Mitigating IoT-Based Cyberattacks on the Smart Grid

Exploring the challenges of cybersecurity in the Smart Grid, focusing on IoT-triggered threats and security challenges. Discusses the need for reliable information access, confidentiality, and privacy protection in the context of evolving attack vectors. Highlights related works in intrusion detection systems and anomaly detection methods for securing Smart Grid infrastructure.

• Smart Grid
• Cybersecurity
• IoT
• Cyberattacks
• Security Challenges

shan_927 Follow

Uploaded on Sep 14, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. M ITIG ATING IO T- B A SED CY BERATTACKS O N TH E SM A RT G RID Suleyman Uludag Yasin Yilmaz, Mahsa Mozaffari Department of Computer Science University of Michigan, Flint, MI Secure and Intelligent Systems Lab sis.eng.usf.edu Department of Electrical Engineering University of South Florida, Tampa, FL

2. OUTLINE What is Smart Grid? Cybersecurity in the Smart Grid IoT-based Cyberattacks to the Smart Grid MIAMI-DIL framework Simulation results

3. WHAT IS SMART GRID? Information technology Next generation power system Need for: More reliable More efficient More Secure Greener Enables two-way data communication Real-time monitoring of smart grid Data collection purposes Existing power systems Communica tion technology Smart Grid Power Technology Advanced Computing

4. SMART GRID MODEL ?? ??1 ??? ??? ?? 1 ?? ? ?? ? ?? ?? ?? ???1 ?? ?? 1 ?? ? ?? ? ??1 ?? ??? ??? ?? ?? ?? 1 ?? ? ?? ?

5. CYBERSECURITY IN SMART GRID Reliable access to Information: DoS attacks Availability Ensure information authenticity: False data Integrity Injection Confidentiality Protect personal privacy

6. IOT-TRIGGERED THREATS Smart Grid connected to huge number of IoT devices through smart meters Low security level in simple IoT devices New Genre of attack vectors : IoT-triggered attacks An example : Mirai Botnet Victim Attacker 1 server 1 This Photo by Unknown Author is licensed under CC BY-SA

7. SECURITY CHALLENGES IN SMART GRID High dimensionality Mitigation methods should address these challenges Quick Detection Uncertainty Dynamicity

8. RELATED WORKS 1 Specification based IDS 2 Configuration based IDS 3 Anomaly Detection on Encrypted Traffic 4 Randomization based IDS 5 Distributed IDS in a multi-layer network architecture of smart grid 6 Real time anomaly based IDS utilizing stream data mining 1R. Berthier and W. H. Sanders, Specification-Based Intrusion Detection for Advanced Metering Infrastructures, in 2011 IEEE 17th Pacific Rim International Symposium on Dependable Computing. IEEE, dec 2011,pp. 184 193. 2 M. Q. Ali and E. Al-shaer, Configuration-based IDS for Advanced Metering Infrastructure, Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, pp. 451 462, 2013. 3 R. Berthier, D. I. Urbina, A. A. Cardenas, M. Guerrero, U. Herberg, J. G. Jetcheva, D. Mashima, J. H. Huh, and R. B. Bobba, On the practicality of detecting anomalies with encrypted traffic in AMI, in 2014 IEEE International Conference on Smart Grid Communications (SmartGridComm). IEEE, nov 2014, pp. 890 895. 4 M. Q. Ali and E. Al-Shaer, Randomization-Based Intrusion Detection System for Advanced Metering Infrastructure, ACM Transactions on Information and System Security, vol. 18, no. 2, pp. 7:1 -7:30, dec 2015. 5Y. Zhang, L. Wang, W. Sun, R. C. G. Ii, and M. Alam, Distributed Intrusion Detection System in a Multi-Layer Network Architecture of Smart Grids, IEEE Transactions on Smart Grid, vol. 2, no. 4, pp. 796 808, dec 2011. 6F. A. A. Alseiari and Z. Aung, Real-time anomaly-based distributed intrusion detection systems for advanced Metering Infrastructure utilizing stream data mining, in 2015 International Conference on Smart Grid and Clean Energy Technologies (ICSGCE). IEEE, oct 2015, pp.148 153.

