TY - GEN
T1 - Hybrid control network intrusion detection systems for automated power distribution systems
AU - Parvania, Masood
AU - Koutsandria, Georgia
AU - Muthukumary, Vishak
AU - Peisert, Sean
AU - McParland, Chuck
AU - Scaglione, Anna
N1 - Publisher Copyright:
© 2014 IEEE.
PY - 2014/9/18
Y1 - 2014/9/18
N2 - In this paper, we describe our novel use of network intrusion detection systems (NIDS) for protecting automated distribution systems (ADS) against certain types of cyber attacks in a new way. The novelty consists of using the hybrid control environment rules and model as the baseline for what is normal and what is an anomaly, tailoring the security policies to the physical operation of the system. NIDS sensors in our architecture continuously analyze traffic in the communication medium that comes from embedded controllers, checking if the data and commands exchanged conform to the expected structure of the controllers interactions, and evolution of the system's physical state. Considering its importance in future ADSs, we chose the fault location, isolation and service restoration (FLISR) process as our distribution automation case study for the NIDS deployment. To test our scheme, we emulated the FLISR process using real programmable logic controllers (PLCs) that interact with a simulated physical infrastructure. We used this test bed to examine the capability of our NIDS approach in several attack scenarios. The experimental analysis reveals that our approach is capable of detecting various attacks scenarios including the attacks initiated within the trusted perimeter of the automation network by attackers that have complete knowledge about the communication information exchanged.
AB - In this paper, we describe our novel use of network intrusion detection systems (NIDS) for protecting automated distribution systems (ADS) against certain types of cyber attacks in a new way. The novelty consists of using the hybrid control environment rules and model as the baseline for what is normal and what is an anomaly, tailoring the security policies to the physical operation of the system. NIDS sensors in our architecture continuously analyze traffic in the communication medium that comes from embedded controllers, checking if the data and commands exchanged conform to the expected structure of the controllers interactions, and evolution of the system's physical state. Considering its importance in future ADSs, we chose the fault location, isolation and service restoration (FLISR) process as our distribution automation case study for the NIDS deployment. To test our scheme, we emulated the FLISR process using real programmable logic controllers (PLCs) that interact with a simulated physical infrastructure. We used this test bed to examine the capability of our NIDS approach in several attack scenarios. The experimental analysis reveals that our approach is capable of detecting various attacks scenarios including the attacks initiated within the trusted perimeter of the automation network by attackers that have complete knowledge about the communication information exchanged.
KW - Power distribution systems
KW - distributionautomation
KW - intrusion detection systems
KW - network security
UR - http://www.scopus.com/inward/record.url?scp=84912084737&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84912084737&partnerID=8YFLogxK
U2 - 10.1109/DSN.2014.81
DO - 10.1109/DSN.2014.81
M3 - Conference contribution
AN - SCOPUS:84912084737
T3 - Proceedings of the International Conference on Dependable Systems and Networks
SP - 774
EP - 779
BT - Proceedings of the International Conference on Dependable Systems and Networks
PB - IEEE Computer Society
T2 - 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2014
Y2 - 23 June 2014 through 26 June 2014
ER -