ABSTRACT
Current concerns for the cyber security of the smart grid require the development of novel attack detection tools. Intrusion detection systems have proven to be a critical component of traditional IT architectures, however, current techniques do not adequately meet the stringent requirements of the electric grid. This research introduces a model-based intrusion detection system specifically targeting the operations of smart grid environments, especially substation automation systems. This approach focuses on the IEC 61850 protocol and leverages the deterministic data flows to accurately identify communication patterns. These data flows are then represented with a Petri-net model which is used to identify malicious spacial and temporal anomalies. Finally, this research proposes system level analysis of detected substation attacks to help identify potential coordinated attacks.
- M. Adamiak, D. Baigent, and R. Mackiewicz. IEC 61850 Communication Networks and Systems In Substations: An Overview for Users. GE Digital Energy/SISCK, 2009.Google Scholar
- S. Blair, C. Booth, and G. Burt. Architecture for automatically generating an efficient IEC 61850-based communications platform for the rapid prototyping of protection schemes. University of Strathclyde, Glasgow, UK.Google Scholar
- S. Cheung, B. Dutertre, M. Fong, U. Lindqvist, S. K., and A. Valdes. Using model-based intrusion detection for SCADA networks. In Proceedings of the SCADA Security Scientific Symposium, Jan. 2007.Google Scholar
- "DigitalBond". Quickdraw SCADA IDS, 2011.Google Scholar
- Jointly-Commissioned Summary Report of the North American Electric Reliability Corporation and the U.S. Department of Energy. High-Impact, Low-Frequency Event Risk to the North American Bulk Power System, Nov. 2009.Google Scholar
- J. L. Rrushi and R. H. Campbell. Detecting attacks in power plant interfacing substations through probabilistic validation of attack-effect bindings. In D. Peterson, editor, Proceedings of the SCADA Security Scientific Symposium 2008, page 24, January 2008.Google Scholar
- X. Ye, J. Zhou, and X. Song. How to use IEC 61850 in protection and automation. ELECTRA, 222, 2005.Google Scholar
Index Terms
- Model-based intrustion detection for the smart grid (MINDS)
Recommendations
Distributed Detection of Single-Stage Multipoint Cyber Attacks in a Water Treatment Plant
ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications SecurityA distributed detection method is proposed to detect single stage multi-point (SSMP) attacks on a Cyber Physical System (CPS). Such attacks aim at compromising two or more sensors or actuators at any one stage of a CPS and could totally compromise a ...
Survey Cyber security in the Smart Grid: Survey and challenges
The Smart Grid, generally referred to as the next-generation power system, is considered as a revolutionary and evolutionary regime of existing power grids. More importantly, with the integration of advanced computing and communication technologies, the ...
Machine Learning-based Intrusion Detection for Smart Grid Computing: A Survey
Machine learning (ML)-based intrusion detection system (IDS) approaches have been significantly applied and advanced the state-of-the-art system security and defense mechanisms. In smart grid computing environments, security threats have been ...
Comments