A cloud-based openflow firewall for mitigation against DDoS attacks in smart grid AMI networks

Recent architectures for the advanced metering infrastructure (AMI) have incorporated several back-end systems that handle billing and other smart grid control operations. The non-availability of metering data when needed or the untimely delivery of data needed for control operations will undermine the activities of these back-end systems. Unfortunately, there are concerns that cyber attacks such as distributed denial of service (DDoS) will manifest in magnitude and complexity in a smart grid AMI network. Such attacks will range from a delay in the availability of end user's metering data to complete denial in the case of a grounded network. This paper proposes a cloud-based (IaaS) firewall for the mitigation of DDoS attacks in a smart grid AMI network. The proposed firewall has the ability of not only mitigating the effects of DDoS attack but can prevent the attack before they are launched. Our proposed firewall system leverages on cloud computing technology which has an added advantage of reducing the burden of data computations and storage for smart grid AMI back-end systems. The openflow firewall proposed in this study is a better security solution with regards to the traditional on-premises DoS solutions which cannot cope with the wide range of new attacks targeting the smart grid AMI network infrastructure. Simulation results generated from the study show that our model can guarantee the availability of metering/control data and could be used to improve the QoS of the smart grid AMI network under a DDoS attack scenario.

[1]  Siddharth Sridhar,et al.  Cyber–Physical System Security for the Electric Power Grid , 2012, Proceedings of the IEEE.

[2]  Dimitris P. Labridis,et al.  Cyber attack impact on critical Smart Grid infrastructures , 2014, ISGT 2014.

[3]  Ersin Dincelli,et al.  Using Features of Cloud Computing to Defend Smart Grid against DDoS Attacks , 2015 .

[4]  Kennedy O. Aduda,et al.  On Defining Information and Communication Technology Requirements and Associated Challenges for 'Energy and Comfort Active' Buildings , 2014, ANT/SEIT.

[5]  Ling Zheng,et al.  Applications of cloud computing in the smart grid , 2011, 2011 2nd International Conference on Artificial Intelligence, Management Science and Electronic Commerce (AIMSEC).

[6]  Nada Golmie,et al.  NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 2.0 , 2012 .

[7]  Anas AlMajali,et al.  Mitigating the Risk of Cyber Attack on Smart Grid Systems , 2014, CSER.

[8]  A. B. M. Shawkat Ali,et al.  A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing , 2012, Future Gener. Comput. Syst..

[9]  Mourad Debbabi,et al.  Communication security for smart grid distribution networks , 2013, IEEE Communications Magazine.

[10]  Shiyan Hu,et al.  Modeling distributed denial of service attack in advanced metering infrastructure , 2015, 2015 IEEE Power & Energy Society Innovative Smart Grid Technologies Conference (ISGT).

[11]  Saurabh Bagchi,et al.  A risk assessment tool for advanced metering infrastructures , 2014, 2014 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[12]  Paul Hofmann,et al.  Cloud computing and electricity , 2010, Commun. ACM.

[13]  Daniel Massey,et al.  Detection of invalid routing announcement in the Internet , 2002, Proceedings International Conference on Dependable Systems and Networks.

[14]  Bernardi Pranggono,et al.  Impact of Distributed Denial-of-Service Attack on Advanced Metering Infrastructure , 2015, Wireless Personal Communications.

[15]  M. Abliz Internet Denial of Service Attacks and Defense Mechanisms , 2011 .