MPTCP-H: A DDoS attack resilient transport protocol to secure wide area measurement systems

The penetration of distributed generators into the power distribution grid requires real-time control of the grid by monitoring the state of the power distribution grid. Such a large-scale monitoring cannot be performed by using traditional Supervisory Control and Data Acquisition (SCADA) systems due to its lack of the scalability. To address this issue, contemporary Wide Area Measurement Systems (WAMS) are deployed, which provide the dynamic snapshots of the power system. However, WAMS's more open structure versus SCADA poses a risk of WAMS being vulnerable to cyberattacks. In particular, due to high responsiveness and availability requirements of WAMS applications, attacks i.e., Denial-of-Service (DoS) and Distributed DoS (DDoS) are of primary concern for WAMS. In this paper, we focus on internal DoS/DDoS attacks launched against the WAMS devices by exploiting the vulnerabilities. To counter such attacks, we propose a proactive and robust extension of the Multipath-TCP (MPTCP) transportation protocol, termed as MPTCP-H. The proposed extension mitigates the internal attacks by using a novel stream hopping mechanism, which periodically renews the subflows to hide the open port numbers of the connection. By doing so, MPTCP-H significantly increases the attacker's cost for a successful attack without perturbing the WAMS data traffic. The experimental results show that the proposed MPTCP-H provides a significant DoS/DDoS attack mitigation for WAMS at the expense of reasonable overheads, i.e., additional latency and message. (C) 2019 Elsevier B.V. All rights reserved.