Bloom filter based intrusion detection for smart grid SCADA

Parthasarathy, Saranya; Kundur, Deepa

doi:10.1109/ccece.2012.6334816

Cited by 33 publications

(17 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In the first category, existing approaches [13,6,21,10,17,18] monitor the abnormal behaviors using predefined rules to detect attacks. SmartAnalyzer [18,14,19,17] detects possible attacks on advanced metering infrastructure (AMI).…”

Section: Related Workmentioning

confidence: 99%

“…Another behavior-rule based intrusion detection system, BRIDS [14], is proposed to secure the SCADA system in a distributed way. In [21], an idea of using bloomer-filter to detect intrusion in resource-constrained devices is proposed.…”

Section: Related Workmentioning

confidence: 99%

“…Multiple schemes, such as behavior-based scheme [14] and bloom-filter-based scheme [21], have been proposed. However, when we review the recent intrusion incidents conducted by targeted malware, such as the infamous Stuxnet malware, we find these IDS schemes are neither complete nor accurate.…”

Section: Introductionmentioning

confidence: 99%

“…Multiple different detection models, such as statistic-based [15], behavior-based [14] and bloom-filter-based [21], have been proposed. However, as a highly complicated control system, deploying similar or identical rules on different control components is not an ideal choice.…”

Section: Introductionmentioning

confidence: 99%

“…Advanced false data injection attack in targeted malware intrusion is becoming an emerging severe threat to the Supervisory Control And Data Acquisition (SCADA) system. Several intrusion detection schemes have been proposed previously [21,3]. However, designing an effective real-time detection system for a resource-constraint device is still an open problem for the research community.…”

mentioning

confidence: 99%

See 4 more Smart Citations

SRID: State Relation Based Intrusion Detection for False Data Injection Attacks in SCADA

Wang

Zhang

et al. 2014

Computer Security - ESORICS 2014

View full text Add to dashboard Cite

Abstract. Advanced false data injection attack in targeted malware intrusion is becoming an emerging severe threat to the Supervisory Control And Data Acquisition (SCADA) system. Several intrusion detection schemes have been proposed previously [21,3]. However, designing an effective real-time detection system for a resource-constraint device is still an open problem for the research community. In this paper, we propose a new relation-graph-based detection scheme to defeat false data injection attacks at the SCADA system, even when injected data may seemly fall within a valid/normal range. To balance effectiveness and efficiency, we design a novel detection model, alternation vectors with state relation graph. Furthermore, we propose a new inference algorithm to infer the injection point(s), i.e., the attack origin, in the system. We evaluate SRID with a real-world power plant simulator. The experiment results show that SRID can detect various false data injection attacks with a low false positive rate at 0.0125%. Meanwhile, SRID can dramatically reduce the search space of attack origins and accurately locate most of attack origins.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

mentioning

confidence: 99%

See 3 more Smart Citations

SRID: State Relation Based Intrusion Detection for False Data Injection Attacks in SCADA

Wang

Zhang

et al. 2014

Computer Security - ESORICS 2014

View full text Add to dashboard Cite

show abstract

Efficient implementations of Bloom filter using block RAMs and DSP slices on the FPGA

Wada

Matsumura

Yasudo

et al. 2019

Concurrency and Computation

View full text Add to dashboard Cite

This paper presents efficient FPGA implementations for the Bloom filter, in which a large set P of L-byte patterns are registered beforehand. Our Bloom filter circuit performs the byte stream pattern test such that it receives an input byte stream t and outputs the bit stream in every clock cycle. Each bit of the output bit stream is 1 if an L-byte sequence of t starting from the corresponding position is identical with one of the patterns in P. Our circuits use rolling hash functions to compute signatures of all patterns in P registered in Ultra RAMs of the Xilinx UltraScale+ FPGA VU9P. We present two types of implementations, DSP-based implementation and RAM-based implementation to compute rolling hash functions of L-byte sequences using DSP slices and Block RAMs in the FPGA, respectively. The experimental results show that both DSP-based and RAM-based Bloom filter circuits for 4800K patterns of length 1024 can perform the byte stream pattern test for 1.1 Gps and 1.3 Gbps input byte streams, respectively, with false positive probability 10 −12 . Moreover, we can configure DSP-based and RAM-based Bloom filter circuits for 100K patterns to work for 54.9 Gbps and 62.2 Gbps input byte streams, respectively, with false positive probability 10 −12 .

show abstract

Information Communication Technologies

Ict¹

2020

Encyclopedia of Education and Information Technologies

View full text Add to dashboard Cite

Bloom filter based intrusion detection for smart grid SCADA

Cited by 33 publications

References 4 publications

SRID: State Relation Based Intrusion Detection for False Data Injection Attacks in SCADA

SRID: State Relation Based Intrusion Detection for False Data Injection Attacks in SCADA

Efficient implementations of Bloom filter using block RAMs and DSP slices on the FPGA

Information Communication Technologies

Contact Info

Product

Resources

About