BLITHE: Behavior Rule-Based Insider Threat Detection for Smart Grid

In this paper, we propose a behavior rule-based methodology for insider threat (BLITHE) detection of data monitor devices in smart grid, where the continuity and accuracy of operations are of vital importance. Based on the dc power flow model and state estimation model, three behavior rules are extracted to depict the behavior norms of each device, such that a device (trustee) that is being monitored on its behavior can be easily checked on the deviation from the behavior specification. Specifically, a rule-weight and compliance-distance-based grading strategy is designed, which greatly improves the effectiveness of the traditional grading strategy for evaluation of trustees. The statistical property, i.e., the mathematical expectation of compliance degree of each trustee, is particularly analyzed from both theoretical and practical perspectives, which achieves satisfactory tradeoff between detection accuracy and false alarms to detect more sophisticated and hidden attackers. In addition, based on real data run in POWER WORLD for IEEE benchmark power systems, and through comparative analysis, we demonstrate that BLITHE outperforms the state of arts for detecting abnormal behaviors in pervasive smart grid applications.

[1]  Steven J. Greenwald,et al.  Proceedings of the 2001 workshop on New security paradigms , 2001 .

[2]  Ing-Ray Chen,et al.  Behavior Rule Specification-Based Intrusion Detection for Safety Critical Medical Cyber Physical Systems , 2015, IEEE Transactions on Dependable and Secure Computing.

[3]  Peng Ning,et al.  False data injection attacks against state estimation in electric power grids , 2009, CCS.

[4]  Bruno Dutertre Formal Modeling and Analysis of the Modbus Protocol , 2007, Critical Infrastructure Protection.

[5]  Ing-Ray Chen,et al.  Behavior-Rule Based Intrusion Detection Systems for Safety Critical Smart Grid Applications , 2013, IEEE Transactions on Smart Grid.

[6]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.

[7]  Ulf Lindqvist,et al.  Using Model-based Intrusion Detection for SCADA Networks , 2006 .

[8]  Giovanni Vigna,et al.  Testing network-based intrusion detection signatures using mutant exploits , 2004, CCS '04.

[9]  Yun Gu,et al.  A novel method to detect bad data injection attack in smart grid , 2013, 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[10]  Insup Lee,et al.  Security Challenges in Next Generation Cyber Physical Systems , 2006 .

[11]  A ZadehLotfi Toward a theory of fuzzy information granulation and its centrality in human reasoning and fuzzy logic , 1997 .

[12]  M. S. Thomas,et al.  A secure way of exchanging the secret keys in advanced metering infrastructure , 2012, 2012 IEEE International Conference on Power System Technology (POWERCON).

[13]  Alvaro A. Cárdenas,et al.  Attacks against process control systems: risk assessment, detection, and response , 2011, ASIACCS '11.

[14]  John J. Grefenstette,et al.  Optimization of Control Parameters for Genetic Algorithms , 1986, IEEE Transactions on Systems, Man, and Cybernetics.

[15]  Jim Alves-Foss,et al.  NATE: Network Analysis of Anomalous Traffic Events, a low-cost approach , 2001, NSPW '01.

[16]  Ing-Ray Chen,et al.  Adaptive Intrusion Detection of Malicious Unmanned Air Vehicles Using Behavior Rule Specifications , 2014, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[17]  R. Belmans,et al.  Usefulness of DC power flow for active power flow analysis , 2005, IEEE Power Engineering Society General Meeting, 2005.

[18]  Deepa Kundur,et al.  Probing the telltale physics: Towards a cyber-physical protocol to mitigate information corruption in smart grid systems , 2012, 2012 IEEE Third International Conference on Smart Grid Communications (SmartGridComm).

[19]  Sheldon M. Ross,et al.  Introduction to probability models , 1975 .

[20]  Yang Xiao,et al.  Non-repudiation in neighborhood area networks for smart grid , 2013, IEEE Communications Magazine.

[21]  Xiaohui Liang,et al.  EPPA: An Efficient and Privacy-Preserving Aggregation Scheme for Secure Smart Grid Communications , 2012, IEEE Transactions on Parallel and Distributed Systems.

[22]  Xuemin Shen,et al.  Empowering the smart grid with wireless technologies [Editor's Note] , 2012, IEEE Netw..

