22,649 research outputs found
Deep Learning-Based Intrusion Detection System for Advanced Metering Infrastructure
Smart grid is an alternative solution of the conventional power grid which
harnesses the power of the information technology to save the energy and meet
today's environment requirements. Due to the inherent vulnerabilities in the
information technology, the smart grid is exposed to a wide variety of threats
that could be translated into cyber-attacks. In this paper, we develop a deep
learning-based intrusion detection system to defend against cyber-attacks in
the advanced metering infrastructure network. The proposed machine learning
approach is trained and tested extensively on an empirical industrial dataset
which is composed of several attack categories including the scanning, buffer
overflow, and denial of service attacks. Then, an experimental comparison in
terms of detection accuracy is conducted to evaluate the performance of the
proposed approach with Naive Bayes, Support Vector Machine, and Random Forest.
The obtained results suggest that the proposed approaches produce optimal
results comparing to the other algorithms. Finally, we propose a network
architecture to deploy the proposed anomaly-based intrusion detection system
across the Advanced Metering Infrastructure network. In addition, we propose a
network security architecture composed of two types of Intrusion detection
system types, Host and Network-based, deployed across the Advanced Metering
Infrastructure network to inspect the traffic and detect the malicious one at
all the levels.Comment: 7 pages, 6 figures. 2019 NISS19: Proceedings of the 2nd International
Conference on Networking, Information Systems & Securit
A Performance Comparison of Data Mining Algorithms Based Intrusion Detection System for Smart Grid
Smart grid is an emerging and promising technology. It uses the power of
information technologies to deliver intelligently the electrical power to
customers, and it allows the integration of the green technology to meet the
environmental requirements. Unfortunately, information technologies have its
inherent vulnerabilities and weaknesses that expose the smart grid to a wide
variety of security risks. The Intrusion detection system (IDS) plays an
important role in securing smart grid networks and detecting malicious
activity, yet it suffers from several limitations. Many research papers have
been published to address these issues using several algorithms and techniques.
Therefore, a detailed comparison between these algorithms is needed. This paper
presents an overview of four data mining algorithms used by IDS in Smart Grid.
An evaluation of performance of these algorithms is conducted based on several
metrics including the probability of detection, probability of false alarm,
probability of miss detection, efficiency, and processing time. Results show
that Random Forest outperforms the other three algorithms in detecting attacks
with higher probability of detection, lower probability of false alarm, lower
probability of miss detection, and higher accuracy.Comment: 6 pages, 6 Figure
Intelligent intrusion detection system in smart grid using computational intelligence and machine learning
Smart grid systems enhanced the capability of traditional power networks while being vulnerable to different types of cyber-attacks. These vulnerabilities could cause attackers to crash into the network breaching the integrity and confidentiality of the smart grid systems. Therefore, an intrusion detection system (IDS) becomes an important way to provide a secure and reliable services in a smart grid environment. This article proposes a feature-based IDS for smart grid systems. The proposed system performance is evaluated in terms of accuracy, intrusion detection rate (DR), and false alarm rate (FAR). The obtained results show that the random forest and neural network classifiers have outperformed other classifiers. We have achieved a 0.5% FAR on KDD99 dataset and a 0.08% FAR on the NSLKDD dataset. The DR and the testing accuracy on average are 99% for both datasets
Anomaly Detection pada Intrusion Detection System Menggunakan CLIQUE Partitioning
ABSTRAKSI: Intrusi adalah semua tindakan yang mengancam ketersediaan, integritas, dan kerahasiaan sumber daya jaringan, seperti user account, file system, system kernel, dan sebagainya. Untuk mencegah terjadinya intrusi pada jaringan, dibangunlah intrusion detection system (IDS), sebuah sistem yang berfungsi untuk mengamati dan menganalisis sebuah event yang terjadi pada komputer, apakah event tersebut merupakan intrusion atau bukan. Salah satu kategori IDS adalah anomaly detection. Anomaly detection mendeteksi intrusion event berdasarkan profil data. Data yang dianggap intrusi adalah data yang mempunyai karakteristik yang berbeda dari profil data secara umum. Clustering adalah salah satu cara untuk mengetahui profil data tersebut. Ada banyak algoritma clustering yang telah diusulkan untuk anomaly detection pada IDS, salah satunya adalah CLIQUE Partitioning (CP). CP merupakan gabungan dari teknik grid-based clustering dan density-based clustering. CP membagi dataspace ke dalam subspace dan mencari cluster pada masing-masing subspace tersebut. Pengujian dilakukan untuk melihat performansi IDS dari segi computational time, completeness, dan false alarm rate. Algoritma CP mampu menghasilkan performansi yang bagus dari completeness (94.59%) dan false alarm rate (2.54%). Dari segi computational time, CP mampu menghasilkan performansi yang bagus apabila dilihat dari banyaknya tuple (peningkatan banyaknya tuple berbanding linier dengan peningkatan computational