Detecting anomalies in network traffic using maximum entropy estimation
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Principles of Model Checking (Representation and Mind Series)
Principles of Model Checking (Representation and Mind Series)
McPAD: A multiple classifier system for accurate payload-based anomaly detection
Computer Networks: The International Journal of Computer and Telecommunications Networking
Energy theft in the advanced metering infrastructure
CRITIS'09 Proceedings of the 4th international conference on Critical information infrastructures security
Multi-vendor penetration testing in the advanced metering infrastructure
Proceedings of the 26th Annual Computer Security Applications Conference
Specification-Based Intrusion Detection for Advanced Metering Infrastructures
PRDC '11 Proceedings of the 2011 IEEE 17th Pacific Rim International Symposium on Dependable Computing
On the estimation of the order of a Markov chain and universal data compression
IEEE Transactions on Information Theory
Securing advanced metering infrastructure using intrusion detection system with data stream mining
PAISI'12 Proceedings of the 2012 Pacific Asia conference on Intelligence and Security Informatics
Evaluating electricity theft detectors in smart grid networks
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
| Hi-index | 0.00 |
Smart grid deployment initiatives have been witnessed in the past recent years. Smart grids provide bi-directional communication between meters and headend system through Advanced Metering Infrastructure (AMI). Recent studies highlight the threats targeting AMI. Despite the need of tailored Intrusion Detection Systems (IDS) for the smart grid, very limited progress has been made in this area. Unlike traditional networks, smart grid has its own unique challenges, such as limited computational power devices and potentially high deployment cost, that restrict the deployment options of intrusion detectors. We show that smart grid exhibits deterministic and predictable behavior that can be accurately modeled to develop intrusion detection system. In this paper, we show that AMI behavior can be modeled using event logs collected at smart collectors, which in turn can be verified using the specifications invariant generated from the configurations of the AMI devices. Event logs are modeled using fourth order Markov Chain and specifications are written in Linear Temporal Logic (LTL). The approach provides robustness against evasion and mimicry attacks, however, we discuss that it still can be evaded to a certain extent. We validate our approach on a real-world dataset of thousands of meters collected at the AMI of a leading utility provider.