[23]  Robert C. Green,et al.  Intrusion Detection System in A Multi-Layer Network Architecture of Smart Grids by Yichi , 2015 .

[24]  Victor C. M. Leung,et al.  Specification-based Intrusion Detection for home area networks in smart grids , 2011, 2011 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[25]  Samuel Patton,et al.  An Achilles Heel in Signature-Based IDS : Squealing False Positives in SNORT , 2001 .

[26]  Wenyuan Li Risk assessment of power systems , 2014 .

[27]  Matthew V. Mahoney,et al.  Network traffic anomaly detection based on packet bytes , 2003, SAC '03.

[28]  Panos Louvieris,et al.  Effects-based feature identification for network intrusion detection , 2013, Neurocomputing.

[29]  Chia-Feng Juang,et al.  Rule-Based Cooperative Continuous Ant Colony Optimization to Improve the Accuracy of Fuzzy System Design , 2014, IEEE Transactions on Fuzzy Systems.

[30]  Y. S. Brar,et al.  Optimal power flow using power world simulator , 2010, 2010 IEEE Electrical Power & Energy Conference.

[31]  Ray Klump,et al.  Distributed IP Watchlist Generation for Intrusion Detection in the Electrical Smart Grid , 2010, Critical Infrastructure Protection.

[32]  Lotfi A. Zadeh,et al.  Toward a theory of fuzzy information granulation and its centrality in human reasoning and fuzzy logic , 1997, Fuzzy Sets Syst..

[33]  A. Monticelli State estimation in electric power systems : a generalized approach , 1999 .

[34]  Jiming Chen,et al.  A Survey on Demand Response in Smart Grids: Mathematical Models and Approaches , 2015, IEEE Transactions on Industrial Informatics.

[35]  Giacomo Verticale,et al.  Implementation of a protocol for secure distributed aggregation of smart metering data , 2012, 2012 International Conference on Smart Grid Technology, Economics and Policies (SG-TEP).

[36]  M. Ribbens-Pavella,et al.  Bad Data Identification Methods In Power System State Estimation-A Comparative Study , 1985, IEEE Transactions on Power Apparatus and Systems.

[37]  Jeu-Min Lin,et al.  A Static State Estimation Approach Including Bad Data Detection and Identification in Power Systems , 2007, 2007 IEEE Power Engineering Society General Meeting.

[38]  Alfred Menezes,et al.  The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[39]  Bo Luo,et al.  S2A: secure smart household appliances , 2012, CODASPY '12.

[40]  Allen J. Wood,et al.  Power Generation, Operation, and Control , 1984 .

[41]  Wenyuan Li,et al.  Risk Assessment Of Power Systems: Models, Methods, and Applications , 2004 .

[42]  Ing-Ray Chen,et al.  Utilizing call admission control for pricing optimization of multiple service classes in wireless cellular networks , 2009, Comput. Commun..

[43]  S. Sutikno,et al.  An implementation of ElGamal elliptic curves cryptosystems , 1998, IEEE. APCCAS 1998. 1998 IEEE Asia-Pacific Conference on Circuits and Systems. Microelectronics and Integrating Systems. Proceedings (Cat. No.98EX242).

[44]  Robert C. Green,et al.  Artificial immune system based intrusion detection in a distributed hierarchical network architecture of smart grid , 2011, 2011 IEEE Power and Energy Society General Meeting.

[45]  H. F. Kluitenberg Security Risk Management in IT Small and Medium Enterprises , 2014 .

[46]  Bruno Sinopoli,et al.  Challenges for Securing Cyber Physical Systems , 2009 .

[47]  Jim Alves-Foss,et al.  NATE: Network Analysis ofAnomalousTrafficEvents, a low-cost approach , 2001 .

[48]  Antonio Alfredo Ferreira Loureiro,et al.  Decentralized intrusion detection in wireless sensor networks , 2005, Q2SWinet '05.

[49]  Ilya W. Slutsker Bad Data Identification in Power System State Estimation Based on Measurement Compensation and Linear Residual Calculation , 1989, IEEE Power Engineering Review.

[50]  Qian He,et al.  Smart grid monitoring for intrusion and fault detection with new locally optimum testing procedures , 2011, 2011 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[51]  S. Mauw,et al.  Specification-based intrusion detection for advanced metering infrastructures , 2022 .