In this paper, we propose a novel use of network intrusion detection systems (NIDSs) tailored to detect attacks against networks that support hybrid controllers that implement power grid protection schemes. In our approach, we implement specification-based intrusion detection signatures based on the execution of the hybrid automata that specify the communication rules and physical limits that the system should obey. To validate our idea, we developed an experimental framework consisting of a simulation of the physical system and an emulation of the master controller, which serves as the digital relay that implements the protection mechanism. Our Hybrid Control NIDS (HC-NIDS) continuously monitors and analyzes the network traffic exchanged within the physical system. It identifies traffic that deviates from the expected communication pattern or physical limitations, which could place the system in an unsafe mode of operation. Our experimental analysis demonstrates that our approach is able to detect a diverse range of attack scenarios aimed at compromising the physical process by leveraging information about the physical part of the power system.

A hybrid network IDS for protective digital relays in the power transmission grid / Koutsandria, Georgia; V., Muthukumar; M., Parvania; S., Peisert; C., Mcparland; A., Scaglione. - ELETTRONICO. - (2014), pp. 908-913. [10.1109/SmartGridComm.2014.7007764]

A hybrid network IDS for protective digital relays in the power transmission grid

KOUTSANDRIA, GEORGIA;
2014

Abstract

In this paper, we propose a novel use of network intrusion detection systems (NIDSs) tailored to detect attacks against networks that support hybrid controllers that implement power grid protection schemes. In our approach, we implement specification-based intrusion detection signatures based on the execution of the hybrid automata that specify the communication rules and physical limits that the system should obey. To validate our idea, we developed an experimental framework consisting of a simulation of the physical system and an emulation of the master controller, which serves as the digital relay that implements the protection mechanism. Our Hybrid Control NIDS (HC-NIDS) continuously monitors and analyzes the network traffic exchanged within the physical system. It identifies traffic that deviates from the expected communication pattern or physical limitations, which could place the system in an unsafe mode of operation. Our experimental analysis demonstrates that our approach is able to detect a diverse range of attack scenarios aimed at compromising the physical process by leveraging information about the physical part of the power system.
2014
power grids; power transmission; relay protection; hybrid automata; network intrusion detection systems; network traffic; power grid protection schemes; power transmission grid; protective digital relays; specification-based intrusion detection signatures; Automata; Circuit breakers; Intrusion detection; Monitoring; Power transformers; Protocols
04 Pubblicazione in atti di convegno::04c Atto di convegno in rivista
A hybrid network IDS for protective digital relays in the power transmission grid / Koutsandria, Georgia; V., Muthukumar; M., Parvania; S., Peisert; C., Mcparland; A., Scaglione. - ELETTRONICO. - (2014), pp. 908-913. [10.1109/SmartGridComm.2014.7007764]
File allegati a questo prodotto
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/783582
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 25
  • ???jsp.display-item.citation.isi??? ND
social impact