In this paper, we describe our novel use of network intrusion detection systems (NIDS) for protecting automated distribution systems (ADS) against certain types of cyber attacks in a new way. The novelty consists of using the hybrid control environment rules and model as the baseline for what is normal and what is an anomaly, tailoring the security policies to the physical operation of the system. NIDS sensors in our architecture continuously analyze traffic in the communication medium that comes from embedded controllers, checking if the data and commands exchanged conform to the expected structure of the controllers interactions, and evolution of the system's physical state. Considering its importance in future ADSs, we chose the fault location, isolation and service restoration (FLISR) process as our distribution automation case study for the NIDS deployment. To test our scheme, we emulated the FLISR process using real programmable logic controllers (PLCs) that interact with a simulated physical infrastructure. We used this test bed to examine the capability of our NIDS approach in several attack scenarios. The experimental analysis reveals that our approach is capable of detecting various attacks scenarios including the attacks initiated within the trusted perimeter of the automation network by attackers that have complete knowledge about the communication information exchanged.

Hybrid Control Network Intrusion Detection Systems for Automated Power Distribution Systems / M., Parvania; Koutsandria, Georgia; V., Muthukumary; S., Peisert; C., Mcparland; A., Scaglione. - ELETTRONICO. - (2014), pp. 774-779. (Intervento presentato al convegno 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 201 tenutosi a Atlanta; USA nel 2014-June) [10.1109/DSN.2014.81].

Hybrid Control Network Intrusion Detection Systems for Automated Power Distribution Systems

KOUTSANDRIA, GEORGIA;
2014

Abstract

In this paper, we describe our novel use of network intrusion detection systems (NIDS) for protecting automated distribution systems (ADS) against certain types of cyber attacks in a new way. The novelty consists of using the hybrid control environment rules and model as the baseline for what is normal and what is an anomaly, tailoring the security policies to the physical operation of the system. NIDS sensors in our architecture continuously analyze traffic in the communication medium that comes from embedded controllers, checking if the data and commands exchanged conform to the expected structure of the controllers interactions, and evolution of the system's physical state. Considering its importance in future ADSs, we chose the fault location, isolation and service restoration (FLISR) process as our distribution automation case study for the NIDS deployment. To test our scheme, we emulated the FLISR process using real programmable logic controllers (PLCs) that interact with a simulated physical infrastructure. We used this test bed to examine the capability of our NIDS approach in several attack scenarios. The experimental analysis reveals that our approach is capable of detecting various attacks scenarios including the attacks initiated within the trusted perimeter of the automation network by attackers that have complete knowledge about the communication information exchanged.
2014
44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 201
computer crime; control engineering computing; embedded systems; fault location; power distribution control; power distribution faults; power distribution protection; power engineering computing; power system security; programmable controllers; ADS; FLISR process; NIDS sensors; PLC; automated power distribution systems protection; automation network; communication information exchange; communication medium traffic; controllers interactions; cyber attacks; distribution automation; embedded controllers; fault location isolation and service restoration; hybrid control environment rules; hybrid control network intrusion detection systems; physical infrastructure; real programmable logic controllers; security policies; system physical operation; system physical state evolution; trusted perimeter; Circuit breakers; Circuit faults; IP networks; Intrusion detection; Monitoring; Protocols; Power distribution systems; distribution automation; intrusion detection systems; network security
04 Pubblicazione in atti di convegno::04b Atto di convegno in volume
Hybrid Control Network Intrusion Detection Systems for Automated Power Distribution Systems / M., Parvania; Koutsandria, Georgia; V., Muthukumary; S., Peisert; C., Mcparland; A., Scaglione. - ELETTRONICO. - (2014), pp. 774-779. (Intervento presentato al convegno 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 201 tenutosi a Atlanta; USA nel 2014-June) [10.1109/DSN.2014.81].
File allegati a questo prodotto
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/783583
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 40
  • ???jsp.display-item.citation.isi??? 30
social impact