Application of Correlation Indices on Intrusion Detection Systems: Protecting the Power Grid Against Coordinated Attacks

The future power grid will be characterized by the pervasive use of heterogeneous and non-proprietary information and communication technology, which exposes the power grid to a broad scope of cyber-attacks. In particular, Monitoring-Control Attacks (MCA) --i.e., attacks in which adversaries manipulate control decisions by fabricating measurement signals in the feedback loop-- are highly threatening. This is because, MCAs are (i) more likely to happen with greater attack surface and lower cost, (ii) difficult to detect by hiding in measurement signals, and (iii) capable of inflicting severe consequences by coordinating attack resources. To defend against MCAs, we have developed a semantic analysis framework for Intrusion Detection Systems (IDS) in power grids. The framework consists of two parts running in parallel: a Correlation Index Generator (CIG), which indexes correlated MCAs, and a Correlation Knowledge-Base~(CKB), which is updated aperiodically with attacks' Correlation Indices (CI). The framework has the advantage of detecting MCAs and estimating attack consequences with promising runtime and detection accuracy. To evaluate the performance of the framework, we computed its false alarm rates under different attack scenarios.

[1]  Sabina Jeschke,et al.  Smart Cities: Foundations, Principles, and Applications , 2017 .

[2]  Charles E. Kahn,et al.  A common intrusion detection framework , 2000 .

[3]  Marc Dacier,et al.  Towards a taxonomy of intrusion-detection systems , 1999, Comput. Networks.

[4]  Ravishankar K. Iyer,et al.  Runtime Semantic Security Analysis to Detect and Mitigate Control-Related Attacks in Power Grids , 2018, IEEE Transactions on Smart Grid.

[5]  H. T. Mouftah,et al.  Optimal Trust System Placement in Smart Grid SCADA Networks , 2016, IEEE Access.

[6]  Chen-Ching Liu,et al.  Cybersecurity of SCADA Systems: Vulnerability assessment and mitigation , 2009, 2009 IEEE/PES Power Systems Conference and Exposition.

[7]  Stefan Axelsson,et al.  Intrusion Detection Systems: A Survey and Taxonomy , 2002 .

[8]  Saman A. Zonouz,et al.  CPIndex: Cyber-Physical Vulnerability Assessment for Power-Grid Infrastructures , 2015, IEEE Transactions on Smart Grid.

[9]  Wenxia Liu,et al.  Security Assessment for Communication Networks of Power Control Systems Using Attack Graph and MCDM , 2010, IEEE Transactions on Power Delivery.

[10]  Peng Ning,et al.  False data injection attacks against state estimation in electric power grids , 2011, TSEC.

[11]  Jiankang Wang,et al.  Defensing against measurement attacks on sub-transmission level , 2016, 2016 IEEE Power and Energy Society General Meeting (PESGM).

[12]  Bruno Sinopoli,et al.  False Data Injection Attacks in Electricity Markets , 2010, 2010 First IEEE International Conference on Smart Grid Communications.

[13]  Christian Moya,et al.  Attack path reconstruction from adverse consequences on power grids with a focus on Monitoring-Layer attacks , 2016, 2016 Joint Workshop on Cyber- Physical Security and Resilience in Smart Grids (CPSR-SG).

[14]  Oliver Kosut,et al.  Cyber attacks on AC state estimation: Unobservability and physical consequences , 2014, 2014 IEEE PES General Meeting | Conference & Exposition.

[15]  F. Bullo,et al.  Novel insights into lossless AC and DC power flow , 2013, 2013 IEEE Power & Energy Society General Meeting.

[16]  Andrew Ginter,et al.  Cyber-Based Contingency Analysis , 2016, IEEE Transactions on Power Systems.

[17]  Chen-Ching Liu,et al.  A coordinated cyber attack detection system (CCADS) for multiple substations , 2016, 2016 Power Systems Computation Conference (PSCC).

[18]  K. McLaughlin,et al.  Multiattribute SCADA-Specific Intrusion Detection System for Power Networks , 2014, IEEE Transactions on Power Delivery.

[19]  R D Zimmerman,et al.  MATPOWER: Steady-State Operations, Planning, and Analysis Tools for Power Systems Research and Education , 2011, IEEE Transactions on Power Systems.

[20]  Jiankang Wang,et al.  Developing correlation indices to identify coordinated cyber-attacks on power grids , 2019, IET Cyper-Phys. Syst.: Theory & Appl..

[21]  John Lygeros,et al.  Cyber-Attacks in the Automatic Generation Control , 2015 .

[22]  Oliver Kosut,et al.  Vulnerability Analysis and Consequences of False Data Injection Attack on Power System State Estimation , 2015, IEEE Transactions on Power Systems.

[23]  Zuyi Li,et al.  False Data Attacks Against AC State Estimation With Incomplete Network Information , 2017, IEEE Transactions on Smart Grid.

[24]  Siddharth Sridhar,et al.  Model-Based Attack Detection and Mitigation for Automatic Generation Control , 2014, IEEE Transactions on Smart Grid.

[25]  J. K. Wang,et al.  Analysis of Time Delay Attacks against Power Grid Stability , 2017, SPSR-SG@CPSWeek.

[26]  Chen-Ching Liu,et al.  Vulnerability Assessment of Cybersecurity for SCADA Systems Using Attack Trees , 2007, 2007 IEEE Power Engineering Society General Meeting.

[27]  John S. Baras,et al.  A framework for the evaluation of intrusion detection systems , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[28]  Mark Fabro,et al.  Control Systems Cyber Security: Defense-in-Depth Strategies , 2006 .

[29]  S. Sastry,et al.  SCADA-specific Intrusion Detection / Prevention Systems : A Survey and Taxonomy , 2010 .

[30]  Thomas H. Morris,et al.  Developing a Hybrid Intrusion Detection System Using Data Mining for Power Systems , 2015, IEEE Transactions on Smart Grid.

[31]  G. Manimaran,et al.  Vulnerability Assessment of Cybersecurity for SCADA Systems , 2008, IEEE Transactions on Power Systems.