ARIES: A Novel Multivariate Intrusion Detection System for Smart Grid

被引:39
作者
Radoglou Grammatikis, Panagiotis [1 ]
Sarigiannidis, Panagiotis [1 ]
Efstathopoulos, Georgios [2 ]
Panaousis, Emmanouil [3 ]
机构
[1] Univ Western Macedonia, Dept Elect & Comp Engn, Kozani 50100, Greece
[2] Imperial Off, 0INF, London E6 2JG, England
[3] Univ Greenwich, Old Royal Naval Coll, Dept Comp & Informat Syst, London SE10 9LS, England
关键词
cybersecurity; Intrusion Detection System; Machine Learning; Modbus; SCADA; Smart Grid; DISCRIMINANT-ANALYSIS; NETWORKS; SECURITY; THREATS;
D O I
10.3390/s20185305
中图分类号
O65 [分析化学];
学科分类号
070302 ; 081704 ;
摘要
The advent of the Smart Grid (SG) raises severe cybersecurity risks that can lead to devastating consequences. In this paper, we present a novel anomaly-based Intrusion Detection System (IDS), called ARIES (smArt gRid Intrusion dEtection System), which is capable of protecting efficiently SG communications. ARIES combines three detection layers that are devoted to recognising possible cyberattacks and anomalies against (a) network flows, (b) Modbus/Transmission Control Protocol (TCP) packets and (c) operational data. Each detection layer relies on a Machine Learning (ML) model trained using data originating from a power plant. In particular, the first layer (network flow-based detection) performs a supervised multiclass classification, recognising Denial of Service (DoS), brute force attacks, port scanning attacks and bots. The second layer (packet-based detection) detects possible anomalies related to the Modbus packets, while the third layer (operational data based detection) monitors and identifies anomalies upon operational data (i.e., time series electricity measurements). By emphasising on the third layer, the ARIES Generative Adversarial Network (ARIES GAN) with novel error minimisation functions was developed, considering mainly the reconstruction difference. Moreover, a novel reformed conditional input was suggested, consisting of random noise and the signal features at any given time instance. Based on the evaluation analysis, the proposed GAN network overcomes the efficacy of conventional ML methods in terms of Accuracy and the F1 score.
引用
收藏
页码:1 / 20
页数:20
相关论文
共 67 条
[1]  
Albanese M., 2014, Network Science and Cybersecurity, P39
[2]   Toward Adaptive and Scalable OpenFlow-SDN Flow Control: A Survey [J].
Alsaeedi, Mohammed ;
Mohamad, Mohd Murtadha ;
Al-Roubaiey, Anas A. .
IEEE ACCESS, 2019, 7 :107346-107379
[3]   A Survey on Advanced Persistent Threats: Techniques, Solutions, Challenges, and Research Opportunities [J].
Alshamrani, Adel ;
Myneni, Sowmya ;
Chowdhary, Ankur ;
Huang, Dijiang .
IEEE COMMUNICATIONS SURVEYS AND TUTORIALS, 2019, 21 (02) :1851-1877
[4]  
[Anonymous], 2008, P 14 ACM SIGKDD INT
[5]  
[Anonymous], 2013, APPL LOGISTIC REGRES
[6]  
[Anonymous], 2014, UNDERSTANDING RANDOM, DOI DOI 10.13140/2.1.1570.5928
[7]  
Asadollahi S., 2018, 2018 IEEE INT C CURR, P1
[8]  
Bates A, 2015, PROCEEDINGS OF THE 24TH USENIX SECURITY SYMPOSIUM, P319
[9]   Advanced Metering Infrastructures: Security Risks and Mitigation [J].
Bendiab, Gueltoum ;
Grammatikakis, Konstantinos-Panagiotis ;
Koufos, Ioannis ;
Kolokotronis, Nicholas ;
Shiaeles, Stavros .
15TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY, ARES 2020, 2020,
[10]   A Survey of Deep Learning Methods for Cyber Security [J].
Berman, Daniel S. ;
Buczak, Anna L. ;
Chavis, Jeffrey S. ;
Corbett, Cherita L. .
INFORMATION, 2019, 10 (04)