research-article

Causal event graphs cyber-physical system intrusion detection system

Authors:

Shengyi Pan,

Thomas H. Morris,

Uttam Adhikari,

Vahid MadaniAuthors Info & Claims

CSIIRW '13: Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop

Article No.: 40, Pages 1 - 4

https://doi.org/10.1145/2459976.2460022

Published: 08 January 2013 Publication History

Get Access

Abstract

This paper proposes to model the causal relationship between devices in a cyber-physical system using a Bayesian Networks and a new Bayesian Network expansion called causal event graphs. Unique paths through causal event graphs are used to model deterministic signatures which can be used by an intrusion detection system to classify events. A case study is provided to demonstrate the effectiveness of the method for classifying cyber and physical events in an electric transmission system. Bulk electric transmission systems are dynamic cyber-physical systems. Cyber monitoring and control systems are used to remotely operate the power system and to detect and react to physical disturbances. The communication layer associated with this monitoring and control functionality also enables cyber attacks against transmission systems. Existing regulations require utilities to use monitoring techniques such as intrusion detection systems to monitor cyber activity at electronic security perimeter boundaries. Recent attacks demonstrate that monitoring restricted to boundaries is insufficient to detect all attack threats. The methodology described in this paper provides a means to develop a model based defense in depth solution for electric transmission system intrusion detection.

References

[1]

Hurtgen, M. and Maun, J. C. "Advantages of power system state estimation using phasor measurement units," 16th Power Systems Computation Conference. Glasgow, Scotland. July 14--18, 2008.

Google Scholar

[2]

Ning, J. "Wide-area monitoring and recognition for power system disturbances using data mining and knowledge discovery theory," Ph.D. Dissertation, Tennessee Technol. Univ., Cookeville, TN, Aug. 2010

Digital Library

Google Scholar

[3]

Restrepo, J. "A real-time wide-area control for Mitigating small-signal instability in large electric power systems," Phd thesis, Washington State University, 2005

Google Scholar

[4]

Sanguesa, R., Cortès, U. "Learning causal networks from data: a survey and a new algorithm for recovering possibilistic causal networks", A. I. Communications, 10 (1997), pp. 31--36

Digital Library

Google Scholar

[5]

Morris, T., Vaughn, R., Dandass, Y. A Retrofit Network Intrusion Detection System for MODBUS RTU and ASCII Industrial Control Systems. Proceedings of the 45th IEEE Hawaii International Conference on System Sciences (HICSS -- 45). January 4--7, 2012. Grand Wailea, Maui.

Digital Library

Google Scholar

[6]

Peterson, D.; "Quickdraw: Generating Security Log Events for Legacy SCADA and Control System Devices," Conference For Homeland Security, 2009. CATCH '09. Cybersecurity Applications & Technology, vol., no., pp.227--229, 3--4 March 2009

Digital Library

Google Scholar

[7]

Morris, T., Pan, S., Lewis, J., Moorhead, J., Reaves, B., Younan, N., King, R, Freund, M., Madani, V. Cybersecurity Testing of Substation Phasor Measurement Units and Phasor Data Concentrators. The 7th Annual ACM Cyber Security and Information Intelligence Research Workshop (CSIIRW). October 12--14, 2011. Oak Ridge, TN.

Digital Library

Google Scholar

Cited By

View all

Rawal ARaglin ARawat DSadler BMcCoy J(2025)Causality for Trustworthy Artificial Intelligence: Status, Challenges and PerspectivesACM Computing Surveys10.1145/366549457:6(1-30)Online publication date: 10-Feb-2025
https://dl.acm.org/doi/10.1145/3665494
Tanwar MRaghavan NDammala P(2024)Fault Detection and Isolation of Cyber-Physical System under Cyber-Attack Using Bayesian Network2024 IEEE International Conference on Prognostics and Health Management (ICPHM)10.1109/ICPHM61352.2024.10627322(84-92)Online publication date: 17-Jun-2024
https://doi.org/10.1109/ICPHM61352.2024.10627322
Duman OZhang MWang LDebbabi MAtallah RLebel B(2020)Factor of Security (FoS): Quantifying the Security Effectiveness of Redundant Smart Grid SubsystemsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2020.3009931(1-1)Online publication date: 2020
https://doi.org/10.1109/TDSC.2020.3009931
Show More Cited By

Index Terms

Causal event graphs cyber-physical system intrusion detection system
1. Applied computing
  1. Operations research
2. Information systems
  1. Information systems applications
    1. Process control systems

Recommendations

Intrusion Detection System: A Comparative Study of Machine Learning-Based IDS

The use of encrypted data, the diversity of new protocols, and the surge in the number of malicious activities worldwide have posed new challenges for intrusion detection systems (IDS). In this scenario, existing signature-based IDS are not performing ...
Securing Collaborative Intrusion Detection Systems

One threat to collaborative intrusion detection systems (CIDSs) is statistic-poisoning attacks. In these attacks, adversaries inject incorrect security sensor reports to the system's repository to corrupt the published attack statistics. A novel, robust ...
Host-Based Intrusion Detection System with System Calls: Review and Future Trends

In a contemporary data center, Linux applications often generate a large quantity of real-time system call traces, which are not suitable for traditional host-based intrusion detection systems deployed on every single host. Training data mining models ...

