this by performing computations over encrypted data using Partially Homomorphic Encryption (PHE) and Property-Preserving Encryption (PPE) in novel ways, and by utilizing remote or Trusted Execution Environment (TEE) based trusted services where needed.</p><p><br></p><p>We introduce a set of extensions and optimizations to PHE and PPE schemes and propose the novel abstraction of Secure Data Types (SDTs) which enables the application of PHE and PPE schemes in ways that improve performance and security. These abstractions are leveraged to enable a set of compilation techniques making data analytics over encrypted data more practical. When PHE alone is not expressive enough to perform analytics over encrypted data, we use a novel planner engine to decide the most efficient way of utilizing client-side completion, remote re-encryption, or trusted hardware re-encryption based on Intel Software Guard eXtensions (SGX) to overcome the limitations of PHE. We also introduce two novel symmetric PHE schemes that allow arithmetic operations over encrypted data. Being symmetric, our schemes are more efficient than the state-of-the-art asymmetric PHE schemes without compromising the level of security or the range of homomorphic operations they support. We apply the aforementioned techniques in the context of batch data analytics and demonstrate the improvements over previous systems. Finally, we present techniques designed to enable the use of PHE and PPE in resource-constrained Internet of Things (IoT) devices and demonstrate the practicality of stream processing over encrypted data.</p></div></div></div><div><div><div> </div> </div> </div>

Distributed Computing

Computer System Security

Data Encryption

Cloud computing

Distributed processing of data

Applied Crytpography

Encrypted Databases

Trusted Execution Environments

Intel SGX

Homomorphic Encryption

Confidentiality

Posouzení informačního systému firmy a návrh změn / Information System Assessment and Proposal of ICT Modification

Mišurová, Katarína

January 2018

A thesis deals with the assessment of the information system in an engineering company, the assessment of its efficiency and the proposal of the ICT modification to improve this system. Furthermore, the thesis deals with the proposal of the information system changes in the company and the elimination of the risks related to these changes. An analytical part also deals with the company analysis, the analysis of the company processes and the analysis of the current information system. .

FORENSICS AND FORMALIZED PROTOCOL CUSTOMIZATION FOR ENHANCING NETWORKING SECURITY

Fei Wang (11523058)

22 November 2021

<div>Comprehensive networking security is a goal to achieve for enterprise networks. In forensics, the traffic analysis, causality dependence in intricate program network flows is needed in flow-based attribution techniques. The provenance, the connection between stealthy advanced persistent threats (APTs) and the execution of loadable modules is stripped because loading a module does not guarantee an execution. The reports of common vulnerabilities and exposures (CVE) demonstrate that lots of vulnerabilities have been introduced in protocol engineering process, especially for the emerging Internet-of-Things (IoT) applications. A code generation framework targeting secure protocol implementations can substantially enhance security.</div><div>A novel automaton-based technique, NetCrop, to infer fine-grained program behavior by analyzing network traffic is proposed in this thesis. Based on network flow causality, it constructs automata that describe both the network behavior and the end-host behavior of a whole program to attribute individual packets to their belonging programs and fingerprint the high-level program behavior. A novel provenance-oriented library tracing system, Lprov, which enforces library tracing on top of existing syscall logging based provenance tracking approaches is investigated. With the dynamic library call stack, the provenance of implicit library function execution is revealed and correlated to system events, facilitating the locating and defense of malicious libraries. The thesis presents ProFactory, in which a protocol is modeled, checked and securely generated, averting common vulnerabilities residing in protocol implementations.</div>

Computer System Security

traffic attribution

behavior inference

flow analysis

flow causality

provenance tracking

library tracing

IoT security

protocol modeling

protocol verification

protocol customization

Posouzení informačního systému firmy a návrh změn / Information System Assessment and Proposal for ICT Modification

Parolek, Pavel

January 2012

My thesis focuses on information system analysis of local municipalities, specifically on Břeclav Municipal Office information system. My thesis evaulates the information system's efficiency, identifies its weak points and suggests measures eliminating these weak points.

Návrh informačního systému / Information System Design

Šmýd, Radek

January 2016

The aim of the diploma thesis is to prepare a design of multi-level sales network information system for the company 1WAY COMPANY s.r.o. system will be designed with a maximum regard to the success of final solution and automation particular corporate processes. The work also describes company’s system requirements, implementation methods, budgeting and creating of service agreements. For the proper system functionality is needed to design a permission management included organization structure, Event-driven Process Chain and RACI responsibility matrix.

Detekce síťových anomálií / Network Anomaly Detection

Pšorn, Daniel

January 2012

This master thesis deals with detecting anomalies methods in network traffic. First of all this thesis analyzes the basic concepts of anomaly detection and already using technology. Next, there are also described in more detail three methods for anomalies search and some types of anomalies. In the second part of this thesis there is described implementation of all three methods and there are presented the results of experimentation using real data.