Abstract
As an important part of the national infrastructure, the power grid is facing more and more network security threats in the process of turning from traditional relative closure to informationization and networking. Therefore, it is necessary to develop effective anomaly detection methods to resist various threats. However, the current methods mostly use each packet in the network as the detection object, ignore the overall timing pattern of the network, cannot detect some advanced behavior attacks. In this paper, we introduce the concept of network flow, which consists of the same end-to-end network packets, besides the network flow fragmentation divides the network flow into pieces at regular intervals. We also propose a network flow anomaly detection method based on density clustering, which uses bidirectional flow statistics as features. The experimental result demonstrate that the methodology has excellent detection effect on large-scale malicious traffic and injection attacks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Fang, X., Misra, S., Xue, G., et al.: Smart grid — the new and improved power grid: a survey. IEEE Commun. Surv. Tutorials 14(4), 944–980 (2012)
E-ISAC, SANS ICS: Analysis of the Cyber Attack on the Ukrainian Power Grid, p4, 18 March 2016. http://www.nerc.com/pa/CI/ESISAC/Documents/E-ISAC_SANS_Ukraine_DUC_18Mar2016.pdf
Shang, W., An, P., Wan, M., et al.: Summary of research and development of industrial control system intrusion detection technology. Appl. Res. Comput. 34(2), 328–333 (2017)
Khalili, A., Sami, A.: SysDetect: a systematic approach to critical state determination for Industrial intrusion detection systems using Apriori algorithm. J. Process Control 32(11), 154–160 (2015)
Choi, S., Chang, Y., Yun, J.H., et al.: Traffic-Locality-Based Creation of Flow Whitelists for SCADA Networks (2015)
Yang, D., Usynin, A., Hines, J.W.: Anomaly-based intrusion detection for SCADA systems (2005)
Mo, Y., Chabukswar, R., Sinopoli, B.: Detecting integrity attacks on SCADA systems. IEEE Trans. Control Syst. Technol. 44(1), 11239–11244 (2011)
Zhang, Y., Tong, W., Zhao, Y.: Improvement of CUSUM anomaly detection algorithm and application in industrial control intrusion detection system. Metallurgical Industry Automation (2014)
Guo, S., Wu, M., Wang, C.: Symbolic execution of programmable logic controller code. In: ACM SIGSOFT Symposium on the Foundations of Software Engineering. ACM (2017)
Stephen, M., et al.: A trusted safety verifier for process controller code. In: NDSS Symposium 2014, pp. 1–3, February 2014
Zhou, C., Huang, S., Xiong, N., et al.: Design and analysis of multimodel-based anomaly intrusion detection systems in industrial process automation. IEEE Trans. Syst. Man Cybernet. Syst. 45(10), 1345–1360 (2017)
Ponomarev, S., Atkison, T.: Industrial control system network intrusion detection by telemetry analysis. IEEE Trans. Dependable Secure Comput. 13(2), 252–260 (2016)
Macdermott, A., Shi, Q., Merabti, M., et al.: Intrusion detection for critical infrastructure protection. In: The 13th Post Graduate Symposium on the Convergence of Telecommunications, Networking and Broadcasting (PGNet 2012) (2012)
Zhou, Z.: Machine Learning. Tsinghua University Press, Beijing (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Zhang, L., Shen, X., Zhang, F., Ren, M., Li, B. (2018). Anomaly Detection for Power Grid Based on Network Flow. In: Qiu, M. (eds) Smart Computing and Communication. SmartCom 2018. Lecture Notes in Computer Science(), vol 11344. Springer, Cham. https://doi.org/10.1007/978-3-030-05755-8_43
Download citation
DOI: https://doi.org/10.1007/978-3-030-05755-8_43
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-05754-1
Online ISBN: 978-3-030-05755-8
eBook Packages: Computer ScienceComputer Science (R0)