Detecting Attacks in Electric Power System Critical Infrastructure Using Rough Classifi cation Algorithm

This paper presents an alternative technique for improving the security of Electric Power Control Systems by implementing anomaly detection methods to identify attacks and faults. By using Rough Sets Classifi cation Algorithm, a set of rules can be defi ned. The alternative approach tries to reduce the number of input variables and the number of examples, offering a more compact set of examples to fi x the rules to the anomaly detection process. An illustrative example is presented.

[1]  S. T. Sarasamma,et al.  Hierarchical Kohonenen net for anomaly detection in network security , 2005, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[2]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[3]  Peter Mell,et al.  Intrusion Detection Systems , 2001 .

[4]  Enrico Tronci,et al.  Electric Power System Anomaly Detection Using Neural Networks , 2004, KES.

[5]  X. Li,et al.  A supervised clustering and classification algorithm for mining data with mixed variables , 2006, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[6]  Roberto Battiti,et al.  Identifying intrusions in computer networks with principal component analysis , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[7]  Symeon Papavassiliou,et al.  Network intrusion and fault detection: a statistical anomaly approach , 2002, IEEE Commun. Mag..

[8]  Stefan Axelsson,et al.  Intrusion Detection Systems: A Survey and Taxonomy , 2002 .

[9]  G. Lambert-Torres,et al.  Application of rough sets in power system control center data mining , 2002, 2002 IEEE Power Engineering Society Winter Meeting. Conference Proceedings (Cat. No.02CH37309).

[10]  John McHugh,et al.  Intrusion and intrusion detection , 2001, International Journal of Information Security.

[11]  Jerzy W. Grzymala-Busse,et al.  Rough Sets , 1995, Commun. ACM.

[12]  John McHugh,et al.  The Role of Intrusion Detection Systems , 2000 .

[13]  Malcolm I. Heywood,et al.  Training genetic programming on half a million patterns: an example from anomaly detection , 2005, IEEE Transactions on Evolutionary Computation.

[14]  Erland Jonsson,et al.  Survey of Intrusion Detection Research , 2002 .

[15]  Albert Y. Zomaya,et al.  Dependable computing systems : paradigms, performance issues, and applications , 2005 .

[16]  Andrew H. Sung,et al.  Intrusion detection using neural networks and support vector machines , 2002, Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290).

[17]  Ning Lu,et al.  Safeguarding SCADA Systems with Anomaly Detection , 2003, MMM-ACNS.

[18]  M. Naedele,et al.  Standardizing industrial IT security - a first look at the IEC approach , 2005, 2005 IEEE Conference on Emerging Technologies and Factory Automation.

[19]  Peter G. Neumann,et al.  EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances , 1997, CCS 2002.

[20]  Adriano Mauro Cansian Desenvolvimento de um sistema adaptativo de detecção de intrusos em redes de computadores , 1997 .

[21]  George W Bush,et al.  The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets , 2003 .

[22]  Jan Metzger,et al.  International CIIP Handbook , 2004 .

[23]  John Bigham,et al.  Test data for anomaly detection in the electricity infrastructure , 2006, Int. J. Crit. Infrastructures.

[24]  R. Sekar,et al.  Specification-based anomaly detection: a new approach for detecting network intrusions , 2002, CCS '02.

[25]  Richard Oyen Making Sense of the Myriad of Manufacturing and Control System Security Standards , 2005 .

[26]  Karl N. Levitt,et al.  Automated detection of vulnerabilities in privileged programs by execution monitoring , 1994, Tenth Annual Computer Security Applications Conference.