2021 IEEE International Conference on Cyber Security and Resilience (CSR) 2021
DOI: 10.1109/csr51186.2021.9527928
|View full text |Cite
|
Sign up to set email alerts
|

Towards anomaly detection in smart grids by combining Complex Events Processing and SNMP objects

Abstract: This paper describes the architecture and the fundamental methodology of an anomaly detector, which by continuously monitoring Simple Network Management Protocol data and by processing it as complex-events, is able to timely recognize patterns of faults and relevant cyber-attacks. This solution has been applied in the context of smart grids, and in particular as part of a security and resilience component of the Information and Communication Technologies (ICT) Gateway, a middleware-based architecture that corr… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1

Citation Types

0
2
0

Year Published

2024
2024
2024
2024

Publication Types

Select...
1

Relationship

0
1

Authors

Journals

citations
Cited by 1 publication
(2 citation statements)
references
References 12 publications
0
2
0
Order By: Relevance
“…Data integrity attacks [13,21,25,29,40,41,48,49,53,55,[59][60][61][62]70,75,76] Unusual consumption behaviors and measurements [6,24,27,32,34,35,38,46,52,67,68,[71][72][73] Network intrusions [16,18,19,56,63,69] Network infrastructure anomalies [14,15,17,20,22,33,39,47,58,64] Electrical data anomalies [7,23,26,36,…”
Section: Study Object Papermentioning
confidence: 99%
See 1 more Smart Citation
“…Data integrity attacks [13,21,25,29,40,41,48,49,53,55,[59][60][61][62]70,75,76] Unusual consumption behaviors and measurements [6,24,27,32,34,35,38,46,52,67,68,[71][72][73] Network intrusions [16,18,19,56,63,69] Network infrastructure anomalies [14,15,17,20,22,33,39,47,58,64] Electrical data anomalies [7,23,26,36,…”
Section: Study Object Papermentioning
confidence: 99%
“…Monitoring CPU usage when it exceeds a predetermined threshold that could cause services to slow down, detecting RAM overload by setting a threshold on the maximum amount of usable memory, and keeping track of the number of concurrently active tasks on a machine can all support alerting of potentially compromised devices [64]. This type of monitoring has as input a large amount of log records generated by different heterogeneous devices connected in the network and could be improved by incorporating correlation and learning mechanisms.…”
Section: Network Infrastructure Anomaliesmentioning
confidence: 99%