time), namun kurang bagus dari segi banyaknya atribut (peningkatan banyaknya tuple berbanding eksponensial dengan peningkatan computational time).Kata Kunci : anomaly detection, IDS, CLIQUE Partitioning, subspace, clusterABSTRACT: Intrusion is any set of event that threaten the availability, integrity, and confidentiality of network resources, such as user account, file system, system kernel, etc. To prevent this event happens, intrusion detection system (IDS), a system for observing and analyzing a computer’s event is an intrusion or not , is built. One of IDS category is anomaly detection. This category detects intrusion event based on data profile. An event is detected as intrusion if it’s characteristic is different from common data profile. Clustering is one way to observe data profile. There’s a lot of clustering algorithm proposed for anomaly detection on IDS, one of them is CLIQUE Partitioning (CP). CP is the combination of grid-based clustering and density-based clustering technique. CP divides dataspace into subspace and searches cluster in every subspace. Testing is done to analyze system’s performance based on computational time, completeness, and false alarm. CP algorithm shows good performance from completeness point of view (94.59%) and false alarm rate (2.54%). From computational time, CP shows good performance based on the amount of tuple (the escalation of the quantity of tuple is linear with the escalation of computational time), but the performance is not too good from the quantity of feature side (the escalation of the quantity of tuple is exponential with the escalation of computational time).Keyword: anomaly detection, IDS, CLIQUE Partitioning, subspace, cluste
A Security Monitoring Framework For Virtualization Based HEP Infrastructures
High Energy Physics (HEP) distributed computing infrastructures require
automatic tools to monitor, analyze and react to potential security incidents.
These tools should collect and inspect data such as resource consumption, logs
and sequence of system calls for detecting anomalies that indicate the presence
of a malicious agent. They should also be able to perform automated reactions
to attacks without administrator intervention. We describe a novel framework
that accomplishes these requirements, with a proof of concept implementation
for the ALICE experiment at CERN. We show how we achieve a fully virtualized
environment that improves the security by isolating services and Jobs without a
significant performance impact. We also describe a collected dataset for
Machine Learning based Intrusion Prevention and Detection Systems on Grid
computing. This dataset is composed of resource consumption measurements (such
as CPU, RAM and network traffic), logfiles from operating system services, and
system call data collected from production Jobs running in an ALICE Grid test
site and a big set of malware. This malware was collected from security
research sites. Based on this dataset, we will proceed to develop Machine
Learning algorithms able to detect malicious Jobs.Comment: Proceedings of the 22nd International Conference on Computing in High
Energy and Nuclear Physics, CHEP 2016, 10-14 October 2016, San Francisco.
Submitted to Journal of Physics: Conference Series (JPCS
On specification-based cyber-attack detection in smart grids
The transformation of power grids into intelligent cyber-physical systems brings numerous benefits, but also significantly increases the surface for cyber-attacks, demanding appropriate countermeasures. However, the development, validation, and testing of data-driven countermeasures against cyber-attacks, such as machine learning-based detection approaches, lack important data from real-world cyber incidents. Unlike attack data from real-world cyber incidents, infrastructure knowledge and standards are accessible through expert and domain knowledge. Our proposed approach uses domain knowledge to define the behavior of a smart grid under non-attack conditions and detect attack patterns and anomalies. Using a graph-based specification formalism, we combine cross-domain knowledge that enables the generation of whitelisting rules not only for statically defined protocol fields but also for communication flows and technical operation boundaries. Finally, we evaluate our specification-based intrusion detection system against various attack scenarios and assess detection quality and performance. In particular, we investigate a data manipulation attack in a future-orientated use case of an IEC 60870-based SCADA system that controls distributed energy resources in the distribution grid. Our approach can detect severe data manipulation attacks with high accuracy in a timely and reliable manner
A Transfer Learning Framework for Self-Adaptive Intrusion Detection in the Smart Grid based on Transferability Analysis and Domain-Adversarial Training
Machine learning is a popular approach to security monitoring and intrusion detection in cyber-physical systems (CPS) like the smart grid. General ML approaches presume that the training and testing data are generated by identical or similar independent distribution. This assumption may not hold in many real-world systems and applications like the CPS, since the system and attack dynamics may change the data distribution and thus fail the trained models. Transfer learning (TL) is a promising solution to tackle data distribution divergence problem and maintain performance when facing system and attack variations. However, there are still two challenges in introducing TL into intrusion detection: when to apply TL and how to extract effective features during TL.
