+1 Recommend
1 collections
      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      Towards A Stateful Analysis Framework for Smart Grid Network Intrusion Detection

      , ,
      4th International Symposium for ICS & SCADA Cyber Security Research 2016 (ICS-CSR)
      Cyber Security Research
      23 - 25 August 2016
      Framework, Network intrusion detection system, Stateful analysis, Smart grid


            Cybersecurity is a primary issue in the development of smarter grid systems. Smart grid systems utilize a number of application protocols in order to implement their devices and services, and the information in the application protocols is useful for intrusion detection which is one of major security solutions. Stateful analysis based intrusion detection monitors network and system behaviours and keeps tracks of the behaviours in order to make detection decisions. In smart grid systems, monitoring these behaviours requires expert knowledge and tailoring for particular application protocols. In this paper, we present a framework for smart grid intrusion detection allowing stateful analysis methods to define its stateful rules that can be run on an open source network intrusion detection system, Suricata, in order to process their stateful analysis. A stateful rule defines a particular state of smart grid devices and will be examined with incoming network traffic in order to find any match. We also develop an application for IEC 61850 stateful analysis to show how the proposed framework can be implemented and work.


            Author and article information

            August 2016
            August 2016
            : 124-131
            [0001]Centre for Secure Information Technologies, Queen’s University Belfast

            Belfast Northern Ireland, United Kingdom
            © Kang et al. Published by BCS Learning & Development Ltd. Proceedings of the 4th International Symposium for ICS & SCADA Cyber Security Research 2016

            This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

            4th International Symposium for ICS & SCADA Cyber Security Research 2016
            Queen’s Belfast University, UK
            23 - 25 August 2016
            Electronic Workshops in Computing (eWiC)
            Cyber Security Research

            1477-9358 BCS Learning & Development

            Self URI (article page): https://www.scienceopen.com/hosted-document?doi=10.14236/ewic/ICS2016.14
            Self URI (journal page): https://ewic.bcs.org/
            Electronic Workshops in Computing

            Applied computer science,Computer science,Security & Cryptology,Graphics & Multimedia design,General computer science,Human-computer-interaction
            Framework,Network intrusion detection system,Stateful analysis,Smart grid


            1. et al 2009 Anomaly-based network intrusion detection: Techniques systems and challenges Computers & Security 28 1 18 28

            2. 2016 Performance comparison and detection analysis in Snort and Suricata environment Wireless Personal Communications 1 12

            3. 2007 Snort IDS and IPS toolkit New York Syngress

            4. Suricata Suricata user guide ext-link-type="uri" xlink: href="https://redmine.openinfosecfoundation.org/projec">https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_User_Guide Accessed 17 05 2016

            5. 2013 The real story of Stuxnet IEEE Spectrum 50 48 53

            6. 2016 Confirmation of a coordinated attack on the Ukrainian power grid > ext-link-type="uri" xlink: href="https://ics.sans.org/blog/2016/01/09/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid">https://ics.sans.org/blog/2016/01/09/confirmation-of-a-coordinated-attack-on-the-ukrainian-power-grid 17 05 2016

            7. IEC 2007 Power systems management and associated information exchange - data and communications security IEC Standard 62351

            8. 2005 IEC TC57 security standards for the power system’s information infrastructure - beyond simple encryption Proc. of the IEEE PES Transmission and Distribution Conference and Exhibition 1079 1087

            9. 2007 Using model-based intrusion detection for SCADA networks Proc. of the SCADA Security Scientific Symposium 127 134

            10. 2014 A connection pattern-based approach to detect network traffic anomalies in critical infrastructures Proc. of the 7th European Workshop on System Security 1 6

            11. 2014 Machine learning for power system disturbance and cyber-attack discrimination Proc. of the 7th International Symposium on Resilient Control Systems 1 8

            12. 2014 Novel approach for detecting network anomalies for substation automation based on IEC 61850 Multimedia Tools and Applications 1 16

            13. 2014 An unsupervised anomaly-based detection approach for integrity attacks on SCADA systems Computers & Security 46 94 110

            14. 2010 An intrusion detection system for IEC 61850 automated substations IEEE Transactions on Power Delivery 25 4 2376 2383

            15. 2015 Sequence-aware intrusion detection in industrial control systems Proc. of the 1st ACM Workshop on Cyber-Physical System Security 13 24

            16. 2014 Detection of cyber intrusions using network-based messages for substation automation Proc. of the IEEE PES Innovative Smart Grid Technologies Conference 1 5

            17. 2015 Developing a hybrid intrusion detection system using data mining for power systems IEEE Transactions on Smart Grid 6 6 3104 3113

            18. Digital Bond, Quickdraw SCADA IDS >https ://www.digitalbond.com/tools/quickdraw/ Accessed 17 05 2016

            19. et al 2015 Investigating cyber-physical attacks against IEC 61850 photovoltaic inverter installations Proc. of 20th IEEE International Conference on Emerging Technologies and Factory Automation 1 8

            20. 2006 Overview of IEC 61850 and benefits Proc. of IEE Power Systems Conference and Exposition (PSCE) 623 630

            21. et al 2015 Lab tests: verifying that smart grid power converters are truly smart IEEE Power and Energy Magazine 13 2 30 42


            Comment on this article