Intrusion Detection and Prevention for ZigBee-Based Home Area Networks in Smart Grids

In this paper, we present a novel intrusion detection and prevention system for ZigBee-based home area networks in smart grids, HANIDPS. HANIDPS employs a model-based intrusion detection mechanism as well as a machine learning-based intrusion prevention system to protect the network against a wide range of attack types. The detection module extracts network features and analyzes them to decide whether the network is in a normal state. We use smart energy profile 2.0 specification as well as IEEE 802.15.4 standard to precisely characterize the expected normal behavior. A set of defensive actions are defined for the prevention system which are effective in stopping various attack types. HANIDPS uses Q-learning and through interactions with environment learns the best strategy against an attack. Use of model-based approach for intrusion detection and dynamic learning for intrusion prevention, as well as employment of effective mechanisms to stop the attacks, provide a high performance for HANIDPS without the need for prior knowledge of the attacks. Soundness of the proposed method is evaluated through extensive analysis and experiments.

[1]  Deepa Kundur,et al.  Bloom filter based intrusion detection for smart grid SCADA , 2012, 2012 25th IEEE Canadian Conference on Electrical and Computer Engineering (CCECE).

[2]  Avishai Wool,et al.  Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems , 2013, Int. J. Crit. Infrastructure Prot..

[3]  Victor C. M. Leung,et al.  Spoofing prevention using received signal strength for ZigBee-based home area networks , 2013, 2013 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[4]  S. Mauw,et al.  Specification-based intrusion detection for advanced metering infrastructures , 2022 .

[5]  Annabelle Lee,et al.  Guidelines for Smart Grid Cyber Security , 2010 .

[6]  Yishay Mansour,et al.  Learning Rates for Q-learning , 2004, J. Mach. Learn. Res..

[7]  Chi Zhou,et al.  Developing ZigBee Deployment Guideline Under WiFi Interference for Smart Grid Applications , 2011, IEEE Transactions on Smart Grid.

[8]  Victor C. M. Leung,et al.  Specification-based Intrusion Detection for home area networks in smart grids , 2011, 2011 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[9]  Dmitry Podkuiko,et al.  Multi-vendor penetration testing in the advanced metering infrastructure , 2010, ACSAC '10.

[10]  Jelena V. Misic,et al.  An intrusion detection system for smart grid neighborhood area network , 2014, 2014 IEEE International Conference on Communications (ICC).

[11]  William H. Sanders,et al.  AMI threats, intrusion detection requirements and deployment recommendations , 2012, 2012 IEEE Third International Conference on Smart Grid Communications (SmartGridComm).

[12]  William H. Sanders,et al.  Intrusion Detection for Advanced Metering Infrastructures: Requirements and Architectural Directions , 2010, 2010 First IEEE International Conference on Smart Grid Communications.

[13]  Ing-Ray Chen,et al.  Behavior-Rule Based Intrusion Detection Systems for Safety Critical Smart Grid Applications , 2013, IEEE Transactions on Smart Grid.

[14]  Nirwan Ansari,et al.  CONSUMER: A Novel Hybrid Intrusion Detection System for Distribution Networks in Smart Grid , 2013, IEEE Transactions on Emerging Topics in Computing.

[15]  Karthik Pattabiraman,et al.  A model for security analysis of smart meters , 2012, IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN 2012).

[16]  Robert C. Green,et al.  Intrusion Detection System in A Multi-Layer Network Architecture of Smart Grids by Yichi , 2015 .

[17]  David Martins,et al.  Attacks with Steganography in PHY and MAC Layers of 802.15.4 Protocol , 2010, 2010 Fifth International Conference on Systems and Networks Communications.

[18]  Shusen Yang,et al.  Detection of false data injection attacks in smart-grid systems , 2015, IEEE Communications Magazine.

[19]  Ehab Al-Shaer,et al.  Two-tier data-driven intrusion detection for automatic generation control in smart grid , 2014, 2014 IEEE Conference on Communications and Network Security.

[20]  David Tipper,et al.  Advanced Metering and Demand Response communication performance in Zigbee based HANs , 2013, 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[21]  F. Freiling,et al.  Towards Intrusion Detection in Wireless Sensor Networks , 2007 .

[22]  Victor C. M. Leung,et al.  Spoofing detection in IEEE 802.15.4 networks based on received signal strength , 2013, Ad Hoc Networks.