一种用于输电网保护数字继电器的混合网络IDS

2014 IEEE International Conference on Smart Grid Communications (SmartGridComm) Pub Date : 2014-11-03 DOI:10.1109/SmartGridComm.2014.7007764

Georgia Koutsandria, V. Muthukumar, M. Parvania, S. Peisert, C. McParland, A. Scaglione

{"title":"一种用于输电网保护数字继电器的混合网络IDS","authors":"Georgia Koutsandria, V. Muthukumar, M. Parvania, S. Peisert, C. McParland, A. Scaglione","doi":"10.1109/SmartGridComm.2014.7007764","DOIUrl":null,"url":null,"abstract":"In this paper, we propose a novel use of network intrusion detection systems (NIDSs) tailored to detect attacks against networks that support hybrid controllers that implement power grid protection schemes. In our approach, we implement specification-based intrusion detection signatures based on the execution of the hybrid automata that specify the communication rules and physical limits that the system should obey. To validate our idea, we developed an experimental framework consisting of a simulation of the physical system and an emulation of the master controller, which serves as the digital relay that implements the protection mechanism. Our Hybrid Control NIDS (HC-NIDS) continuously monitors and analyzes the network traffic exchanged within the physical system. It identifies traffic that deviates from the expected communication pattern or physical limitations, which could place the system in an unsafe mode of operation. Our experimental analysis demonstrates that our approach is able to detect a diverse range of attack scenarios aimed at compromising the physical process by leveraging information about the physical part of the power system.","PeriodicalId":6499,"journal":{"name":"2014 IEEE International Conference on Smart Grid Communications (SmartGridComm)","volume":"11 1","pages":"908-913"},"PeriodicalIF":0.0000,"publicationDate":"2014-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"37","resultStr":"{\"title\":\"A hybrid network IDS for protective digital relays in the power transmission grid\",\"authors\":\"Georgia Koutsandria, V. Muthukumar, M. Parvania, S. Peisert, C. McParland, A. Scaglione\",\"doi\":\"10.1109/SmartGridComm.2014.7007764\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper, we propose a novel use of network intrusion detection systems (NIDSs) tailored to detect attacks against networks that support hybrid controllers that implement power grid protection schemes. In our approach, we implement specification-based intrusion detection signatures based on the execution of the hybrid automata that specify the communication rules and physical limits that the system should obey. To validate our idea, we developed an experimental framework consisting of a simulation of the physical system and an emulation of the master controller, which serves as the digital relay that implements the protection mechanism. Our Hybrid Control NIDS (HC-NIDS) continuously monitors and analyzes the network traffic exchanged within the physical system. It identifies traffic that deviates from the expected communication pattern or physical limitations, which could place the system in an unsafe mode of operation. Our experimental analysis demonstrates that our approach is able to detect a diverse range of attack scenarios aimed at compromising the physical process by leveraging information about the physical part of the power system.\",\"PeriodicalId\":6499,\"journal\":{\"name\":\"2014 IEEE International Conference on Smart Grid Communications (SmartGridComm)\",\"volume\":\"11 1\",\"pages\":\"908-913\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-11-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"37\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 IEEE International Conference on Smart Grid Communications (SmartGridComm)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SmartGridComm.2014.7007764\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 IEEE International Conference on Smart Grid Communications (SmartGridComm)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SmartGridComm.2014.7007764","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 37

摘要

在本文中，我们提出了一种网络入侵检测系统(nids)的新用途，该系统专门用于检测对支持实现电网保护方案的混合控制器的网络的攻击。在我们的方法中，我们基于混合自动机的执行来实现基于规范的入侵检测签名，这些混合自动机指定了系统应该遵守的通信规则和物理限制。为了验证我们的想法，我们开发了一个实验框架，由物理系统的仿真和主控制器的仿真组成，主控制器作为实现保护机制的数字继电器。我们的混合控制NIDS (HC-NIDS)持续监控和分析物理系统内交换的网络流量。它识别偏离预期通信模式或物理限制的流量，这可能使系统处于不安全的操作模式。我们的实验分析表明，我们的方法能够通过利用有关电力系统物理部分的信息来检测旨在破坏物理过程的各种攻击场景。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A hybrid network IDS for protective digital relays in the power transmission grid

In this paper, we propose a novel use of network intrusion detection systems (NIDSs) tailored to detect attacks against networks that support hybrid controllers that implement power grid protection schemes. In our approach, we implement specification-based intrusion detection signatures based on the execution of the hybrid automata that specify the communication rules and physical limits that the system should obey. To validate our idea, we developed an experimental framework consisting of a simulation of the physical system and an emulation of the master controller, which serves as the digital relay that implements the protection mechanism. Our Hybrid Control NIDS (HC-NIDS) continuously monitors and analyzes the network traffic exchanged within the physical system. It identifies traffic that deviates from the expected communication pattern or physical limitations, which could place the system in an unsafe mode of operation. Our experimental analysis demonstrates that our approach is able to detect a diverse range of attack scenarios aimed at compromising the physical process by leveraging information about the physical part of the power system.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2014 IEEE International Conference on Smart Grid Communications (SmartGridComm)

自引率

0.00%

发文量