TY - GEN
T1 - A hybrid network IDS for protective digital relays in the power transmission grid
AU - Koutsandria, Georgia
AU - Muthukumar, Vishak
AU - Parvania, Masood
AU - Peisert, Sean
AU - McParland, Chuck
AU - Scaglione, Anna
N1 - Publisher Copyright:
© 2014 IEEE.
PY - 2015/1/12
Y1 - 2015/1/12
N2 - In this paper, we propose a novel use of network intrusion detection systems (NIDSs) tailored to detect attacks against networks that support hybrid controllers that implement power grid protection schemes. In our approach, we implement specification-based intrusion detection signatures based on the execution of the hybrid automata that specify the communication rules and physical limits that the system should obey. To validate our idea, we developed an experimental framework consisting of a simulation of the physical system and an emulation of the master controller, which serves as the digital relay that implements the protection mechanism. Our Hybrid Control NIDS (HC-NIDS) continuously monitors and analyzes the network traffic exchanged within the physical system. It identifies traffic that deviates from the expected communication pattern or physical limitations, which could place the system in an unsafe mode of operation. Our experimental analysis demonstrates that our approach is able to detect a diverse range of attack scenarios aimed at compromising the physical process by leveraging information about the physical part of the power system.
AB - In this paper, we propose a novel use of network intrusion detection systems (NIDSs) tailored to detect attacks against networks that support hybrid controllers that implement power grid protection schemes. In our approach, we implement specification-based intrusion detection signatures based on the execution of the hybrid automata that specify the communication rules and physical limits that the system should obey. To validate our idea, we developed an experimental framework consisting of a simulation of the physical system and an emulation of the master controller, which serves as the digital relay that implements the protection mechanism. Our Hybrid Control NIDS (HC-NIDS) continuously monitors and analyzes the network traffic exchanged within the physical system. It identifies traffic that deviates from the expected communication pattern or physical limitations, which could place the system in an unsafe mode of operation. Our experimental analysis demonstrates that our approach is able to detect a diverse range of attack scenarios aimed at compromising the physical process by leveraging information about the physical part of the power system.
UR - http://www.scopus.com/inward/record.url?scp=84922454355&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84922454355&partnerID=8YFLogxK
U2 - 10.1109/SmartGridComm.2014.7007764
DO - 10.1109/SmartGridComm.2014.7007764
M3 - Conference contribution
AN - SCOPUS:84922454355
T3 - 2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014
SP - 908
EP - 913
BT - 2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014
Y2 - 3 November 2014 through 6 November 2014
ER -