9. THE MITIGATION APPROACH M I A M I - D I L : M I N I M A L LY I N VA S I V E AT TAC K M I T I G AT I O N V I A D E T E C T I O N , I S O L AT I O N , L O C A L I Z AT I O N

10. MIAMI-DIL FRAMEWORK Detection of Anomaly Isolation Localization Real-time detection by ODIT

11. UNDERPINNING ANOMALY DETECTION ALGORITHM: ONLINE DISCREPANCY TEST (ODIT) Timely and Accurate detection of CUSUM ODIT Online Non-parametric Simplicity of GEM approach 1,2 1A. O. Hero III, Geometric entropy minimization (GEM) for anomaly detection and localization , In Proc. Advances in Neural Information Processing Systems (NIPS), pp. 585 592, 2006. 2 K. Srichanran and A. O. Hero III, Efficient anomaly detection using bipartite k-NN graphs , In Proc. Advances in Neural Information Processing Systems (NIPS), pp. 478 486, 2011.

12. ODIT: TRAINING Training set ? = ?1,?2, ,?? of non- attack data

13. ODIT: TRAINING Training set ? = ?1,?2, ,?? of non- attack data Randomly separates into two sets ??1,??2

14. ODIT: TRAINING Training set ? = ?1,?2, ,?? of non- attack data Randomly separates into two sets ??1,??2 for each point in ??1find kNN from ??2

15. ODIT: TRAINING Training set ? = ?1,?2, ,?? of non- attack data Randomly separates into two sets ??1,??2 ?? for each point in ??1find kNN from ??2 ?1 from ??1 with the Select M points ?? smallest total edge length ?? = Mth smallest total edge length

16. ODIT: TEST For each test point ?? find total edge length to kNN from ??2 ??= ?? ?? : positive/negative evidence for anomaly

17. ODIT: TEST For each test point ?? find total edge length to kNN from ??2 ??= ?? ?? : positive/negative evidence for anomaly Accumulate anomaly evidences over time ??= max ?? 1 Declare anomaly when evidence exceeds threshold ?? ??= 0 ?? + ?? ,0 ,?0 ?? } ??= min{?: ?? Threshold selected to strike a balance between early detection and small false alarm rate

18. SYSTEM-WIDE IDS Hierarchical and distributed IDS ??, ??,?? Each level monitors the lower level and computes a statistic ?? ??1 ??? ??? ?, ??? ?? Statistics propagate upwards ?? 1 ?? ? ?? ? ??, ??,??: anomaly evidences at different levels of hierarchy ???1 ???1 ?? ?? ?? ?? ?? ?? ?? ?? 3 ODITs run ?? 1 ?? ? ?? ? ??= min ?: ?? ? ??= min ?: ?? ? ??= min{?: ?? ?} Anomaly declared when one alarms ??= min ??,??,?? ??1 ?? ??? ??? ?? ?? ?? ? ?? 1 ?? ?

19. ISOLATION AND LOCALIZATION OF ANOMALY Detection of Anomaly Isolation Localization Real-time detection by ODIT Temporary isolation of the suspected DAs

20. ISOLATION AND LOCALIZATION OF ANOMALY Detection of Anomaly Isolation Localization Real-time detection by ODIT Temporary isolation of the suspected DAs Detailed investigation of suspected nodes

21. AN ATTACK SCENARIO One million IoT devices Attack in 10% of HANs Attack starts at time 20 SM statistics start increasing in the attacked HANs

22. ODIT VS. CUSUM FALSE DATA INJECTION ATTACK CUSUM, like an oracle, knows the actual distribution of baseline N(0.5, 0.01) and attack data N(0.5+0.2, 0.01) G-CUSUM estimates the baseline parameters with %1 error ODIT achieves a close performance to the oracle CUSUM

23. ODIT VS. CUSUM JAMMING-TYPE DOS ATTACK Attack data N(0.5,( 0.1)2)

24. CONCLUSION With the proliferation of IoT devices and vulnerabilities associated with them, there is an increasing need to cope with IoT-based attacks MIAMI-DIL framework is proposed as an Intrusion Detection System in Smart Grid Scalable Online Non-parametric Protocol-agnostic & free from any data type assumptions ODIT is capable of timely and accurately detecting attacks

25. Thank you