Probabilistic model checking for AMI intrusion detection

Smart grids provide bi-directional communication between smart meters at user premises and utility provider for the purpose of efficient energy management through Advanced Metering Infrastructure (AMI). Recent studies have shown that the potential threats targeting AMI are significant. Despite the need of developing intrusion detection systems (IDS) tailored for the smart grid [4], very limited progress has been made in this area so far. Unlike traditional networks, smart grid has its unique challenges, such as limited computational power devices and potentially high deployment cost, which restrict the deployment options of intrusion detectors. However, smart grid exhibits behavior that can be accurately modeled based on its configuration, which can be exploited to design efficient intrusion detectors. In this paper, we show that AMI behavior can be modeled using event logs collected at smart collectors, which in turn can be verified using the specifications invariant generated from the configurations of the AMI devices. We model the AMI behavior using the fourth order Markov chain and the stochastic model is then probabilistically verified using specifications written in Linear Temporal Logic. Our model is capable of detecting malicious behavior in the AMI network due to intrusions or device malfunctioning. We validate our approach on a real-world dataset of thousands of meters collected at the AMI of a leading utility provider.

[1]  William H. Sanders,et al.  Intrusion Detection for Advanced Metering Infrastructures: Requirements and Architectural Directions , 2010, 2010 First IEEE International Conference on Smart Grid Communications.

[2]  Dmitry Podkuiko,et al.  Multi-vendor penetration testing in the advanced metering infrastructure , 2010, ACSAC '10.

[3]  Robert C. Green,et al.  Intrusion Detection System in A Multi-Layer Network Architecture of Smart Grids by Yichi , 2015 .

[4]  Neri Merhav,et al.  On the estimation of the order of a Markov chain and universal data compression , 1989, IEEE Trans. Inf. Theory.

[5]  Christel Baier,et al.  Principles of model checking , 2008 .

[6]  Christel Baier,et al.  PROBMELA: a modeling language for communicating probabilistic processes , 2004, Proceedings. Second ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2004. MEMOCODE '04..

[7]  Conversion and delivery of electrical energy in the 21st century , 2008, 2008 IEEE Power and Energy Society General Meeting - Conversion and Delivery of Electrical Energy in the 21st Century.

[8]  S. Mauw,et al.  Specification-based intrusion detection for advanced metering infrastructures , 2022 .

[9]  F.M. Cleveland,et al.  Cyber security issues for Advanced Metering Infrasttructure (AMI) , 2008, 2008 IEEE Power and Energy Society General Meeting - Conversion and Delivery of Electrical Energy in the 21st Century.

[10]  John R. Williams,et al.  Securing Advanced Metering Infrastructure Using Intrusion Detection System with Data Stream Mining , 2012, PAISI.