Hybrid control network intrusion detection systems for automated power distribution systems

Masood Parvania, Georgia Koutsandria, Vishak Muthukumary, Sean Peisert, Chuck McParland, Anna Scaglione

Research output: Chapter in Book/Report/Conference proceedingConference contribution

10 Citations (Scopus)

Abstract

In this paper, we describe our novel use of network intrusion detection systems (NIDS) for protecting automated distribution systems (ADS) against certain types of cyber attacks in a new way. The novelty consists of using the hybrid control environment rules and model as the baseline for what is normal and what is an anomaly, tailoring the security policies to the physical operation of the system. NIDS sensors in our architecture continuously analyze traffic in the communication medium that comes from embedded controllers, checking if the data and commands exchanged conform to the expected structure of the controllers interactions, and evolution of the system's physical state. Considering its importance in future ADSs, we chose the fault location, isolation and service restoration (FLISR) process as our distribution automation case study for the NIDS deployment. To test our scheme, we emulated the FLISR process using real programmable logic controllers (PLCs) that interact with a simulated physical infrastructure. We used this test bed to examine the capability of our NIDS approach in several attack scenarios. The experimental analysis reveals that our approach is capable of detecting various attacks scenarios including the attacks initiated within the trusted perimeter of the automation network by attackers that have complete knowledge about the communication information exchanged.

Original languageEnglish (US)
Title of host publicationProceedings - 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2014
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages774-779
Number of pages6
ISBN (Print)9781479922338
DOIs
StatePublished - Sep 18 2014
Externally publishedYes
Event44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2014 - Atlanta, United States
Duration: Jun 23 2014Jun 26 2014

Other

Other44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2014
CountryUnited States
CityAtlanta
Period6/23/146/26/14

Fingerprint

Intrusion detection
Electric fault location
Restoration
Automation
Controllers
Communication
Programmable logic controllers
Sensors

Keywords

  • distribution automation
  • intrusion detection systems
  • network security
  • Power distribution systems

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture
  • Software

Cite this

Parvania, M., Koutsandria, G., Muthukumary, V., Peisert, S., McParland, C., & Scaglione, A. (2014). Hybrid control network intrusion detection systems for automated power distribution systems. In Proceedings - 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2014 (pp. 774-779). [6903640] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/DSN.2014.81

Hybrid control network intrusion detection systems for automated power distribution systems. / Parvania, Masood; Koutsandria, Georgia; Muthukumary, Vishak; Peisert, Sean; McParland, Chuck; Scaglione, Anna.

Proceedings - 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2014. Institute of Electrical and Electronics Engineers Inc., 2014. p. 774-779 6903640.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Parvania, M, Koutsandria, G, Muthukumary, V, Peisert, S, McParland, C & Scaglione, A 2014, Hybrid control network intrusion detection systems for automated power distribution systems. in Proceedings - 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2014., 6903640, Institute of Electrical and Electronics Engineers Inc., pp. 774-779, 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2014, Atlanta, United States, 6/23/14. https://doi.org/10.1109/DSN.2014.81
Parvania M, Koutsandria G, Muthukumary V, Peisert S, McParland C, Scaglione A. Hybrid control network intrusion detection systems for automated power distribution systems. In Proceedings - 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2014. Institute of Electrical and Electronics Engineers Inc. 2014. p. 774-779. 6903640 https://doi.org/10.1109/DSN.2014.81
Parvania, Masood ; Koutsandria, Georgia ; Muthukumary, Vishak ; Peisert, Sean ; McParland, Chuck ; Scaglione, Anna. / Hybrid control network intrusion detection systems for automated power distribution systems. Proceedings - 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2014. Institute of Electrical and Electronics Engineers Inc., 2014. pp. 774-779
@inproceedings{550eac3a512245339b324d33f7fb58ea,
title = "Hybrid control network intrusion detection systems for automated power distribution systems",
abstract = "In this paper, we describe our novel use of network intrusion detection systems (NIDS) for protecting automated distribution systems (ADS) against certain types of cyber attacks in a new way. The novelty consists of using the hybrid control environment rules and model as the baseline for what is normal and what is an anomaly, tailoring the security policies to the physical operation of the system. NIDS sensors in our architecture continuously analyze traffic in the communication medium that comes from embedded controllers, checking if the data and commands exchanged conform to the expected structure of the controllers interactions, and evolution of the system's physical state. Considering its importance in future ADSs, we chose the fault location, isolation and service restoration (FLISR) process as our distribution automation case study for the NIDS deployment. To test our scheme, we emulated the FLISR process using real programmable logic controllers (PLCs) that interact with a simulated physical infrastructure. We used this test bed to examine the capability of our NIDS approach in several attack scenarios. The experimental analysis reveals that our approach is capable of detecting various attacks scenarios including the attacks initiated within the trusted perimeter of the automation network by attackers that have complete knowledge about the communication information exchanged.",
keywords = "distribution automation, intrusion detection systems, network security, Power distribution systems",
author = "Masood Parvania and Georgia Koutsandria and Vishak Muthukumary and Sean Peisert and Chuck McParland and Anna Scaglione",
year = "2014",
month = "9",
day = "18",
doi = "10.1109/DSN.2014.81",
language = "English (US)",
isbn = "9781479922338",
pages = "774--779",
booktitle = "Proceedings - 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2014",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - GEN

