Accurate Automata-Based Detection of Cyber Threats in Smart Grid Communication

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F22%3APU145949" target="_blank" >RIV/00216305:26230/22:PU145949 - isvavai.cz</a>

Výsledek na webu

<a href="https://ieeexplore.ieee.org/document/9927376" target="_blank" >https://ieeexplore.ieee.org/document/9927376</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1109/TSG.2022.3216726" target="_blank" >10.1109/TSG.2022.3216726</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Accurate Automata-Based Detection of Cyber Threats in Smart Grid Communication

Popis výsledku v původním jazyce

Several industry sectors, including critical infrastructure, have experienced severe cyber attacks against their Industrial Control  Systems (ICS) due to the malware that masqueraded itself as a legitimate ICS process and communicated with valid ICS messages. Such behavior is difficult to detect by standard techniques. Intrusion Detection Systems (IDS) usually filter illegitimate communication using pre-defined patterns while statistical-based Anomaly Detection Systems (ADS) mostly observe selected attributes of transmitted packets without deeper analysis of ICS messages. We propose a new detection approach based on Deterministic Probabilistic Automata (DPAs) that capture the intended semantics of the ICS message exchange. The method models normal ICS message sequences using a set of DPAs representing expected traffic patterns. Then the detection system applies reasoning about the model to reveal a malicious activity in the ICS traffic expressed by unexpected ICS messages. In this paper, we significantly improve the performance of the automata-based detection method and reduce its false-positive rate. We also present a technique that produces additional details about detected anomalies, which is important for real-world deployment. The approach is demonstrated on IEC 104 or MMS communication from different ICS systems.

Název v anglickém jazyce

Accurate Automata-Based Detection of Cyber Threats in Smart Grid Communication

Popis výsledku anglicky

Several industry sectors, including critical infrastructure, have experienced severe cyber attacks against their Industrial Control  Systems (ICS) due to the malware that masqueraded itself as a legitimate ICS process and communicated with valid ICS messages. Such behavior is difficult to detect by standard techniques. Intrusion Detection Systems (IDS) usually filter illegitimate communication using pre-defined patterns while statistical-based Anomaly Detection Systems (ADS) mostly observe selected attributes of transmitted packets without deeper analysis of ICS messages. We propose a new detection approach based on Deterministic Probabilistic Automata (DPAs) that capture the intended semantics of the ICS message exchange. The method models normal ICS message sequences using a set of DPAs representing expected traffic patterns. Then the detection system applies reasoning about the model to reveal a malicious activity in the ICS traffic expressed by unexpected ICS messages. In this paper, we significantly improve the performance of the automata-based detection method and reduce its false-positive rate. We also present a technique that produces additional details about detected anomalies, which is important for real-world deployment. The approach is demonstrated on IEC 104 or MMS communication from different ICS systems.

Druh

J_SC - Článek v periodiku v databázi SCOPUS

CEP obor

—

OECD FORD obor

20206 - Computer hardware and architecture

Projekt

<a href="/cs/project/VI20192022138" target="_blank" >VI20192022138: Bezpečnostní monitorování řídicí komunikace ICS v energetických sítích (BONNET)</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2022

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název periodika

IEEE Transactions on Smart Grid

ISSN

1949-3053

e-ISSN

1949-3061

Svazek periodika

2022

Číslo periodika v rámci svazku

1

Stát vydavatele periodika

US - Spojené státy americké

Počet stran výsledku

14

Strana od-do

1-14

Kód UT WoS článku

—

EID výsledku v databázi Scopus

2-s2.0-85141545608