Modelling Load-Changing Attacks in Cyber-Physical Systems

Luca Arnaboldi, Ricardo M. Czekster, Charles Morisset, Roberto Metere

    Research output: Contribution to journalArticlepeer-review


    Cyber-Physical Systems (CPS) are present in many settings addressing a myriad of purposes. Examples are Internet-of-Things (IoT) or sensing software embedded in appliances or even specialised meters that measure and respond to electricity demands in smart grids. Due to their pervasive nature, they are usually chosen as recipients for larger scope cyber-security attacks. Those promote system-wide disruptions and are directed towards one key aspect such as confidentiality, integrity, availability or a combination of those characteristics. Our paper focuses on a particular and distressing attack where coordinated malware infected IoT units are maliciously employed to synchronously turn on or off high-wattage appliances, affecting the grid's primary control management. Our model could be extended to larger (smart) grids, Active Buildings as well as similar infrastructures. Our approach models Coordinated Load-Changing Attacks (CLCA) also referred as GridLock or BlackIoT, against a theoretical power grid, containing various types of power plants. It employs Continuous-Time Markov Chains where elements such as Power Plants and Botnets are modelled under normal or attack situations to evaluate the effect of CLCA in power reliant infrastructures. We showcase our modelling approach in the scenario of a power supplier (e.g. power plant) being targeted by a botnet. We demonstrate how our modelling approach can quantify the impact of a botnet attack and be abstracted for any CPS system involving power load management in a smart grid. Our results show that by prioritising the type of power-plants, the impact of the attack may change: in particular, we find the most impacting attack times and show how different strategies impact their success. We also find the best power generator to use depending on the current demand and strength of attack.

    Original languageEnglish
    Pages (from-to)39-60
    Number of pages22
    JournalElectronic Notes in Theoretical Computer Science
    Publication statusPublished - 1 Nov 2020

    Bibliographical note

    © 2020 The Author(s). Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (

    Funding Information:
    This research is supported by The Alan Turing Institute and an Innovate UK grant to Newcastle University through the e4future project, Arm Ltd. and EP-SRC under grant EP/N509528/1, as well as the Active Building Center under grant EP/S016627/1.


    • Continuous Time Markov Chains
    • Coordinated Load-Changing Attacks
    • Load Balancing Systems
    • Smart Grid


    Dive into the research topics of 'Modelling Load-Changing Attacks in Cyber-Physical Systems'. Together they form a unique fingerprint.

    Cite this