Towards anomaly detection in smart grids by combining Complex Events Processing and SNMP objects

TL;DR

This paper presents an anomaly detection system for smart grids that combines Complex Events Processing with SNMP data to identify faults and cyber-attacks efficiently in real-time.

Contribution

It introduces a novel architecture integrating CEP and SNMP data for anomaly detection in smart grids, enhancing security and resilience.

Findings

Detection of faults and cyber-attacks was fast and efficient

The system successfully identified representative anomalies in experiments

The approach improves grid observability and security monitoring

Abstract

This paper describes the architecture and the fundamental methodology of an anomaly detector, which by continuously monitoring Simple Network Management Protocol data and by processing it as complex-events, is able to timely recognize patterns of faults and relevant cyber-attacks. This solution has been applied in the context of smart grids, and in particular as part of a security and resilience component of the Information and Communication Technologies (ICT) Gateway, a middleware-based architecture that correlates and fuses measurement data from different sources (e.g., Inverters, Smart Meters) to provide control coordination and to enable grid observability applications. The detector has been evaluated through experiments, where we selected some representative anomalies that can occur on the ICT side of the energy distribution infrastructure: non-malicious faults (indicated by patterns in the system resources usage), as well as effects of typical cyber-attacks directed to the smart grid infrastructure. The results show that the detection is promisingly fast and efficient.