Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
A Comprehensive Review on Wide-Area Protection, Control and Monitoring Systems Kapitel lesen Erstes Kapitel lesen

2021 | OriginalPaper | Buchkapitel

Cyber Kill Chain-Based Hybrid Intrusion Detection System for Smart Grid

verfasst von : Vivek Kumar Singh, Manimaran Govindarasu

Erschienen in: Wide Area Power Systems Stability, Protection, and Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Today’s electric power grid is a complex, automated, and interconnected cyber-physical system (CPS) that relies on supervisory control and data acquisition (SCADA)-based communication infrastructure for operating wide-area monitoring, protection, and control (WAMPAC) applications. With a push towards making the grid smarter, the critical SCADA infrastructure like power system is getting exposed to countless cyberattacks that necessitate the development of state-of-the-art intrusion detection systems (IDS) to provide comprehensive security solutions at different layers in the smart grid network. While considering the continuously evolving attack surfaces at physical, communication, and application layers, existing conventional IDS solutions are insufficient and incapable to resolve multi-dimensional cybersecurity threats because of their specific nature of the operation, either a data-centric or protocol-centric, to detect specific types of attacks. This chapter presents a hybrid intrusion detection system framework by integrating a network-based IDS, model-based IDS, and state-of-the-art machine learning-based IDS to detect unknown and stealthy cyberattacks targeting the SCADA networks. We have applied the cyber-kill model to develop and demonstrate attack vectors and their associated mechanisms. The hybrid IDS utilizes attack signatures in grid measurements and network packets as well as leverages secure phasor measurements to detect different stages of cyber-attacks while following the kill-chain process. As a proof of concept, we present the experimental case study in the context of centralized wide-area protection (CWAP) cybersecurity by utilizing resources of the PowerCyber testbed at Iowa State University (ISU). We also describe different classes of implemented cyber-attacks and generated heterogeneous datasets using the IEEE 39 bus system. Finally, the performance of the hybrid IDS is evaluated based in terms of detection rate in real-time cyber-physical environment.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Resilience in Wide Area Monitoring Systems for Smart Grids
Literatur
1.
V. Terzija et al., Wide-Area Monitoring, Protection, and Control of Future Electric Power Networks. Proceedings of the IEEE 99(1), 80–93 (2011)
2.
National Institute of Standards and Technology (NIST), “NISTIR 7628 Revision 1: Guidelines for Smart Grid Cyber Security”, September 2014
3.
U.S. Department of Energy (DOE) Energy Sector Control Systems Working Group, ‘Roadmap to Achieve Energy Delivery Systems Cybersecurity’, Technical Report, 2011
4.
U.S. Department of Energy (DOE) ‘Cybersecurity Capability Maturity Model (C2M2)’, February 2014
5.
NERC, ‘Critical Infrastructure Protection (CIP) Standards’, 2015
6.
National Electric Sector Cybersecurity Organization Resource (NESCOR), ‘Wide Area Monitoring, Protection, and Control Systems (WAMPAC)-Standards for Cyber Security Requirements’, 2012
7.
U.S. Department of Energy (DOE) ‘Cybersecurity Capability Maturity Model (C2M2)’, February 2014
8.
S. Sridhar et al., Model-Based Attack Detection and Mitigation for Automatic Generation Control. IEEE Transactions on Smart Grid 5(2), 580–591 (2014)CrossRef
9.
S. Sarangan, V.K. Singh, M. Govindarasu, “Cyber Attack-Defense Analysis for Automatic Generation Control with Renewable Energy Sources,”, North American Power Symposium (NAPS). Fargo, ND 2018, 1–6 (2018)
