skip to main content
10.1145/2459976.2460022acmotherconferencesArticle/Chapter ViewAbstractPublication PagescsiirwConference Proceedingsconference-collections
research-article

Causal event graphs cyber-physical system intrusion detection system

Published:08 January 2013Publication History

ABSTRACT

This paper proposes to model the causal relationship between devices in a cyber-physical system using a Bayesian Networks and a new Bayesian Network expansion called causal event graphs. Unique paths through causal event graphs are used to model deterministic signatures which can be used by an intrusion detection system to classify events. A case study is provided to demonstrate the effectiveness of the method for classifying cyber and physical events in an electric transmission system. Bulk electric transmission systems are dynamic cyber-physical systems. Cyber monitoring and control systems are used to remotely operate the power system and to detect and react to physical disturbances. The communication layer associated with this monitoring and control functionality also enables cyber attacks against transmission systems. Existing regulations require utilities to use monitoring techniques such as intrusion detection systems to monitor cyber activity at electronic security perimeter boundaries. Recent attacks demonstrate that monitoring restricted to boundaries is insufficient to detect all attack threats. The methodology described in this paper provides a means to develop a model based defense in depth solution for electric transmission system intrusion detection.

References

  1. Hurtgen, M. and Maun, J. C. "Advantages of power system state estimation using phasor measurement units," 16th Power Systems Computation Conference. Glasgow, Scotland. July 14--18, 2008.Google ScholarGoogle Scholar
  2. Ning, J. "Wide-area monitoring and recognition for power system disturbances using data mining and knowledge discovery theory," Ph.D. Dissertation, Tennessee Technol. Univ., Cookeville, TN, Aug. 2010 Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Restrepo, J. "A real-time wide-area control for Mitigating small-signal instability in large electric power systems," Phd thesis, Washington State University, 2005Google ScholarGoogle Scholar
  4. Sanguesa, R., Cortès, U. "Learning causal networks from data: a survey and a new algorithm for recovering possibilistic causal networks", A. I. Communications, 10 (1997), pp. 31--36 Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Morris, T., Vaughn, R., Dandass, Y. A Retrofit Network Intrusion Detection System for MODBUS RTU and ASCII Industrial Control Systems. Proceedings of the 45th IEEE Hawaii International Conference on System Sciences (HICSS -- 45). January 4--7, 2012. Grand Wailea, Maui. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Peterson, D.; "Quickdraw: Generating Security Log Events for Legacy SCADA and Control System Devices," Conference For Homeland Security, 2009. CATCH '09. Cybersecurity Applications & Technology, vol., no., pp.227--229, 3--4 March 2009 Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Morris, T., Pan, S., Lewis, J., Moorhead, J., Reaves, B., Younan, N., King, R, Freund, M., Madani, V. Cybersecurity Testing of Substation Phasor Measurement Units and Phasor Data Concentrators. The 7th Annual ACM Cyber Security and Information Intelligence Research Workshop (CSIIRW). October 12--14, 2011. Oak Ridge, TN. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Causal event graphs cyber-physical system intrusion detection system

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in
      • Published in

        cover image ACM Other conferences
        CSIIRW '13: Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop
        January 2013
        282 pages
        ISBN:9781450316873
        DOI:10.1145/2459976

        Copyright © 2013 Authors

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 8 January 2013

        Permissions

        Request permissions about this article.

        Request Permissions

        Check for updates

        Qualifiers

        • research-article

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader