ABSTRACT
This paper proposes to model the causal relationship between devices in a cyber-physical system using a Bayesian Networks and a new Bayesian Network expansion called causal event graphs. Unique paths through causal event graphs are used to model deterministic signatures which can be used by an intrusion detection system to classify events. A case study is provided to demonstrate the effectiveness of the method for classifying cyber and physical events in an electric transmission system. Bulk electric transmission systems are dynamic cyber-physical systems. Cyber monitoring and control systems are used to remotely operate the power system and to detect and react to physical disturbances. The communication layer associated with this monitoring and control functionality also enables cyber attacks against transmission systems. Existing regulations require utilities to use monitoring techniques such as intrusion detection systems to monitor cyber activity at electronic security perimeter boundaries. Recent attacks demonstrate that monitoring restricted to boundaries is insufficient to detect all attack threats. The methodology described in this paper provides a means to develop a model based defense in depth solution for electric transmission system intrusion detection.
- Hurtgen, M. and Maun, J. C. "Advantages of power system state estimation using phasor measurement units," 16th Power Systems Computation Conference. Glasgow, Scotland. July 14--18, 2008.Google Scholar
- Ning, J. "Wide-area monitoring and recognition for power system disturbances using data mining and knowledge discovery theory," Ph.D. Dissertation, Tennessee Technol. Univ., Cookeville, TN, Aug. 2010 Google ScholarDigital Library
- Restrepo, J. "A real-time wide-area control for Mitigating small-signal instability in large electric power systems," Phd thesis, Washington State University, 2005Google Scholar
- Sanguesa, R., Cortès, U. "Learning causal networks from data: a survey and a new algorithm for recovering possibilistic causal networks", A. I. Communications, 10 (1997), pp. 31--36 Google ScholarDigital Library
- Morris, T., Vaughn, R., Dandass, Y. A Retrofit Network Intrusion Detection System for MODBUS RTU and ASCII Industrial Control Systems. Proceedings of the 45th IEEE Hawaii International Conference on System Sciences (HICSS -- 45). January 4--7, 2012. Grand Wailea, Maui. Google ScholarDigital Library
- Peterson, D.; "Quickdraw: Generating Security Log Events for Legacy SCADA and Control System Devices," Conference For Homeland Security, 2009. CATCH '09. Cybersecurity Applications & Technology, vol., no., pp.227--229, 3--4 March 2009 Google ScholarDigital Library
- Morris, T., Pan, S., Lewis, J., Moorhead, J., Reaves, B., Younan, N., King, R, Freund, M., Madani, V. Cybersecurity Testing of Substation Phasor Measurement Units and Phasor Data Concentrators. The 7th Annual ACM Cyber Security and Information Intelligence Research Workshop (CSIIRW). October 12--14, 2011. Oak Ridge, TN. Google ScholarDigital Library
Index Terms
Causal event graphs cyber-physical system intrusion detection system
Recommendations
Intrusion Detection System: A Comparative Study of Machine Learning-Based IDS
The use of encrypted data, the diversity of new protocols, and the surge in the number of malicious activities worldwide have posed new challenges for intrusion detection systems (IDS). In this scenario, existing signature-based IDS are not performing ...
Securing Collaborative Intrusion Detection Systems
One threat to collaborative intrusion detection systems (CIDSs) is statistic-poisoning attacks. In these attacks, adversaries inject incorrect security sensor reports to the system's repository to corrupt the published attack statistics. A novel, robust ...
A lightweight intelligent network intrusion detection system using OCSVM and Pigeon inspired optimizer
AbstractDue to the widespread of Internet services, all around the world, service providers are facing a major problem defending their systems, especially from new breaches and attacks. Network Intrusion Detection System (NIDS) analyzes network packets ...
Comments