A hybrid network IDS for protective digital relays in the power transmission grid

In this paper, we propose a novel use of network intrusion detection systems (NIDSs) tailored to detect attacks against networks that support hybrid controllers that implement power grid protection schemes. In our approach, we implement specification-based intrusion detection signatures based on the execution of the hybrid automata that specify the communication rules and physical limits that the system should obey. To validate our idea, we developed an experimental framework consisting of a simulation of the physical system and an emulation of the master controller, which serves as the digital relay that implements the protection mechanism. Our Hybrid Control NIDS (HC-NIDS) continuously monitors and analyzes the network traffic exchanged within the physical system. It identifies traffic that deviates from the expected communication pattern or physical limitations, which could place the system in an unsafe mode of operation. Our experimental analysis demonstrates that our approach is able to detect a diverse range of attack scenarios aimed at compromising the physical process by leveraging information about the physical part of the power system.

[1]  Ieee Standards Board IEEE standard electrical power system device function numbers , 1991 .

[2]  Enrico Zio,et al.  Vulnerability Analysis of a Power Transmission System , 2008 .

[3]  Teresa F. Lunt,et al.  A survey of intrusion detection techniques , 1993, Comput. Secur..

[4]  Bruno Sinopoli,et al.  False Data Injection Attacks in Electricity Markets , 2010, 2010 First IEEE International Conference on Smart Grid Communications.

[5]  T. Henzinger The theory of hybrid automata , 1996, LICS 1996.

[6]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[7]  Ing-Ray Chen,et al.  A survey of intrusion detection techniques for cyber-physical systems , 2014, ACM Comput. Surv..

[8]  Vern Paxson,et al.  Outside the Closed World: On Using Machine Learning for Network Intrusion Detection , 2010, 2010 IEEE Symposium on Security and Privacy.

[9]  Wenye Wang,et al.  Review and evaluation of security threats on the communication networks in the smart grid , 2010, 2010 - MILCOM 2010 MILITARY COMMUNICATIONS CONFERENCE.

[10]  Igor Nai Fovino,et al.  State-Based Network Intrusion Detection Systems for SCADA Protocols: A Proof of Concept , 2009, CRITIS.

[11]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[12]  Rayford B. Vaughn,et al.  Deterministic Intrusion Detection Rules for MODBUS Protocols , 2013, 2013 46th Hawaii International Conference on System Sciences.

[13]  Ian Dobson,et al.  Determining the Vulnerabilities of the Power Transmission System , 2012, 2012 45th Hawaii International Conference on System Sciences.

[14]  Yi Deng,et al.  Vulnerabilities and Countermeasures - A Survey on the Cyber Security Issues in the Transmission Subsystem of a Smart Grid , 2012, J. Cyber Secur. Mobil..

[15]  Anna Scaglione,et al.  Hybrid Control Network Intrusion Detection Systems for Automated Power Distribution Systems , 2014, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[16]  S. Mauw,et al.  Specification-based intrusion detection for advanced metering infrastructures , 2022 .

[17]  Alvaro A. Cárdenas,et al.  Attacks against process control systems: risk assessment, detection, and response , 2011, ASIACCS '11.