Malicious Code Detection Scheme Based on CWRNN for Microgrid Controllers

With the increase of power terminal devices and IoT devices which are accessed to the power grid, their security issues are becoming more and more important. While the microgrid controllers are served as the central core of the entire microgrid, the attacks on microgrid controllers and other power end devices have been launched in recent years. It’s obvious that the current safety protection measures for power end devices are insufficient. However, microgrid controllers cannot be protected by traditional intrusion detection systems or anti-virus software. Motivated by these concerns, this paper proposes a non-intrusive malicious code security monitoring scheme based on a power side channel. The core idea is to measure the power consumption data of the microgrid controller, to extract the power consumption feature, and to identify the abnormality sample through CWRNN neural network to determine whether the microgrid controller is attacked or not. The advantage of this method is that it can effectively detect unknown attacks without modifying the original software system. What’s more, the method is evaluated in the experimental test, and the detection accuracy can reach to 92%.

[1]  Mehmet Kayaalp,et al.  Signature-Based Protection from Code Reuse Attacks , 2015, IEEE Transactions on Computers.

[2]  Zhao Yang Dong,et al.  The 2015 Ukraine Blackout: Implications for False Data Injection Attacks , 2017, IEEE Transactions on Power Systems.

[3]  Konstantinos I. Diamantaras,et al.  Side-Channel-Based Code-Execution Monitoring Systems: A Survey , 2019, IEEE Signal Processing Magazine.

[4]  H. Vincent Poor,et al.  BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid , 2018, USENIX Security Symposium.

[5]  Nitish Srivastava,et al.  Dropout: a simple way to prevent neural networks from overfitting , 2014, J. Mach. Learn. Res..

[6]  Thomas P. Hayes,et al.  Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers , 2018, CCS.

[7]  Karel Bartos,et al.  Optimized Invariant Representation of Network Traffic for Detecting Unseen Malware Variants , 2016, USENIX Security Symposium.

[8]  Yuan Yu,et al.  TensorFlow: A system for large-scale machine learning , 2016, OSDI.

[9]  Geoffrey E. Hinton,et al.  On the importance of initialization and momentum in deep learning , 2013, ICML.

[10]  B. Wu,et al.  Detecting APT Malware Infections Based on Malicious DNS and Traffic Analysis , 2015, IEEE Access.

[11]  Kibet Langat,et al.  Cyber security challenges for IoT-based smart grid networks , 2019, Int. J. Crit. Infrastructure Prot..

[12]  Yi Zhou,et al.  Understanding the Mirai Botnet , 2017, USENIX Security Symposium.

[13]  Konrad Rieck,et al.  Automatically Inferring Malware Signatures for Anti-Virus Assisted Attacks , 2017, AsiaCCS.

[14]  Michael A. Temple,et al.  Detecting anomalous programmable logic controller behavior using RF-based Hilbert transform features and a correlation-based verification process , 2015, Int. J. Crit. Infrastructure Prot..