Man-in-The-Middle (MiTM) attacks present numerous threats to a smart grid. In a MiTM attack, an intruder embeds itself within a conversation between two devices to either eavesdrop or impersonate one of the devices, making it appear to be a normal exchange of information. Thus, the intruder can perform false data injection (FDI) and false command injection (FCI) attacks that can compromise power system operations, such as state estimation, economic dispatch, and automatic generation control (AGC). Very few researchers have focused on MiTM methods that are difficult to detect within a smart grid. To address this, we are designing and implementing multi-stage MiTM intrusions in an emulation-based cyber-physical power system testbed against a large-scale synthetic grid model to demonstrate how such attacks can cause physical contingencies such as misguided operation and false measurements. MiTM intrusions create FCI, FDI, and replay attacks in this synthetic power grid. This work enables stakeholders to defend against these stealthy attacks, and we present detection mechanisms that are developed using multiple alerts from intrusion detection systems and network monitoring tools. Our contribution will enable other smart grid security researchers and industry to develop further detection mechanisms for inconspicuous MiTM attacks.

中文翻译：

---

电力系统网络物理测试台中的中间人攻击和防御

中间人（MiTM）攻击对智能电网提出了许多威胁。在MiTM攻击中，入侵者将自己嵌入两个设备之间的对话中，以窃听或冒充其中一个设备，使其看起来像是正常的信息交换。因此，入侵者可以执行错误的数据注入（FDI）和错误的命令注入（FCI）攻击，这些攻击可能会损害电力系统的运行，例如状态估计，经济调度和自动发电控制（AGC）。很少有研究人员专注于在智能电网中难以检测到的MiTM方法。为了解决这个问题，我们正在针对大型合成网格模型在基于仿真的网络物理电力系统中设计和实施多阶段MiTM入侵，以证明此类攻击如何导致物理意外事件（如误导操作和错误测量）。MiTM入侵会在此合成电网中创建FCI，FDI和重播攻击。这项工作使利益相关者能够抵御这些隐式攻击，并且我们介绍了使用入侵检测系统和网络监视工具的多个警报开发的检测机制。我们的贡献将使其他智能电网安全研究人员和行业能够开发出针对不显眼的MiTM攻击的进一步检测机制。这项工作使利益相关者能够抵御这些隐式攻击，并且我们介绍了使用入侵检测系统和网络监视工具的多个警报开发的检测机制。我们的贡献将使其他智能电网安全研究人员和行业能够开发出针对不显眼的MiTM攻击的进一步检测机制。这项工作使利益相关者能够抵御这些隐式攻击，并且我们介绍了使用入侵检测系统和网络监视工具的多个警报开发的检测机制。我们的贡献将使其他智能电网安全研究人员和行业能够开发出针对不显眼的MiTM攻击的进一步检测机制。