Causal event graphs cyber-physical system intrusion detection system

This paper proposes to model the causal relationship between devices in a cyber-physical system using a Bayesian Networks and a new Bayesian Network expansion called causal event graphs. Unique paths through causal event graphs are used to model deterministic signatures which can be used by an intrusion detection system to classify events. A case study is provided to demonstrate the effectiveness of the method for classifying cyber and physical events in an electric transmission system. Bulk electric transmission systems are dynamic cyber-physical systems. Cyber monitoring and control systems are used to remotely operate the power system and to detect and react to physical disturbances. The communication layer associated with this monitoring and control functionality also enables cyber attacks against transmission systems. Existing regulations require utilities to use monitoring techniques such as intrusion detection systems to monitor cyber activity at electronic security perimeter boundaries. Recent attacks demonstrate that monitoring restricted to boundaries is insufficient to detect all attack threats. The methodology described in this paper provides a means to develop a model based defense in depth solution for electric transmission system intrusion detection.

[1]  Ulises Cortés,et al.  Learning Causal Networks from Data: A Survey and a New Algorithm for Recovering Possibilistic Causal Networks , 1997, AI Commun..

[2]  G. Clark,et al.  Reference , 2008 .

[3]  Rayford B. Vaughn,et al.  A Retrofit Network Intrusion Detection System for MODBUS RTU and ASCII Industrial Control Systems , 2012, 2012 45th Hawaii International Conference on System Sciences.

[4]  Roger L. King,et al.  Cybersecurity risk testing of substation phasor measurement units and phasor data concentrators , 2011, CSIIRW '11.

[5]  Vaithianathan Venkatasubramanian,et al.  A Real-Time Wide-Area Control Framework for Mitigating Small-Signal Instability in Large Electric Power Systems , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[6]  JAIME QUINTERO RESTREPO,et al.  A REAL-TIME WIDE-AREA CONTROL FOR MITIGATING SMALL-SIGNAL INSTABILITY IN LARGE ELECTRIC POWER SYSTEMS , 2005 .

[7]  Jean Claude Maun Adv antages of power system state estimation using Phasor Measurement Units , 2008 .

[8]  M. Hurtgen,et al.  Advantages of power system state estimation using Phasor Measurement Units , 2008 .

[9]  Wenzhong Gao,et al.  Wide-area monitoring and recognition for power system disturbances using data mining and knowledge discovery (dmkd) theory , 2010 .

[10]  Dale Peterson,et al.  Quickdraw: Generating Security Log Events for Legacy SCADA and Control System Devices , 2009, 2009 Cybersecurity Applications & Technology Conference for Homeland Security.