Intrusion Detection for Advanced Metering Infrastructures: Requirements and Architectural Directions

The security of Advanced Metering Infrastructures (AMIs) is of critical importance. The use of secure protocols and the enforcement of strong security properties have the potential to prevent vulnerabilities from being exploited and from having costly consequences. However, as learned from experiences in IT security, prevention is one aspect of a comprehensive approach that must also include the development of a complete monitoring solution. In this paper, we explore the practical needs for monitoring and intrusion detection through a thorough analysis of the different threats targeting an AMI.

[1]  Hervé Debar,et al.  Aggregation and Correlation of Intrusion-Detection Alerts , 2001, Recent Advances in Intrusion Detection.

[2]  Marianne Winslett,et al.  Lightweight consistency enforcement schemes for distributed proofs with hidden subtrees , 2007, SACMAT '07.

[3]  R. Sekar,et al.  Specification-based anomaly detection: a new approach for detecting network intrusions , 2002, CCS '02.

[4]  Klara Nahrstedt,et al.  SMOCK: A Scalable Method of Cryptographic Key Management for Mission-Critical Wireless Ad-Hoc Networks , 2009, IEEE Transactions on Information Forensics and Security.

[5]  Mohy Mahmoud,et al.  Securing the AODV protocol using specification-based intrusion detection , 2006, Q2SWinet '06.

[6]  David Hutchison,et al.  OpenLIDS: a lightweight intrusion detection system for wireless mesh networks , 2009, MobiCom '09.

[7]  Miguel Correia,et al.  Specification-based Intrusion Detection System for Carrier Ethernet , 2007, WEBIST.

[8]  Dmitry Podkuiko,et al.  Energy Theft in the Advanced Metering Infrastructure , 2009, CRITIS.

[9]  Ulf Lindqvist,et al.  An intrusion detection system for wireless process control systems , 2008, 2008 5th IEEE International Conference on Mobile Ad Hoc and Sensor Systems.

[10]  Thomas Henry Ptacek,et al.  Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection , 1998 .

[11]  Macia-FernandezG.,et al.  Anomaly-based network intrusion detection , 2009 .

[12]  Sanjam Garg,et al.  Unified Architecture for Large-Scale Attested Metering , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[13]  Kôki Abe,et al.  Protocol specification-based intrusion detection system for VoIP (情報ネットワーク) , 2008 .

[14]  Karl N. Levitt,et al.  Formal Reasoning About a Specification-Based Intrusion Detection for Dynamic Auto-configuration Protocols in Ad Hoc Networks , 2005, Formal Aspects in Security and Trust.

[15]  Carl A. Gunter,et al.  Cumulative Attestation Kernels for Embedded Systems , 2009, IEEE Transactions on Smart Grid.

[16]  Tanya L. Brewer,et al.  Smart Grid Cyber Security Strategy and Requirements , 2009 .

[17]  F.M. Cleveland,et al.  Cyber security issues for Advanced Metering Infrasttructure (AMI) , 2008, 2008 IEEE Power and Energy Society General Meeting - Conversion and Delivery of Electrical Energy in the 21st Century.

[18]  Johnny S. Wong,et al.  On the symbiosis of specification-based and anomaly-based detection , 2010, Comput. Secur..

[19]  Marc Dacier,et al.  A revised taxonomy for intrusion-detection systems , 2000, Ann. des Télécommunications.

[20]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[21]  Sushil Jajodia,et al.  VoIP Intrusion Detection Through Interacting Protocol State Machines , 2006, International Conference on Dependable Systems and Networks (DSN'06).

[22]  Jean-Yves Le Boudec,et al.  Performance analysis of the CONFIDANT protocol , 2002, MobiHoc '02.

[23]  Carlos Maziero,et al.  Intrusion detection in virtual machine environments , 2004, Proceedings. 30th Euromicro Conference, 2004..

[24]  Eugene H. Spafford,et al.  An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[25]  Karl N. Levitt,et al.  Using Specification-Based Intrusion Detection for Automated Response , 2003, RAID.

[26]  Jean-Yves Le Boudec,et al.  Performance analysis of the CONFIDANT protocol , 2002, MobiHoc '02.

[27]  T. Goodspeed Low-level Design Vulnerabilities in Wireless Control Systems Hardware , 2008 .

[28]  Jason Smith,et al.  Specification-Based Intrusion Detection in WLANs , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[29]  Kôki Abe,et al.  A Protocol Specification-Based Intrusion Detection System for VoIP and Its Evaluation , 2008, IEICE Trans. Commun..