Architecture and prototype implementation for process-aware intrusion detection in electrical grids

Robert Flosbach, Justyna Joanna Chromik, Anne Katharina Ingrid Remke

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    2 Citations (Scopus)

    Abstract

    Supervisory Control and Data Acquisition (SCADA) systems monitor and control electric power distribution. Recent history has shown that cyber-attacks pose a tremendous risk for the economy and safety of modern countries. This paper introduces an architecture and a prototype implementation for a process-aware, network-based Intrusion Detection System (IDS) to secure control networks in the domain of power distribution. Based on a recently proposed process model, the system continuously assesses the local physical process and all control commands with regard to consistency and safety of the underlying physical process. Its detection capabilities focus on process-based attacks like manipulated control commands, which appear legitimate to traditional IDS but might nevertheless have devastating effects on the power distribution. The architecture separates the evaluation part from the traffic processing, which ensures extensibility and scalability. The developed implementation has been successfully deployed at a Dutch power distribution substation. Its detection performance is characterized by a very low miss rate and high
    precision.
    Original languageEnglish
    Title of host publication2019 38th Symposium on Reliable Distributed Systems (SRDS)
    PublisherIEEE
    ISBN (Electronic)978-1-7281-4222-7
    DOIs
    Publication statusPublished - 30 Mar 2020
    Event38th IEEE International Symposium on Reliable Distributed Systems, SRDS 2019 - Bibliothèque Marie Curie of INSA-Lyon, Lyon, France
    Duration: 1 Oct 20194 Oct 2019
    Conference number: 38
    https://srds2019.projet.liris.cnrs.fr/

    Conference

    Conference38th IEEE International Symposium on Reliable Distributed Systems, SRDS 2019
    Abbreviated titleSRDS
    Country/TerritoryFrance
    CityLyon
    Period1/10/194/10/19
    Internet address

    Keywords

    • SCADA
    • Intrusion detection
    • power distribution
    • Zeek
    • process-aware
    • n/a OA procedure

    Fingerprint

    Dive into the research topics of 'Architecture and prototype implementation for process-aware intrusion detection in electrical grids'. Together they form a unique fingerprint.

    Cite this