A Trust-Influenced Smart Grid: A Survey and a Proposal

J. Sens. Actuator Networks Pub Date : 2022-07-11 DOI:10.3390/jsan11030034

K. Boakye-Boateng, A. Ghorbani, Arash Habibi Lashkari

{"title":"A Trust-Influenced Smart Grid: A Survey and a Proposal","authors":"K. Boakye-Boateng, A. Ghorbani, Arash Habibi Lashkari","doi":"10.3390/jsan11030034","DOIUrl":null,"url":null,"abstract":"A compromised Smart Grid, or its components, can have cascading effects that can affect lives. This has led to numerous cybersecurity-centric studies focusing on the Smart Grid in research areas such as encryption, intrusion detection and prevention, privacy and trust. Even though trust is an essential component of cybersecurity research; it has not received considerable attention compared to the other areas within the context of Smart Grid. As of the time of this study, we observed that there has neither been a study assessing trust within the Smart Grid nor were there trust models that could detect malicious attacks within the substation. With these two gaps as our objectives, we began by presenting a mathematical formalization of trust within the context of Smart Grid devices. We then categorized the existing trust-based literature within the Smart Grid under the NIST conceptual domains and priority areas, multi-agent systems and the derived trust formalization. We then proposed a novel substation-based trust model and implemented a Modbus variation to detect final-phase attacks. The variation was tested against two publicly available Modbus datasets (EPM and ATENA H2020) under three kinds of tests, namely external, internal, and internal with IP-MAC blocking. The first test assumes that external substation adversaries remain so and the second test assumes all adversaries within the substation. The third test assumes the second test but blacklists any device that sends malicious requests. The tests were performed from a Modbus server’s point of view and a Modbus client’s point of view. Aside from detecting the attacks within the dataset, our model also revealed the behaviour of the attack datasets and their influence on the trust model components. Being able to detect all labelled attacks in one of the datasets also increased our confidence in the model in the detection of attacks in the other dataset. We also believe that variations of the model can be created for other OT-based protocols as well as extended to other critical infrastructures.","PeriodicalId":288992,"journal":{"name":"J. Sens. Actuator Networks","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-07-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"J. Sens. Actuator Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3390/jsan11030034","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

A compromised Smart Grid, or its components, can have cascading effects that can affect lives. This has led to numerous cybersecurity-centric studies focusing on the Smart Grid in research areas such as encryption, intrusion detection and prevention, privacy and trust. Even though trust is an essential component of cybersecurity research; it has not received considerable attention compared to the other areas within the context of Smart Grid. As of the time of this study, we observed that there has neither been a study assessing trust within the Smart Grid nor were there trust models that could detect malicious attacks within the substation. With these two gaps as our objectives, we began by presenting a mathematical formalization of trust within the context of Smart Grid devices. We then categorized the existing trust-based literature within the Smart Grid under the NIST conceptual domains and priority areas, multi-agent systems and the derived trust formalization. We then proposed a novel substation-based trust model and implemented a Modbus variation to detect final-phase attacks. The variation was tested against two publicly available Modbus datasets (EPM and ATENA H2020) under three kinds of tests, namely external, internal, and internal with IP-MAC blocking. The first test assumes that external substation adversaries remain so and the second test assumes all adversaries within the substation. The third test assumes the second test but blacklists any device that sends malicious requests. The tests were performed from a Modbus server’s point of view and a Modbus client’s point of view. Aside from detecting the attacks within the dataset, our model also revealed the behaviour of the attack datasets and their influence on the trust model components. Being able to detect all labelled attacks in one of the datasets also increased our confidence in the model in the detection of attacks in the other dataset. We also believe that variations of the model can be created for other OT-based protocols as well as extended to other critical infrastructures.

查看原文本刊更多论文

受信任影响的智能电网:调查与建议

受损的智能电网或其组件可能会产生影响生活的级联效应。这导致了许多以网络安全为中心的研究集中在智能电网的研究领域，如加密，入侵检测和预防，隐私和信任。尽管信任是网络安全研究的重要组成部分;与智能电网的其他领域相比，它并没有得到足够的关注。截至本研究时，我们观察到既没有研究评估智能电网内的信任，也没有信任模型可以检测变电站内的恶意攻击。以这两个差距为目标，我们首先在智能电网设备的背景下提出信任的数学形式化。然后，我们将智能电网中现有的基于信任的文献分类为NIST概念域和优先级领域、多代理系统和派生的信任形式化。然后，我们提出了一种新的基于变电站的信任模型，并实现了一种Modbus变体来检测最后阶段的攻击。该变体针对两个公开可用的Modbus数据集(EPM和ATENA H2020)进行了三种测试，即外部、内部和内部IP-MAC阻塞。第一个测试假设外部变电站对手保持这种状态，第二个测试假设变电站内的所有对手。第三个测试假设第二个测试，但将任何发送恶意请求的设备列入黑名单。测试分别从Modbus服务器和Modbus客户机的角度进行。除了检测数据集中的攻击外，我们的模型还揭示了攻击数据集的行为及其对信任模型组件的影响。能够检测到其中一个数据集中所有标记的攻击也增加了我们对模型检测其他数据集中攻击的信心。我们还相信，该模型的变体可以为其他基于ot的协议创建，并扩展到其他关键基础设施。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

J. Sens. Actuator Networks

自引率

0.00%

发文量