Related papers: Distributed Intrusion Detection System using Semantic-based Rules for SCADA in Smart Grid

Distributed Intrusion Detection System using Semantic-based Rules for SCADA in Smart Grid

URL: http://arxiv.org/abs/2412.07917v1
Date: Tue, 10 Dec 2024 20:57:43 GMT
Title: Distributed Intrusion Detection System using Semantic-based Rules for SCADA in Smart Grid
Authors: Sathya Narayana Mohan, Gelli Ravikumar, Manimaran Govindarasu,
Abstract summary: Cyber-physical system (CPS) security for the smart grid enables secure communication for the SCADA and wide-area measurement system data. Power utilities world-wide use various SCADA protocols, namely DNP3, and IEC 61850, for the data exchanges across substation field devices, remote terminal units (RTUs), and control center applications. Adversaries may exploit compromised SCADA protocols for the reconnaissance, data exfiltration, vulnerability assessment, and injection of stealthy cyberattacks to affect power system operation.
Score: 0.0
License:
Abstract: Cyber-physical system (CPS) security for the smart grid enables secure communication for the SCADA and wide-area measurement system data. Power utilities world-wide use various SCADA protocols, namely DNP3, Modbus, and IEC 61850, for the data exchanges across substation field devices, remote terminal units (RTUs), and control center applications. Adversaries may exploit compromised SCADA protocols for the reconnaissance, data exfiltration, vulnerability assessment, and injection of stealthy cyberattacks to affect power system operation. In this paper, we propose an efficient algorithm to generate robust rule sets. We integrate the rule sets into an intrusion detection system (IDS), which continuously monitors the DNP3 data traffic at a substation network and detects intrusions and anomalies in real-time. To enable CPS-aware wide-area situational awareness, we integrated the methodology into an open-source distributed-IDS (D-IDS) framework. The D-IDS facilitates central monitoring of the detected anomalies from the geographically distributed substations and to the control center. The proposed algorithm provides an optimal solution to detect network intrusions and abnormal behavior. Different types of IDS rules based on packet payload, packet flow, and time threshold are generated. Further, IDS testing and evaluation is performed with a set of rules in different sequences. The detection time is measured for different IDS rules, and the results are plotted. All the experiments are conducted at Power Cyber Lab, Iowa State University, for multiple power grid models. After successful testing and evaluation, knowledge and implementation are transferred to field deployment.

Related papers

An Unsupervised Adversarial Autoencoder for Cyber Attack Detection in Power Distribution Grids [0.0]
This paper proposes an unsupervised adversarial autoencoder (AAE) model to detect false data injection attacks (FDIAs) in unbalanced power distribution grids. The proposed method utilizes long short-term memory (LSTM) in the structure of the autoencoder to capture the temporal dependencies in the time-series measurements. It is tested on IEEE 13-bus and 123-bus systems with historical meteorological data and historical real-world load data.
arXiv Detail & Related papers (2024-03-31T01:20:01Z)
A Transformer-Based Framework for Payload Malware Detection and Classification [0.0]
Techniques such as Deep Packet Inspection (DPI) have been introduced to allow IDSs analyze the content of network packets. In this paper, we propose a revolutionary DPI algorithm based on transformers adapted for the purpose of detecting malicious traffic.
arXiv Detail & Related papers (2024-03-27T03:25:45Z)
Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS) FLEKD enables a more flexible aggregation method than conventional model fusion techniques. Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
arXiv Detail & Related papers (2024-01-22T14:16:37Z)
Electrical Grid Anomaly Detection via Tensor Decomposition [41.94295877935867]
Previous work has shown that dimensionality reduction-based approaches can be used for accurate identification of anomalies in SCADA systems. In this work, we novelly apply the tensor decomposition method Canonical Polyadic Alternating Poisson Regression with a probabilistic framework, to identify anomalies in SCADA systems. In our experiments, we model real-world SCADA system data collected from the electrical grid operated by Los Alamos National Laboratory.
arXiv Detail & Related papers (2023-10-12T18:23:06Z)
Joint object detection and re-identification for 3D obstacle multi-camera systems [47.87501281561605]
This research paper introduces a novel modification to an object detection network that uses camera and lidar information. It incorporates an additional branch designed for the task of re-identifying objects across adjacent cameras within the same vehicle. The results underscore the superiority of this method over traditional Non-Maximum Suppression (NMS) techniques.
arXiv Detail & Related papers (2023-10-09T15:16:35Z)
Deep Federated Anomaly Detection for Multivariate Time Series Data [93.08977495974978]
We present a Federated Exemplar-based Deep Neural Network (Fed-ExDNN) to conduct anomaly detection for multivariate time series data on different edge devices. We show that ExDNN and Fed-ExDNN can outperform state-of-the-art anomaly detection algorithms and federated learning techniques.
arXiv Detail & Related papers (2022-05-09T05:06:58Z)
DAE : Discriminatory Auto-Encoder for multivariate time-series anomaly detection in air transportation [68.8204255655161]
We propose a novel anomaly detection model called Discriminatory Auto-Encoder (DAE) It uses the baseline of a regular LSTM-based auto-encoder but with several decoders, each getting data of a specific flight phase. Results show that the DAE achieves better results in both accuracy and speed of detection.
arXiv Detail & Related papers (2021-09-08T14:07:55Z)
Towards a Privacy-preserving Deep Learning-based Network Intrusion Detection in Data Distribution Services [0.0]
Data Distribution Service (DDS) is an innovative approach towards communication in ICS/IoT infrastructure and robotics. Traditional intrusion detection systems (IDS) do not detect any anomalies in the publish/subscribe method. This report presents an experimental work on simulation and application of Deep Learning for their detection.
arXiv Detail & Related papers (2021-06-12T12:53:38Z)
Multi-Source Data Fusion for Cyberattack Detection in Power Systems [1.8914160585516038]
We show that fusing information from multiple data sources can help identify cyber-induced incidents and reduce false positives. We perform multi-source data fusion for training IDS in a cyber-physical power system testbed. Results are presented using the proposed data fusion application to infer False Data and Command injection-based Man-in- The-Middle attacks.
arXiv Detail & Related papers (2021-01-18T06:34:45Z)
Adaptive Anomaly Detection for IoT Data in Hierarchical Edge Computing [71.86955275376604]
We propose an adaptive anomaly detection approach for hierarchical edge computing (HEC) systems to solve this problem. We design an adaptive scheme to select one of the models based on the contextual information extracted from input data, to perform anomaly detection. We evaluate our proposed approach using a real IoT dataset, and demonstrate that it reduces detection delay by 84% while maintaining almost the same accuracy as compared to offloading detection tasks to the cloud.
arXiv Detail & Related papers (2020-01-10T05:29:17Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.