On the practicality of detecting anomalies with encrypted traffic in AMI

Encryption is a key ingredient in the preservation of the confidentiality of network communications but can also be at odds with the mission of Intrusion Detection Systems (IDSes) to monitor traffic. This affects Advanced Metering Infrastructures (AMIs) too where the scale of the network and the sensitivity of communication make deploying IDSes along with encryption solutions mandatory. In this paper, we study four different approaches for reconciling the twin goals of confidentiality and monitoring by investigating their practical use on a set of real-world packet-level traces collected at an operational AMI network.

[1]  Andrew W. Moore,et al.  Internet traffic classification using bayesian analysis techniques , 2005, SIGMETRICS '05.

[2]  William H. Sanders,et al.  Monitoring Advanced Metering Infrastructures with Amilyzer , 2013 .

[3]  Dmitry Podkuiko,et al.  Multi-vendor penetration testing in the advanced metering infrastructure , 2010, ACSAC '10.

[4]  Renata Teixeira,et al.  Early Recognition of Encrypted Applications , 2007, PAM.

[5]  Renata Teixeira,et al.  Traffic classification on the fly , 2006, CCRV.

[6]  William H. Sanders,et al.  Reconciling security protection and monitoring requirements in Advanced Metering Infrastructures , 2013, 2013 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[7]  Maarten Hoeve,et al.  Detecting intrusions in encrypted control traffic , 2013, SEGS '13.

[8]  Renata Teixeira,et al.  Early application identification , 2006, CoNEXT '06.

[9]  Gabi Dreo Rodosek,et al.  Command Evaluation in Encrypted Remote Sessions , 2010, 2010 Fourth International Conference on Network and System Security.

[10]  Michalis Faloutsos,et al.  BLINC: multilevel traffic classification in the dark , 2005, SIGCOMM '05.

[11]  A.F. Snyder,et al.  The ANSI C12 protocol suite - updated and now with network capabilities , 2007, 2007 Power Systems Conference: Advanced Metering, Protection, Control, Communication, and Distributed Resources.

[12]  Ehab Al-Shaer,et al.  Configuration-based IDS for advanced metering infrastructure , 2013, CCS.