METIS: a two-tier intrusion detection system for advanced metering infrastructures

Specification-based intrusion detection systems, the main defense mechanism proposed so far for Advanced Metering Infrastructures, do not provide a comprehensive protection against the wide spectrum of possible attack scenarios. Challenging aspects in this context include the need for timely detection and for novel attack scenario modeling techniques. This paper introduces METIS, a novel two-tier anomaly-based intrusion detection framework that targets such challenges. The framework provides a continuous and fully distributed processing of network traffic by relying on the data streaming processing paradigm. Attack scenarios can be specified by means of the traffic features they affect and their resulting patterns of malicious activities. We overview the framework, presenting the novel detection technique, and provide results from a case study.

[1]  Hans-Peter Kriegel,et al.  LOF: identifying density-based local outliers , 2000, SIGMOD '00.

[2]  Pieter H. Hartel,et al.  MELISSA: Towards Automated Detection of Undesirable User Actions in Critical Infrastructures , 2011, 2011 Seventh European Conference on Computer Network Defense.

[3]  Ulf Lindqvist,et al.  Using Model-based Intrusion Detection for SCADA Networks , 2006 .

[4]  Simin Nadjm-Tehrani,et al.  Embedded Cyber-Physical Anomaly Detection in Smart Meters , 2012, CRITIS.

[5]  Valentin Tudor,et al.  Remote Control of Smart Meters: Friend or Foe? , 2011, 2011 Seventh European Conference on Computer Network Defense.

[6]  Ing-Ray Chen,et al.  Behavior-Rule Based Intrusion Detection Systems for Safety Critical Smart Grid Applications , 2013, IEEE Transactions on Smart Grid.

[7]  S. Mauw,et al.  Specification-based intrusion detection for advanced metering infrastructures , 2022 .

[8]  Ernest Foo,et al.  Gap analysis of intrusion detection in smart grids , 2011 .

[9]  Dmitry Podkuiko,et al.  Multi-vendor penetration testing in the advanced metering infrastructure , 2010, ACSAC '10.

[10]  Göran N Ericsson,et al.  Cyber Security and Power System Communication—Essential Parts of a Smart Grid Infrastructure , 2010, IEEE Transactions on Power Delivery.

[11]  Alfonso Valdes,et al.  Adaptive, Model-Based Monitoring for Cyber Attack Detection , 2000, Recent Advances in Intrusion Detection.

[12]  Yogesh L. Simmhan,et al.  Adaptive rate stream processing for smart grid applications on clouds , 2011, ScienceCloud '11.

[13]  Richard Lippmann,et al.  The 1999 DARPA off-line intrusion detection evaluation , 2000, Comput. Networks.

[14]  Michael Stonebraker,et al.  The 8 requirements of real-time stream processing , 2005, SGMD.

[15]  John R. Williams,et al.  Securing Advanced Metering Infrastructure Using Intrusion Detection System with Data Stream Mining , 2012, PAISI.

[16]  Nir Friedman,et al.  Bayesian Network Classifiers , 1997, Machine Learning.

[17]  William H. Sanders,et al.  AMI threats, intrusion detection requirements and deployment recommendations , 2012, 2012 IEEE Third International Conference on Smart Grid Communications (SmartGridComm).

[18]  William H. Sanders,et al.  Intrusion Detection for Advanced Metering Infrastructures: Requirements and Architectural Directions , 2010, 2010 First IEEE International Conference on Smart Grid Communications.

[19]  Claudio Soriente,et al.  StreamCloud: An Elastic and Scalable Data Streaming System , 2012, IEEE Transactions on Parallel and Distributed Systems.

[20]  Y. Simmhan,et al.  Towards Reliable, Performant Workflows for Streaming-Applications on Cloud Platforms , 2011, 2011 11th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing.

[21]  Hervé Debar,et al.  A serial combination of anomaly and misuse IDSes applied to HTTP traffic , 2004, 20th Annual Computer Security Applications Conference.

[22]  Prashant J. Shenoy,et al.  Private memoirs of a smart meter , 2010, BuildSys '10.

[23]  Dmitry Podkuiko,et al.  Energy Theft in the Advanced Metering Infrastructure , 2009, CRITIS.

[24]  Nathan L. Clarke,et al.  A Two-Tier Intrusion Detection System for Mobile Ad Hoc Networks - A Friend Approach , 2006, ISI.