On Specification-based Cyber-Attack Detection in Smart Grids
\"Omer Sen Dennis van der Velde, Maik L\"uhman, Florian Spr\"unken,, Immanuel Hacker, Andreas Ulbig, Michael Andres, Martin Henze
TL;DR
This paper presents a specification-based intrusion detection system for smart grids that leverages domain knowledge and formal graph-based models to detect cyber-attacks, especially data manipulation, with high accuracy and reliability.
Contribution
It introduces a novel approach combining domain knowledge and formal graph models to generate whitelisting rules for attack detection in smart grids.
Findings
High detection accuracy for data manipulation attacks
Effective detection of attack patterns in IEC 60870-based SCADA systems
Timely and reliable identification of cyber threats
Abstract
The transformation of power grids into intelligent cyber-physical systems brings numerous benefits, but also significantly increases the surface for cyber-attacks, demanding appropriate countermeasures. However, the development, validation, and testing of data-driven countermeasures against cyber-attacks, such as machine learning-based detection approaches, lack important data from real-world cyber incidents. Unlike attack data from real-world cyber incidents, infrastructure knowledge and standards are accessible through expert and domain knowledge. Our proposed approach uses domain knowledge to define the behavior of a smart grid under non-attack conditions and detect attack patterns and anomalies. Using a graph-based specification formalism, we combine cross-domain knowledge that enables the generation of whitelisting rules not only for statically defined protocol fields but also for…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.