skip to main content
10.1145/2695664.2695725acmconferencesArticle/Chapter ViewAbstractPublication PagessacConference Proceedingsconference-collections
research-article

Harnessing the unknown in advanced metering infrastructure traffic

Published: 13 April 2015 Publication History

Abstract

The Advanced Metering Infrastructure (AMI), a key component for smart grids, is expanding with more installed devices. Due to security and privacy concerns, the communication between these devices is encrypted, making it more secure against malicious third parties but also obscuring the ability of the network owner to detect any misbehaving user or equipment. We are investigating how to balance the need for confidentiality with the need to monitor the AMI. More specifically, we develop one important component for an AMI Intrusion Detection System (IDS), which can accurately determine the individual commands (but not their content) sent between AMI devices even when they are sent over an encrypted channel or in a protocol that the IDS cannot parse. We explain our methodology and propose features which summarize traffic characteristics. We conduct a feasibility study based on representative protocols in AMI and demonstrate the real utility of this IDS component. Our results are validated experimentally using two different datasets containing realistic traffic captured from two different AMI testbeds.

References

[1]
R. Berthier, D. I. Urbina, A. A. Cárdenas, M. Guerrero, U. Herberg, J. G. Jetcheva, D. Mashima, J. H. Huh, and R. B. Bobba. On the practicality of detecting anomalies with encrypted traffic in AMI. In Proceedings of the IEEE Conference on Smart Grid Communications (SmartGridComm), 2014.
[2]
K. Beyer, J. Goldstein, R. Ramakrishnan, and U. Shaft. When is "nearest neighbor" meaningful? In Database Theory - ICDT'99, number 1540 in Lecture Notes in Computer Science, pages 217--235. 1999.
[3]
M. Costache, V. Tudor, M. Almgren, M. Papatriantafilou, and C. Saunders. Remote control of smart meters: Friend or foe? In Computer Network Defense (EC2ND), 2011 Seventh European Conference on, pages 49--56, 2011.
[4]
DLMS User Association. DLMS/COSEM protocol http://www.dlms.com/index2.php.
[5]
D. Grochocki, J. Huh, R. Berthier, R. Bobba, W. Sanders, A. Cardenas, and J. Jetcheva. AMI threats, intrusion detection requirements and deployment recommendations. In Smart Grid Communications (SmartGridComm), IEEE Third International Conference on, pages 395--400, 2012.
[6]
M. Hoeve. Detecting intrusions in encrypted control traffic. In Proceedings of the First ACM Workshop on Smart Energy Grid Security, SEGS '13, pages 23--28. ACM, 2013.
[7]
I. Jolliffe. Principal component analysis. Wiley Online Library, 2005.
[8]
KrebsonSecurity. FBI: Smart Meter Hacks Likely to Spread. http://krebsonsecurity.com/2012/04/fbi-smart-meter-hacks-likely-to-spread/, April 2012. {last visited September 2014}.
[9]
W. Lee, S. Stolfo, and K. Mok. A data mining framework for building intrusion detection models. In Proceedings of the 1999 IEEE Symposium on Security and Privacy, pages 120--132, 1999.
[10]
M-Bus Usergroup. M-Bus protocol http://www.m-bus.com/.
[11]
S. McLaughlin, D. Podkuiko, S. Miadzvezhanka, A. Delozier, and P. McDaniel. Multi-vendor penetration testing in the Advanced Metering Infrastructure. In Proceedings of the 26th Annual Computer Security Applications Conference, pages 107--116. ACM, 2010.
[12]
A. W. Moore and D. Zuev. Internet traffic classification using Bayesian analysis techniques. In Proceedings of the 2005 ACM International Conference on Measurement and Modeling of Computer Systems, pages 50--60. ACM, 2005.
[13]
M. Raciti and S. Nadjm-Tehrani. Embedded cyber-physical anomaly detection in smart meters. In Critical Information Infrastructures Security, volume 7722 of Lecture Notes in Computer Science, pages 34--45. 2013.
[14]
M. Roughan, S. Sen, O. Spatscheck, and N. Duffield. Class-of-service mapping for QoS: a statistical signature-based approach to IP traffic classification. In Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement, pages 135--148. ACM, 2004.
[15]
The WiMBex Team. Wimbex - innovative wireless smart metering solution http://www.wimbex.com/.
[16]
R. Weber, H.-J. Schek, and S. Blott. A quantitative analysis and performance study for similarity-search methods in high-dimensional spaces. In Very Large Data Bases, volume 98, pages 194--205, 1998.
[17]
N. Williams, S. Zander, and G. Armitage. A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification. SIGCOMM Comput. Commun. Rev., 36(5):5--16, Oct. 2006.
[18]
C. V. Wright, L. Ballard, S. E. Coull, F. Monrose, and G. M. Masson. Uncovering spoken phrases in encrypted voice over IP conversations. ACM Trans. Inf. Syst. Secur., 13(4):35:1--35:30, Dec. 2010.
[19]
C. V. Wright, F. Monrose, and G. M. Masson. Using visual motifs to classify encrypted traffic. In Proceedings of the 3rd International Workshop on Visualization for Computer Security, VizSEC '06, pages 41--50, New York, NY, USA, 2006. ACM.

Cited By

View all
  • (2024)Towards Incident Response Orchestration and Automation for the Advanced Metering Infrastructure2024 IEEE 20th International Conference on Factory Communication Systems (WFCS)10.1109/WFCS60972.2024.10540775(1-8)Online publication date: 17-Apr-2024
  • (2023)Risk Assessment Method for 5G-oriented DLMS/COSEM Communications2023 IEEE Conference on Standards for Communications and Networking (CSCN)10.1109/CSCN60443.2023.10453204(15-21)Online publication date: 6-Nov-2023
  • (2017)BibliographyFrontiers of Multimedia Research10.1145/3122865.3122878(315-377)Online publication date: 19-Dec-2017
  • Show More Cited By

Index Terms

  1. Harnessing the unknown in advanced metering infrastructure traffic

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    SAC '15: Proceedings of the 30th Annual ACM Symposium on Applied Computing
    April 2015
    2418 pages
    ISBN:9781450331968
    DOI:10.1145/2695664
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 13 April 2015

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. AMI encrypted traffic
    2. networks
    3. security
    4. smart grid

    Qualifiers

    • Research-article

    Funding Sources

    • European Comission Seventh Framework Programme

    Conference

    SAC 2015
    Sponsor:
    SAC 2015: Symposium on Applied Computing
    April 13 - 17, 2015
    Salamanca, Spain

    Acceptance Rates

    SAC '15 Paper Acceptance Rate 291 of 1,211 submissions, 24%;
    Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

    Upcoming Conference

    SAC '25
    The 40th ACM/SIGAPP Symposium on Applied Computing
    March 31 - April 4, 2025
    Catania , Italy

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)0
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 20 Jan 2025

    Other Metrics

    Citations

    Cited By

    View all

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media