10.
V.K. Singh, M. Govindarasu, “Decision Tree Based Anomaly Detection for Remedial Action Scheme in Smart Grid using PMU Data,”, IEEE Power & Energy Society General Meeting (PESGM). Portland, OR 2018, 1–5 (2018)
11.
A. Ashok et al., “Online Detection of Stealthy False Data Injection Attacks in Power System State Estimation,” in IEEE Transactions on Smart Grid, vol. 9, no. 3, pp. 1636-1646
12.
V.K. Singh, A. Ozen, M. Govindarasu, “A Hierarchical Multi-Agent Based Anomaly Detection for Wide-Area Protection in Smart Grid,”, Resilience Week (RWS). Denver, CO 2018, 63–69 (2018)
13.
V.K. Singh, S.P. Callupe, M. Govindarasu, “Testbed-based Evaluation of SIEM Tool for Cyber Kill Chain Model in Power Grid SCADA System,”, North American Power Symposium (NAPS). Wichita, KS, USA 2019, 1–6 (2019)
14.
V.K. Singh, H. Ebrahem, M. Govindarasu, “Security Evaluation of Two Intrusion Detection Systems in Smart Grid SCADA Environment,”, North American Power Symposium (NAPS). Fargo, ND 2018, 1–6 (2018)
15.
V.K. Singh, E. Vaughan, J. Rivera, “SHARP-Net: Platform for Self-Healing and Attack Resilient PMU Networks,”, IEEE Power & Energy Society Innovative Smart Grid Technologies Conference (ISGT). Washington, DC, USA 2020, 1–5 (2020)
16.
Y. Yang et al., “Intrusion Detection System for network security in synchrophasor systems,” IET International Conference on Information and Communications Technologies (IETICT 2013), Beijing, China, 2013, pp. 246-252
17.
S. Pan et al., Developing a Hybrid Intrusion Detection System Using Data Mining for Power Systems. IEEE Transactions on Smart Grid 6(6), 3104–3113 (2015)CrossRef
18.
NERC, Reliability Guideline: PMU placement and Installation, December 2016
19.
M. Begovic et al., Wide-Area Protection and Emergency Control. Proceedings of the IEEE 93(5), 876–891 (2005)CrossRef
20.
Berthier, R., Sanders, W. H. (2011). Specification-based intrusion detection for advanced metering infrastructures. In Proceedings - 2011 17th IEEE PRDC 2011 (pp. 184-193)
21.
M. Wu, S. Member, L. Xie, S. Member, Online detection of low-quality synchrophasor measurements: A data-driven approach. IEEE Trans. Power Syst. 32(4), 2817–2827 (2016)CrossRef
22.
C.F. Garcia-Hernandez et al., “Wireless sensor networks and applications: A survey,” IJCSNS Int. J. Comput. Sci. Netw. Security 7(3), 264–273 (2007)
23.
S. Safaric and K. Malaric, “ZigBee wireless standard,” in Proc. 48th Int. Symp. ELMAR-2006, Zadar, Croatia, Jun. 07-09, 2006, pp. 259-262
24.
V.K. Singh, E. Vaughan, J. Rivera, A. Hasandka, “HIDES: Hybrid Intrusion Detector for Energy Systems,”, IEEE Texas Power and Energy Conference (TPEC). College Station, TX, USA 2020, 1–6 (2020)
25.
ICS-CERT, Cyber-Attack Against Ukranian Critical Insfrastructure
26.
NERC,Remedial Action Development Definition Development project 2010-05.2 -Special Protection System
27.
K. Seethalekshmi et al., “Wide-area protection and control: Present status and key challenges,” in Proc. 15th Nat. Power Syst. Conf., Mumbai, India, Dec. 2008, pp. 169-175
28.
WECC remedial action scheme catalog summary [Internet]; 2008
29.
V. Kumar Singh, A. Ozen, M. Govindarasu, “Stealthy cyber attacks and impact analysis on wide-area protection of smart grid,”, North American Power Symposium (NAPS). Denver, CO 2016, 1–6 (2016)
30.
V.K. Singh, “Evaluation of Anomaly Detection for Wide-Area Protection Using Cyber Federation Testbed,”, et al., IEEE Power & Energy Society General Meeting (PESGM). Atlanta, GA, USA 2019, 1–5 (2019)
Metadaten
Titel
Cyber Kill Chain-Based Hybrid Intrusion Detection System for Smart Grid
verfasst von
Vivek Kumar Singh
Manimaran Govindarasu
Copyright-Jahr
2021
Buch
Wide Area Power Systems Stability, Protection, and Security

Print ISBN: 978-3-030-54274-0

Electronic ISBN: 978-3-030-54275-7

Copyright-Jahr: 2021

DOI
https://doi.org/10.1007/978-3-030-54275-7_22