To address these two challenges, this research proposes a transferability analysis and domain-adversarial training (TADA) framework. This work first proposes a divergence-based transferability analysis to decide whether to apply TL, then develops a spatial-temporal domain-adversarial (DA) training model to reduce distribution divergence between two domains and improve attack detection performance. The main contributions include: (i) A divergence-based transferability analysis to help evaluate the necessity of TL in security monitoring for CPS, such as intrusion detection in the smart grid; (ii) A spatial-temporal DA training approach to extract the spatial-temporal domain-invariant features to mitigate the impact of distribution divergence and enhance detection performance. The extensive experiments demonstrate that the transferability analysis is capable of predicting accuracy drop and determining whether to apply TL. Compared to the state-of-the-art models, TADA can achieve high and more robust detection performance under system and attack variations
DEEP LEARNING TECHNIQUES FOR DETECTION OF FALSE DATA INJECTION ATTACKS ON ELECTRIC POWER GRID
The electric power grid uses a set of measuring and switching devices for its operations and control. The data retrieved from the measuring instruments is assumed to be noisy, therefore a state estimator is used to estimate the correct values of state variables on which the system can take control actions. The modern electric power grid is dependent on communication networks for transferring these measurements, which are susceptible to intrusions from hackers. False data injection attacks (FDIA) are one of the most common attack strategies where an intruder tries to trick the underlying control system of the grid to cause disruptions without getting detected by native anomaly detection measures inbuilt in the state estimator. The native anomaly detection mechanism relies on threshold and residual based measure to flag a set of measurements as anomaly. Therefore, if the attack is devised in such a way that the intrusion can be performed without significantly affecting the residual error of state estimation it can go undetected. We propose a data augmented deep learning based solution to detect such attacks in real time.
We propose methods of generating realistic random and targeted attack simulations on standard IEEE architectures and methods of detecting them using deep learning models. We propose recurrent neural network (RNN) based architectures to detect and locate FDIAs and devices compromised in real-time. For detection we propose a supervised and an unsupervised method. Similarly, for location we propose a method to find exact devices compromised which is less practical and then move on to a more feasible and practical solution in supervised and unsupervised conditions. Being an intrusion detection system it is critical to detect all attacks which means false negatives should be penalized heavily, whereas false positives can be accommodated. Therefore, we use recall as our primary performance metric and precision recall curve to find an optimal threshold of probability score. In addition, we demonstrate how our approach is better than a residual error and other previous detection models. We also compare the performance of our models with increasing number of devices being compromised
An Anomaly Detection Scheme for DDoS Attack in Grid Computing
The demand for computing power and storage is increasing continuously and there are applications like scientific research and industrial need, whose computational demand even exceeds the available fastest technologies. As a result it is an economically feasible mean to look into efficiently aggregate existing distributed resources. To achieving this goal makes it possible to build a shared large scale wide-area distributed computing infrastructure, a concept which has been named the Grid computing. The primary objective of Grid computing is to support the sharing of resources and service spanning across multiple administrative domains. Due to the inherently dynamic and multi organizational nature maintaining security of both users and resources is the challenging aspect of Grid. Grid uses internet as an infrastructure to build communication, with the fusion of web services and grid technologies further increases the security concerns for their complex nature.
This thesis takes a look at the vulnerability of Grid environment on denial of service attack. We found that deploying an efficient intrusion detection system to Grid can significantly improve its security and it can detect denial of service attack before it affects the victim. But due to the special characteristics and requirement of Grids, the existing traditional intrusion detection system can not work properly in that environment. The focus of this thesis is to investigate and design an anomaly detection system which can detect DoS and DDoS attack with high attack detection and low false alarm rate to achieve high performance. We have extensively surveyed the current literatures in this area; the main stress is put on feature selection for the Grid based anomaly detection system. An entropy based anomaly detection system has been proposed; also we have discussed the advantage of taking entropy as the metric. Finally the performance of the system has been analyzed using NS2 network simulator.
For shake of continuity each chapter has its relevant introduction and theory. The work is also supported by list of necessary references. Attempt is made to make the thesis self-content
- …