T1 - Hybrid control network intrusion detection systems for automated power distribution systems

AU - Parvania, Masood

AU - Koutsandria, Georgia

AU - Muthukumary, Vishak

AU - Peisert, Sean

AU - McParland, Chuck

AU - Scaglione, Anna

PY - 2014/9/18

Y1 - 2014/9/18

N2 - In this paper, we describe our novel use of network intrusion detection systems (NIDS) for protecting automated distribution systems (ADS) against certain types of cyber attacks in a new way. The novelty consists of using the hybrid control environment rules and model as the baseline for what is normal and what is an anomaly, tailoring the security policies to the physical operation of the system. NIDS sensors in our architecture continuously analyze traffic in the communication medium that comes from embedded controllers, checking if the data and commands exchanged conform to the expected structure of the controllers interactions, and evolution of the system's physical state. Considering its importance in future ADSs, we chose the fault location, isolation and service restoration (FLISR) process as our distribution automation case study for the NIDS deployment. To test our scheme, we emulated the FLISR process using real programmable logic controllers (PLCs) that interact with a simulated physical infrastructure. We used this test bed to examine the capability of our NIDS approach in several attack scenarios. The experimental analysis reveals that our approach is capable of detecting various attacks scenarios including the attacks initiated within the trusted perimeter of the automation network by attackers that have complete knowledge about the communication information exchanged.

AB - In this paper, we describe our novel use of network intrusion detection systems (NIDS) for protecting automated distribution systems (ADS) against certain types of cyber attacks in a new way. The novelty consists of using the hybrid control environment rules and model as the baseline for what is normal and what is an anomaly, tailoring the security policies to the physical operation of the system. NIDS sensors in our architecture continuously analyze traffic in the communication medium that comes from embedded controllers, checking if the data and commands exchanged conform to the expected structure of the controllers interactions, and evolution of the system's physical state. Considering its importance in future ADSs, we chose the fault location, isolation and service restoration (FLISR) process as our distribution automation case study for the NIDS deployment. To test our scheme, we emulated the FLISR process using real programmable logic controllers (PLCs) that interact with a simulated physical infrastructure. We used this test bed to examine the capability of our NIDS approach in several attack scenarios. The experimental analysis reveals that our approach is capable of detecting various attacks scenarios including the attacks initiated within the trusted perimeter of the automation network by attackers that have complete knowledge about the communication information exchanged.

KW - distribution automation

KW - intrusion detection systems

KW - network security

KW - Power distribution systems

UR - http://www.scopus.com/inward/record.url?scp=84937156420&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84937156420&partnerID=8YFLogxK

U2 - 10.1109/DSN.2014.81

DO - 10.1109/DSN.2014.81

M3 - Conference contribution

AN - SCOPUS:84912084737

SN - 9781479922338

SP - 774

EP - 779

BT - Proceedings - 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2014

PB - Institute of Electrical and Electronics Engineers Inc.

ER -