Abstract
Power system blackouts would cause a significant impact on social and economic activities. Therefore, a key underlying requirement for a resilient power system is to detect cyber attacks and provide an appropriate response in nearly real time. However, due to limited computing resource and latency of the current power system Intrusion Detection Systems (IDS), they are not capable to detect cyber attacks for a large-scale system in real time.
In this paper, we designed a Distributed Event and IDS (DEIDS) that provides advance monitoring, incident analysis, and instant attack detection over the entire grid network. The application of the DEIDS will provide an easy and fast way to recognize power system performance trends and the patterns of cyber attacks. To realize such a DEIDS, we used four feature selection methods and applied these methods on selecting the most significant features for a 38GB test dataset. Comparing with previous research work [1, 2], we have validated that the DEIDS provides the highest detection accuracy but the lowest overhead by modifying the Particle Swarm optimization fitness function to enhance the NNGE classifier through choosing the best detection attributes.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Adhikari, U., Morris, T.: Applying hoeffding adaptive trees for real-time cyber-power event and intrusion classification. IEEE Trans. Smart Grid 99, 1–1 (2017)
Adhikari, U., Morris, T.H., Pan, S.: Applying non-nested generalized exemplars classification for cyber-power event and intrusion detection. IEEE Trans. Smart Grid PP(99), 1–1 (2016)
U. D. of Engery, Chapter 3: Enabling modernization of the electric power system, Quadrennial Technology Review 2015 Transmission and Distribution Components (2015)
Minkel, J.: The 2003 northeast blackout-five years later. Scientific American, April 2008. https://www.scientificamerican.com/article/2003-blackout-five-years-later/
F.E.R. Commission, Arizona-southern california outages on September 8, 2011 causes and recommendations (2012)
F.I.I. Report, Cyber attacks on the ukrainian grid: What you should know. https://www.fireeye.com/content/dam/fireeye-www/global/en/solutions/pdfs/fe-cyber-attacks-ukrainian-grid.pdf
Bacet, J.A.B.: Inside the cunning, unprecedented hack of ukraines power grid, March 2016. https://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/
Department of Energy, Smart grid. https://energy.gov/oe/services/technology-development/smart-grid
Bao, H., Lu, R., Li, B., Deng, R.: BLITHE: behavior rule-based insider threat detection for smart grid. IEEE Internet Things J. 3(2), 190–205 (2016)
Yang, Y., McLaughlin, K., Sezer, S., Littler, T., Pranggono, B., Brogan, P., Wang, H.F.: Intrusion detection system for network security in synchrophasor systems. In: IET International Conference on Information and Communications Technologies (IETICT 2013), pp. 246–252, April 2013
Zhang, Y., Wang, L., Sun, W., Green II, R.C., Alam, M.: Distributed intrusion detection system in a multi-layer network architecture of smart grids. IEEE Trans. Smart Grid 2, 796–808 (2011)
Hadeli, H., Schierholz, R., Braendle, M., Tuduce, C.: Leveraging determinism in industrial control systems for advanced anomaly detection and reliable security configuration. In: 2009 IEEE Conference on Emerging Technologies Factory Automation, pp. 1–8, September 2009
Bolzoni, D., Etalle, S., Hartel, P.H.: Panacea: automating attack classification for anomaly-based network intrusion detection systems. In: Kirda, E., Jha, S., Balzarotti, D. (eds.) RAID 2009. LNCS, vol. 5758, pp. 1–20. Springer, Heidelberg (2009). doi:10.1007/978-3-642-04342-0_1
Valenzuela, J., Wang, J., Bissinger, N.: Real-time intrusion detection in power system operations. IEEE Trans. Power Syst. 28, 1052–1062 (2013)
Morteza Talebi, J.W., Qu, Z.: Secure power systems against malicious cyber-physical data attacks: Protection and identification. World Academy of Science, World Academy of Science, vol. 6 (2012)
Hink, R.C.B., Beaver, J.M., Buckner, M.A., Morris, T., Adhikari, U., Pan, S.: Machine learning for power system disturbance and cyber-attack discrimination. In: 2014 7th International Symposium on Resilient Control Systems (ISRCS), pp. 1–8, August 2014
Pan, S.: Cybersecurity testing and intrusion detection for cyber-physical power systems. Ph.D. thesis, Mississippi State University (2014)
Adhikari, U.: Event and intrusion detection systems for cyber-physical power systems. Ph.D. thesis, Mississippi State University (2015)
Industrial control system (ics) cyber attack datasets. http://www.ece.uah.edu/~thm0009/icsdatasets/PowerSystem_Dataset_README.pdf
Wang, H., Sun, H., Li, C., Rahnamayan, S., Shyang Pan, J.: Diversity enhanced particle swarm optimization with neighborhood search. Inform. Sci. 223, 119–135 (2013)
Acknowledgements
This work was partially supported by the U.S. Department of Homeland Security Science & Technology under contract #HSHQDC-16-C-B0033, and by the Office of Naval Research (ONR) grant N0014-14-1-0168.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Chen, Q., Kholidy, H.A., Abdelwahed, S., Hamilton, J. (2017). Towards Realizing a Distributed Event and Intrusion Detection System. In: Doss, R., Piramuthu, S., Zhou, W. (eds) Future Network Systems and Security. FNSS 2017. Communications in Computer and Information Science, vol 759. Springer, Cham. https://doi.org/10.1007/978-3-319-65548-2_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-65548-2_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-65547-5
Online ISBN: 978-3-319-65548-2
eBook Packages: Computer ScienceComputer Science (R0)