Randomization-Based Intrusion Detection System for Advanced Metering Infrastructure*

M. Ali, E. Al-Shaer
{"title":"Randomization-Based Intrusion Detection System for Advanced Metering Infrastructure*","authors":"M. Ali, E. Al-Shaer","doi":"10.1145/2814936","DOIUrl":null,"url":null,"abstract":"Smart grid deployment initiatives have been witnessed in recent years. Smart grids provide bidirectional communication between meters and head-end systems through Advanced Metering Infrastructure (AMI). Recent studies highlight the threats targeting AMI. Despite the need for tailored Intrusion Detection Systems (IDSs) for smart grids, very limited progress has been made in this area. Unlike traditional networks, smart grids have their own unique challenges, such as limited computational power devices and potentially high deployment cost, that restrict the deployment options of intrusion detectors. We show that smart grids exhibit deterministic and predictable behavior that can be accurately modeled to detect intrusion. However, it can also be leveraged by the attackers to launch evasion attacks. To this end, in this article, we present a robust mutation-based intrusion detection system that makes the behavior unpredictable for the attacker while keeping it deterministic for the system. We model the AMI behavior using event logs collected at smart collectors, which in turn can be verified using the invariant specifications generated from the AMI behavior and mutable configuration. Event logs are modeled using fourth-order Markov chain and specifications are written in Linear Temporal Logic (LTL). To counter evasion and mimicry attacks, we propose a configuration randomization module. The approach provides robustness against evasion and mimicry attacks; however, we discuss that it still can be evaded to a certain extent. We validate our approach on a real-world dataset of thousands of meters collected at the AMI of a leading utility provider.","PeriodicalId":50912,"journal":{"name":"ACM Transactions on Information and System Security","volume":"47 1","pages":"7:1-7:30"},"PeriodicalIF":0.0000,"publicationDate":"2015-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"17","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Information and System Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2814936","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q","JCRName":"Engineering","Score":null,"Total":0}
引用次数: 17

Abstract

Smart grid deployment initiatives have been witnessed in recent years. Smart grids provide bidirectional communication between meters and head-end systems through Advanced Metering Infrastructure (AMI). Recent studies highlight the threats targeting AMI. Despite the need for tailored Intrusion Detection Systems (IDSs) for smart grids, very limited progress has been made in this area. Unlike traditional networks, smart grids have their own unique challenges, such as limited computational power devices and potentially high deployment cost, that restrict the deployment options of intrusion detectors. We show that smart grids exhibit deterministic and predictable behavior that can be accurately modeled to detect intrusion. However, it can also be leveraged by the attackers to launch evasion attacks. To this end, in this article, we present a robust mutation-based intrusion detection system that makes the behavior unpredictable for the attacker while keeping it deterministic for the system. We model the AMI behavior using event logs collected at smart collectors, which in turn can be verified using the invariant specifications generated from the AMI behavior and mutable configuration. Event logs are modeled using fourth-order Markov chain and specifications are written in Linear Temporal Logic (LTL). To counter evasion and mimicry attacks, we propose a configuration randomization module. The approach provides robustness against evasion and mimicry attacks; however, we discuss that it still can be evaded to a certain extent. We validate our approach on a real-world dataset of thousands of meters collected at the AMI of a leading utility provider.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
基于随机的高级计量基础设施入侵检测系统*
近年来,智能电网部署倡议得到了见证。智能电网通过高级计量基础设施(AMI)在电表和前端系统之间提供双向通信。最近的研究强调了针对AMI的威胁。尽管需要为智能电网量身定制入侵检测系统(ids),但在这一领域取得的进展非常有限。与传统网络不同,智能电网有其独特的挑战,如有限的计算能力设备和潜在的高部署成本,这限制了入侵探测器的部署选择。我们表明,智能电网表现出确定性和可预测的行为,可以准确地建模以检测入侵。然而,攻击者也可以利用它来发起逃避攻击。为此,在本文中,我们提出了一个健壮的基于突变的入侵检测系统,该系统使攻击者的行为不可预测,同时保持系统的确定性。我们使用智能收集器收集的事件日志对AMI行为建模,然后可以使用从AMI行为和可变配置生成的不变规范对其进行验证。事件日志使用四阶马尔可夫链建模,规范使用线性时序逻辑(LTL)编写。为了对抗规避和模仿攻击,我们提出了一个配置随机化模块。该方法提供了对规避和模仿攻击的鲁棒性;然而,我们讨论它仍然可以在一定程度上逃避。我们在一家领先的公用事业提供商的AMI收集的数千米的真实数据集上验证了我们的方法。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
ACM Transactions on Information and System Security
ACM Transactions on Information and System Security 工程技术-计算机:信息系统
CiteScore
4.50
自引率
0.00%
发文量
0
审稿时长
3.3 months
期刊介绍: ISSEC is a scholarly, scientific journal that publishes original research papers in all areas of information and system security, including technologies, systems, applications, and policies.
期刊最新文献
An Efficient User Verification System Using Angle-Based Mouse Movement Biometrics A New Framework for Privacy-Preserving Aggregation of Time-Series Data Behavioral Study of Users When Interacting with Active Honeytokens Model Checking Distributed Mandatory Access Control Policies Randomization-Based Intrusion Detection System for Advanced Metering Infrastructure*
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1