TY - GEN
T1 - Configuration-based IDS for advanced metering infrastructure
AU - Ali, Muhammad Qasim
AU - Al-Shaer, Ehab
PY - 2013
Y1 - 2013
N2 - Smart grid deployment initiatives have been witnessed in the past recent years. Smart grids provide bi-directional communication between meters and headend system through Advanced Metering Infrastructure (AMI). Recent studies highlight the threats targeting AMI. Despite the need of tailored Intrusion Detection Systems (IDS) for the smart grid, very limited progress has been made in this area. Unlike traditional networks, smart grid has its own unique challenges, such as limited computational power devices and potentially high deployment cost, that restrict the deployment options of intrusion detectors. We show that smart grid exhibits deterministic and predictable behavior that can be accurately modeled to develop intrusion detection system. In this paper, we show that AMI behavior can be modeled using event logs collected at smart collectors, which in turn can be verified using the specifications invariant generated from the configurations of the AMI devices. Event logs are modeled using fourth order Markov Chain and specifications are written in Linear Temporal Logic (LTL). The approach provides robustness against evasion and mimicry attacks, however, we discuss that it still can be evaded to a certain extent. We validate our approach on a real-world dataset of thousands of meters collected at the AMI of a leading utility provider.
AB - Smart grid deployment initiatives have been witnessed in the past recent years. Smart grids provide bi-directional communication between meters and headend system through Advanced Metering Infrastructure (AMI). Recent studies highlight the threats targeting AMI. Despite the need of tailored Intrusion Detection Systems (IDS) for the smart grid, very limited progress has been made in this area. Unlike traditional networks, smart grid has its own unique challenges, such as limited computational power devices and potentially high deployment cost, that restrict the deployment options of intrusion detectors. We show that smart grid exhibits deterministic and predictable behavior that can be accurately modeled to develop intrusion detection system. In this paper, we show that AMI behavior can be modeled using event logs collected at smart collectors, which in turn can be verified using the specifications invariant generated from the configurations of the AMI devices. Event logs are modeled using fourth order Markov Chain and specifications are written in Linear Temporal Logic (LTL). The approach provides robustness against evasion and mimicry attacks, however, we discuss that it still can be evaded to a certain extent. We validate our approach on a real-world dataset of thousands of meters collected at the AMI of a leading utility provider.
KW - advanced metering infrastructure
KW - intrusion detection systems
KW - smart grid
UR - https://www.scopus.com/pages/publications/84889067660
U2 - 10.1145/2508859.2516745
DO - 10.1145/2508859.2516745
M3 - Conference contribution
AN - SCOPUS:84889067660
SN - 9781450324779
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 451
EP - 462
BT - CCS 2013 - Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security
T2 - 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013
Y2 - 4 November 2013 through 8 November 2013
ER -