Comments

Information & Contributors

Information

Published In

CSIIRW '13: Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop

January 2013

282 pages

ISBN:9781450316873

DOI:10.1145/2459976

Editors:
Frederick Sheldon
Oak Ridge National Laboratory
,
Annarita Giani
Los Alamos National Laboratory
,
Axel Krings
University of Idaho
,
Robert Abercrombie
Oak Ridge National Laboratory

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 January 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CSIIRW '13

Sponsor:

Los Alamos National Labs
Sandia National Labs
DOE
Lawrence Livermore National Lab.
BERKELEYLAB
Argonne Natl Lab
Idaho National Lab.
Nevada National Security Site

CSIIRW '13: Cyber Security and Information Intelligence

January 8 - 10, 2013

Tennessee, Oak Ridge, USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
534
Total Downloads

Downloads (Last 12 months)12
Downloads (Last 6 weeks)2

Reflects downloads up to 07 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Rawal ARaglin ARawat DSadler BMcCoy J(2025)Causality for Trustworthy Artificial Intelligence: Status, Challenges and PerspectivesACM Computing Surveys10.1145/366549457:6(1-30)Online publication date: 10-Feb-2025
https://dl.acm.org/doi/10.1145/3665494
Tanwar MRaghavan NDammala P(2024)Fault Detection and Isolation of Cyber-Physical System under Cyber-Attack Using Bayesian Network2024 IEEE International Conference on Prognostics and Health Management (ICPHM)10.1109/ICPHM61352.2024.10627322(84-92)Online publication date: 17-Jun-2024
https://doi.org/10.1109/ICPHM61352.2024.10627322
Duman OZhang MWang LDebbabi MAtallah RLebel B(2020)Factor of Security (FoS): Quantifying the Security Effectiveness of Redundant Smart Grid SubsystemsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2020.3009931(1-1)Online publication date: 2020
https://doi.org/10.1109/TDSC.2020.3009931
Li BXiao YShi YKong QWu YBao H(2020)Anti-Honeypot Enabled Optimal Attack Strategy for Industrial Cyber-Physical SystemsIEEE Open Journal of the Computer Society10.1109/OJCS.2020.30308251(250-261)Online publication date: 2020
https://doi.org/10.1109/OJCS.2020.3030825
Hei XBai BWang YZhang LZhu LJi W(2019)Feature Extraction Optimization for Bitstream Communication Protocol Format Reverse Analysis2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)10.1109/TrustCom/BigDataSE.2019.00094(662-669)Online publication date: Aug-2019
https://doi.org/10.1109/TrustCom/BigDataSE.2019.00094
Wang WBai BWang YHei XZhang L(2019)Bitstream Protocol Classification Mechanism Based on Feature Extraction2019 International Conference on Networking and Network Applications (NaNA)10.1109/NaNA.2019.00050(241-246)Online publication date: Oct-2019
https://doi.org/10.1109/NaNA.2019.00050
Sicard FZamai ÉFlaus J(2018)Critical States Distance Filter Based Approach for Detection and Blockage of Cyberattacks in Industrial Control SystemsDiagnosability, Security and Safety of Hybrid Dynamic and Cyber-Physical Systems10.1007/978-3-319-74962-4_5(117-145)Online publication date: 9-Mar-2018
https://doi.org/10.1007/978-3-319-74962-4_5
Chockalingam SPieters WTeixeira Avan Gelder P(2017)Bayesian Network Models in Cyber Security: A Systematic ReviewSecure IT Systems10.1007/978-3-319-70290-2_7(105-122)Online publication date: 4-Nov-2017
https://doi.org/10.1007/978-3-319-70290-2_7
Adhikari UMorris TPan S(2014)A causal event graph for cyber-power system events using synchrophasor2014 IEEE PES General Meeting | Conference & Exposition10.1109/PESGM.2014.6939285(1-5)Online publication date: Jul-2014
https://doi.org/10.1109/PESGM.2014.6939285
Adhikari UMorris TPan S(2014)A cyber-physical power system test bed for intrusion detection systems2014 IEEE PES General Meeting | Conference & Exposition10.1109/PESGM.2014.6939262(1-5)Online publication date: Jul-2014
https://doi.org/10.1109/PESGM.2014.6939262

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Intrusion Detection System: A Comparative Study of Machine Learning-Based IDS

Securing Collaborative Intrusion Detection Systems

Host-Based Intrusion Detection System with System Calls: Review and Future Trends

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations