Architecture and prototype implementation for process-aware intrusion detection in electrical grids

Robert Flosbach, Justyna Joanna Chromik, Anne Katharina Ingrid Remke

    Research output: Contribution to conferencePaper

    Abstract

    Supervisory Control and Data Acquisition (SCADA) systems monitor and control electric power distribution. Recent history has shown that cyber-attacks pose a tremendous risk for the economy and safety of modern countries. This paper introduces an architecture and a prototype implementation for a process-aware, network-based Intrusion Detection System (IDS) to secure control networks in the domain of power distribution. Based on a recently proposed process model, the system continuously assesses the local physical process and all control commands with regard to consistency and safety of the underlying physical process. Its detection capabilities focus on process-based attacks like manipulated control commands, which appear legitimate to traditional IDS but might nevertheless have devastating effects on the power distribution. The architecture separates the evaluation part from the traffic processing, which ensures extensibility and scalability. The developed implementation has been successfully deployed at a Dutch power distribution substation. Its detection performance is characterized by a very low miss rate and high
    precision.
    Original languageEnglish
    Publication statusAccepted/In press - May 2019
    Event38th International Symposium on Reliable Distributed Systems 2019 - Bibliothèque Marie Curie of INSA-Lyon, Lyon, France
    Duration: 1 Oct 20194 Oct 2019
    Conference number: 38
    https://srds2019.projet.liris.cnrs.fr/

    Conference

    Conference38th International Symposium on Reliable Distributed Systems 2019
    Abbreviated titleSRDS 2019
    CountryFrance
    CityLyon
    Period1/10/194/10/19
    Internet address

    Keywords

    • SCADA
    • Intrusion detection
    • power distribution
    • Zeek
    • process-aware

    Fingerprint Dive into the research topics of 'Architecture and prototype implementation for process-aware intrusion detection in electrical grids'. Together they form a unique fingerprint.

  • Cite this

    Flosbach, R., Chromik, J. J., & Remke, A. K. I. (Accepted/In press). Architecture and prototype implementation for process-aware intrusion detection in electrical grids. Paper presented at 38th International Symposium on Reliable Distributed Systems 2019, Lyon, France.