Behind Closed Doors: Process-Level Rootkit Attacks in Cyber-Physical Microgrid Systems

Suman Rath, Ioannis Zografopoulos, Pedro P. Vergara , Vassilis C. Nikolaidis, Charalambos Konstantinou

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

6 Downloads (Pure)


Embedded controllers, sensors, actuators, advanced metering infrastructure, etc. are cornerstone components of cyber-physical energy systems such as microgrids (MGs). Harnessing their monitoring and control functionalities, sophisticated schemes enhancing MG stability can be deployed. However, the deployment of ‘smart’ assets increases the threat surface. Power systems possess mechanisms capable of detecting abnormal operations. Furthermore, the lack of sophistication in attack strategies can render them detectable since they blindly violate power system semantics. On the other hand, the recent increase of process-aware rootkits that can attain persistence and compromise operations in undetectable ways requires special attention. In this work, we investigate the steps followed by stealthy rootkits at the process level of control systems pre- and post-compromise. We investigate the rootkits' precompromise stage involving the deployment to multiple system locations and aggregation of system-specific information to build a neural network-based virtual data-driven model (VDDM) of the system. Then, during the weaponization phase, we demonstrate how the VDDM measurement predictions are paramount, first to orchestrate crippling attacks from multiple system standpoints, maximizing the impact, and second, impede detection blinding system operator situational awareness.
Original languageEnglish
Title of host publicationProceedings of the 2022 IEEE Power & Energy Society General Meeting (PESGM)
Number of pages10
ISBN (Electronic)978-1-6654-0823-3
ISBN (Print)978-1-6654-0824-0
Publication statusPublished - 2022
Event2022 IEEE Power & Energy Society General Meeting (PESGM) - Denver, United States
Duration: 17 Jul 202221 Jul 2022


Conference2022 IEEE Power & Energy Society General Meeting (PESGM)
Country/TerritoryUnited States

Bibliographical note

Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project
Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.


  • Rootkit
  • cyber-physical microgrid
  • intelligent malware
  • data-driven prediction
  • virtual twin


Dive into the research topics of 'Behind Closed Doors: Process-Level Rootkit Attacks in Cyber-Physical Microgrid Systems'. Together they form a unique fingerprint.

Cite this