Accurate Automata-Based Detection of Cyber Threats in Smart Grid Communication
The result's identifiers
Result code in IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F22%3APU145949" target="_blank" >RIV/00216305:26230/22:PU145949 - isvavai.cz</a>
Result on the web
<a href="https://ieeexplore.ieee.org/document/9927376" target="_blank" >https://ieeexplore.ieee.org/document/9927376</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.1109/TSG.2022.3216726" target="_blank" >10.1109/TSG.2022.3216726</a>
Alternative languages
Result language
angličtina
Original language name
Accurate Automata-Based Detection of Cyber Threats in Smart Grid Communication
Original language description
Several industry sectors, including critical infrastructure, have experienced severe cyber attacks against their Industrial Control Systems (ICS) due to the malware that masqueraded itself as a legitimate ICS process and communicated with valid ICS messages. Such behavior is difficult to detect by standard techniques. Intrusion Detection Systems (IDS) usually filter illegitimate communication using pre-defined patterns while statistical-based Anomaly Detection Systems (ADS) mostly observe selected attributes of transmitted packets without deeper analysis of ICS messages. We propose a new detection approach based on Deterministic Probabilistic Automata (DPAs) that capture the intended semantics of the ICS message exchange. The method models normal ICS message sequences using a set of DPAs representing expected traffic patterns. Then the detection system applies reasoning about the model to reveal a malicious activity in the ICS traffic expressed by unexpected ICS messages. In this paper, we significantly improve the performance of the automata-based detection method and reduce its false-positive rate. We also present a technique that produces additional details about detected anomalies, which is important for real-world deployment. The approach is demonstrated on IEC 104 or MMS communication from different ICS systems.
Czech name
—
Czech description
—
Classification
Type
J<sub>SC</sub> - Article in a specialist periodical, which is included in the SCOPUS database
CEP classification
—
OECD FORD branch
20206 - Computer hardware and architecture
Result continuities
Project
<a href="/en/project/VI20192022138" target="_blank" >VI20192022138: Security monitoring of ICS communication in the smart grid</a><br>
Continuities
P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)
Others
Publication year
2022
Confidentiality
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Data specific for result type
Name of the periodical
IEEE Transactions on Smart Grid
ISSN
1949-3053
e-ISSN
1949-3061
Volume of the periodical
2022
Issue of the periodical within the volume
1
Country of publishing house
US - UNITED STATES
Number of pages
14
Pages from-to
1-14
UT code for WoS article
—
EID of the result in the Scopus database
2-s2.0-85141545608