Alarm Based Anomaly Detection of Insider Attacks in SCADA System

被引:0
作者
Nasr, Payam Mahmoudi [1 ]
Varjani, Ali Yazdian [1 ]
机构
[1] Tarbiat Modares Univ, Elect & Comp Engn Dept, Tehran, Iran
来源
2014 SMART GRID CONFERENCE (SGC) | 2014年
关键词
Insider attack; anomaly detection; security; SCADA;
D O I
暂无
中图分类号
TE [石油、天然气工业]; TK [能源与动力工程];
学科分类号
0807 ; 0820 ;
摘要
Insider attacks are one of the most dangerous threats on security of critical infrastructures. An insider attack occurs when an authorized operator misuse the permissions, and brings catastrophic damages by sending legitimate control commands. Therefore, insider attacks have great impact and higher success rate, and it is difficult to predict and protect against them. This paper, by study on the SCADA alarms, proposes a new alarm based statistical anomaly detection method to identify potential insider attacks at substations and total transmission system in power grid. To demonstrate the proposed method, two insider attack scenarios have been simulated at both substations level and transmission system. Experimental scenarios illustrate proposed method is effective, and anomalies can be detected by minimum number of alarms.
引用
收藏
页数:6
相关论文
共 50 条
[41]   A learning-based anomaly detection model of SQL attacks [J].
Xu Ruzhi ;
Deng Liwu ;
Guo Jian .
2010 IEEE INTERNATIONAL CONFERENCE ON WIRELESS COMMUNICATIONS, NETWORKING AND INFORMATION SECURITY (WCNIS), VOL 2, 2010, :639-642
[42]   TOWARDS A TAXONOMY OF CYBER ATTACKS ON SCADA SYSTEM [J].
Banga, Aashima ;
Gupta, Deep A. ;
Bathla, Ruchika .
PROCEEDINGS OF THE 2019 INTERNATIONAL CONFERENCE ON INTELLIGENT COMPUTING AND CONTROL SYSTEMS (ICCS), 2019, :343-347
[43]   Coupled-Space Attacks Against Random-Walk-Based Anomaly Detection [J].
Lai, Yuni ;
Waniek, Marcin ;
Li, Liying ;
Wu, Jingwen ;
Zhu, Yulin ;
Michalak, Tomasz P. ;
Rahwan, Talal ;
Zhou, Kai .
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 2024, 19 :9315-9329
[44]   Anomaly Detection for Insider Threats Using Unsupervised Ensembles [J].
Le, Duc C. ;
Zincir-Heywood, Nur .
IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT, 2021, 18 (02) :1152-1164
[45]   Detection of Insider Attacks Against Interior Routing Protocols [J].
Klimovski, Dragi ;
Fox, Coen ;
Branch, Philip .
2019 10TH INTERNATIONAL CONFERENCE ON INFORMATION AND COMMUNICATION TECHNOLOGY CONVERGENCE (ICTC): ICT CONVERGENCE LEADING THE AUTONOMOUS FUTURE, 2019, :549-554
[46]   Key-Recovery Attacks on KIDS, a Keyed Anomaly Detection System [J].
Tapiador, Juan E. ;
Orfila, Agustin ;
Ribagorda, Arturo ;
Ramos, Benjamin .
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2015, 12 (03) :312-325
[47]   Evaluation of Anomaly Detection Techniques for SCADA Communication Resilience [J].
Shirazi, Syed Noorulhassan ;
Gouglidis, Antonios ;
Syeda, Kanza Noor ;
Simpson, Steven ;
Mauthe, Andreas ;
Stephanakis, Ioannis M. ;
Hutchison, David .
2016 RESILIENCE WEEK (RWS), 2016, :140-145
[48]   Worst-Case Impact Assessment of Multi-Alarm Stealth Attacks Against Control Systems with CUSUM-Based Anomaly Detection [J].
Gualandi, Gabriele ;
Papadopoulos, Alessandro, V .
2023 IEEE INTERNATIONAL CONFERENCE ON AUTONOMIC COMPUTING AND SELF-ORGANIZING SYSTEMS, ACSOS, 2023, :117-126
[49]   Protocol study and anomaly detection for server-driven traffic in SCADA networks [J].
Lin, Chih-Yuan ;
Nadjm-Tehrani, Simin .
INTERNATIONAL JOURNAL OF CRITICAL INFRASTRUCTURE PROTECTION, 2023, 42
[50]   Anomaly Detection for SCADA System Security Based on Unsupervised Learning and Function Codes Analysis in the DNP3 Protocol [J].
Altaha, Mustafa ;
Hong, Sugwon .
ELECTRONICS, 2022, 11 (14)
12345