Hybrid Control Network Intrusion Detection Systems for Automated Power Distribution Systems

Parvania, Masood; Koutsandria, Georgia; Muthukumary, Vishak; Peisert, Sean; McParland, Chuck; Scaglione, Anna

doi:10.1109/dsn.2014.81

Cited by 44 publications

(26 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In our earlier work [14], we presented a hybrid control NIDS (HC-NIDS) for automated power distribution systems, where we focused on the "fault location, isolation, and service restoration (FLISR)" process. In this paper, our case study is a typical protection mechanism implemented through digital relays used in the power transmission grid.…”

Section: B Related Work and Contributionmentioning

confidence: 99%

A hybrid network IDS for protective digital relays in the power transmission grid

Koutsandria

Muthukumar

Parvania

et al. 2014

2014 IEEE International Conference on Smart Grid Communications (SmartGridComm)

Self Cite

View full text Add to dashboard Cite

In this paper, we propose a novel use of network intrusion detection systems (NIDSs) tailored to detect attacks against networks that support hybrid controllers that implement power grid protection schemes. In our approach, we implement specification-based intrusion detection signatures based on the execution of the hybrid automata that specify the communication rules and physical limits that the system should obey. To validate our idea, we developed an experimental framework consisting of a simulation of the physical system and an emulation of the master controller, which serves as the digital relay that implements the protection mechanism. Our Hybrid Control NIDS (HC-NIDS) continuously monitors and analyzes the network traffic exchanged within the physical system. It identifies traffic that deviates from the expected communication pattern or physical limitations, which could place the system in an unsafe mode of operation. Our experimental analysis demonstrates that our approach is able to detect a diverse range of attack scenarios aimed at compromising the physical process by leveraging information about the physical part of the power system

show abstract

Section: B Related Work and Contributionmentioning

confidence: 99%

A hybrid network IDS for protective digital relays in the power transmission grid

Koutsandria

Muthukumar

Parvania

et al. 2014

2014 IEEE International Conference on Smart Grid Communications (SmartGridComm)

Self Cite

View full text Add to dashboard Cite

show abstract

“…In [13] both AI and Genetic Algorithm (GA) are used in order to have protection from different attacks. Intrusion detection methods in IoT [14], [17] and cyber security mechanisms [15], botnet control traffic detection [16], attack detection in Wireless Sensor Networks (WSNs) [18], Hybrid approach in attack detection in MANET [19] and detection methods for virtual jamming methods [20] are other solutions found in literature. It is understood from the review that there is need for a hybrid approach for detecting different kinds of DDoS attacks in WAN.…”

Section: Figure 1: Ddos Flooding Attack Scenario [21]mentioning

confidence: 99%

A Hybrid Model for Detecting DDoS Attacks in Wide Area Networks

Arshad¹,

Hussain²

2019

IJRTE

View full text Add to dashboard Cite

Wide Area Networks (WANs) are subjected massive Denial of Service (DoS) attacks known as Distributed Denial of Service (DDoS) attacks. There are many distributed computing use cases in the real world. They include banking, insurance, e-Commerce and a host of other applications. In distributed environments, these applications are targeted by adversaries for launching DDoS attacks of various kinds. Such attacks cause the servers to be very busy answering fake traffic from the compromised nodes used by attackers from behind the scene. Large number of computers over Internet are compromised by attackers and through such machines DDoS attack is made. The server machines that provide services to genuine users become victims of such attacks. Detecting DDoS attacks is difficult in the presence of flash crowds that resembles DDoS traffic. As there are different kinds of DDoS attacks, it is understood, from the literature, that there is need for further research to have a comprehensive framework for detecting different kinds of DDoS attacks. In this paper we proposed a hybrid approach for detecting various kinds of DDoS attacks and simulation study is made to have proof of the concept. The results of the experiments revealed that the proposed methodology is useful to detect DDoS attacks in wide area networks.

show abstract

“…By monitoring the associated DNP3 traffic, we showed that this model allows useful real-time comparisons between relay state and line fault indicators and a simplified topological model of an actual feeder circuit. 13 By developing Bro scripts that are cognizant of the required operation of the FLISR system, we were able to evaluate a variety of attacks against the FLISR system that would cause it to fail to respond appropriately.…”

Section: Demonstration Scenariosmentioning

confidence: 99%