Intrusion Detection in Industrial Networks via Data Streaming

Given the increasing threat surface of industrial networks due to distributed, Internet-of-Things (IoT) based system architectures, detecting intrusions in\ua0 Industrial IoT (IIoT) systems is all the more important, due to the safety implications of potential threats. The continuously generated data in such systems form both a challenge but also a possibility: data volumes/rates are high and require processing and communication capacity but they contain information useful for system operation and for detection of unwanted situations.In this chapter we explain that\ua0 stream processing (a.k.a. data streaming) is an emerging useful approach both for general applications and for intrusion detection in particular, especially since it can enable data analysis to be carried out in the continuum of edge-fog-cloud distributed architectures of industrial networks, thus reducing communication latency and gradually filtering and aggregating data volumes. We argue that usefulness stems also due to\ua0 facilitating provisioning of agile responses, i.e. due to potentially smaller latency for intrusion detection and hence also improved possibilities for intrusion mitigation. In the chapter we outline architectural features of IIoT networks, potential threats and examples of state-of-the art intrusion detection methodologies. Moreover, we give an overview of how leveraging distributed and parallel execution of streaming applications in industrial setups can influence the possibilities of protecting these systems. In these contexts, we give examples using electricity networks (a.k.a. Smart Grid systems).We conclude that future industrial networks, especially their Intrusion Detection Systems (IDSs), should take advantage of data streaming concept by decoupling semantics from the deployment

A Comprehensive Survey on the Cyber-Security of Smart Grids: Cyber-Attacks, Detection, Countermeasure Techniques, and Future Directions

One of the significant challenges that smart grid networks face is cyber-security. Several studies have been conducted to highlight those security challenges. However, the majority of these surveys classify attacks based on the security requirements, confidentiality, integrity, and availability, without taking into consideration the accountability requirement. In addition, some of these surveys focused on the Transmission Control Protocol/Internet Protocol (TCP/IP) model, which does not differentiate between the application, session, and presentation and the data link and physical layers of the Open System Interconnection (OSI) model. In this survey paper, we provide a classification of attacks based on the OSI model and discuss in more detail the cyber-attacks that can target the different layers of smart grid networks communication. We also propose new classifications for the detection and countermeasure techniques and describe existing techniques under each category. Finally, we discuss challenges and future research directions

Effective Management of Energy Internet in Renewable Hybrid Microgrids : A Secured Data Driven Resilient Architecture

This paper proposes a two-layer in-depth secured management architecture for the optimal operation of energy internet in hybrid microgrids considering wind turbines, photovoltaics, fuel cell unit, and microturbines. In the physical layer of the proposed architecture, the operation of the grid is formulated as a single objective problem that is solved using teacher learning-based optimization (TLBO). Regarding the cyber layer of the proposed architecture, a two-level intrusion detection system (IDS) is proposed to detect various cyber-attacks (i.e. Sybil attacks, spoofing attacks, false data injection attacks) on wireless-based advanced metering infrastructures. The sequential probability ratio testing (SPRT) approach is utilized in both levels of the proposed IDS to detect cyber-attacks based on a sequence of anomalies rather than only one piece of evidence. The feasibility and performance of the proposed architecture are examined on IEEE 33-bus test system and the results are provided for both islanded and grid-connected operation modes.©2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.fi=vertaisarvioitu|en=peerReviewed

A data quarantine model to secure data in edge computing

Edge computing provides an agile data processing platform for latency-sensitive and communication-intensive applications through a decentralized cloud and geographically distributed edge nodes. Gaining centralized control over the edge nodes can be challenging due to security issues and threats. Among several security issues, data integrity attacks can lead to inconsistent data and intrude edge data analytics. Further intensification of the attack makes it challenging to mitigate and identify the root cause. Therefore, this paper proposes a new concept of data quarantine model to mitigate data integrity attacks by quarantining intruders. The efficient security solutions in cloud, ad-hoc networks, and computer systems using quarantine have motivated adopting it in edge computing. The data acquisition edge nodes identify the intruders and quarantine all the suspected devices through dimensionality reduction. During quarantine, the proposed concept builds the reputation scores to determine the falsely identified legitimate devices and sanitize their affected data to regain data integrity. As a preliminary investigation, this work identifies an appropriate machine learning method, linear discriminant analysis (LDA), for dimensionality reduction. The LDA results in 72.83% quarantine accuracy and 0.9 seconds training time, which is efficient than other state-of-the-art methods. In future, this would be implemented and validated with ground truth data

Reinforcing Data Integrity in Renewable Hybrid AC-DC Microgrids from Social-Economic Perspectives

The microgrid (MG) is a complicated cyber-physical system that operates based on interactions between physical processes and computational components, which make it vulnerable to varied cyber-attacks. In this paper, the impact of data integrity attack (DIA) has been considered, as one of the most dangerous cyber threats to MGs, on the steady-state operation of hybrid MGs (HMGs). Additionally, a novel method based on sequential hypothesis testing (SHT) approach, is proposed to detect DIA on the renewable energy sources’ metering infrastructure and improve the data security within the HMGs. The proposed method generates a binary sample, which is used to compute a test statistic that is further used against two thresholds to decide among three alternatives. The performance of the suggested method is examined using an IEEE standard test system. The results illustrated the acceptable performance of the proposed methodology in detection of DIAs. Also, to evaluate the effect of DIA on the operation of the HMGs, DIAs with different severities are launched on the measured power generation of renewable energy resources (RESs) like wind turbine (WT). The results of this part showed that a successful DIA on renewable units can severely affect the operation of electric grids and cause serious damages.© 2022 Copyright held by the owner/author(s), published by Association for Computing Machinery (ACM). This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in ACM Transactions on Sensor Networks, http://dx.doi.org/10.1145/3512891. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]=vertaisarvioitu|en=peerReviewed

ARIES: a novel multivariate intrusion detection system for smart grid

The advent of the Smart Grid (SG) raises severe cybersecurity risks that can lead to devastating consequences. In this paper, we present a novel anomaly-based Intrusion Detection System (IDS), called ARIES (smArt gRid Intrusion dEtection System), which is capable of protecting efficiently SG communications. ARIES combines three detection layers that are devoted to recognising possible cyberattacks and anomalies against (a) network flows, (b) Modbus/Transmission Control Protocol (TCP) packets and (c) operational data. Each detection layer relies on a Machine Learning (ML) model trained using data originating from a power plant. In particular, the first layer (network flow-based detection) performs a supervised multiclass classification, recognising Denial of Service (DoS), brute force attacks, port scanning attacks and bots. The second layer (packet-based detection) detects possible anomalies related to the Modbus packets, while the third layer (operational data based detection) monitors and identifies anomalies upon operational data (i.e., time series electricity measurements). By emphasising on the third layer, the ARIES Generative Adversarial Network (ARIES GAN) with novel error minimisation functions was developed, considering mainly the reconstruction difference. Moreover, a novel reformed conditional input was suggested, consisting of random noise and the signal features at any given time instance. Based on the evaluation analysis, the proposed GAN network overcomes the efficacy of conventional ML methods in terms of Accuracy and the F1 score

Towards Cyber Security for Low-Carbon Transportation: Overview, Challenges and Future Directions

In recent years, low-carbon transportation has become an indispensable part as sustainable development strategies of various countries, and plays a very important responsibility in promoting low-carbon cities. However, the security of low-carbon transportation has been threatened from various ways. For example, denial of service attacks pose a great threat to the electric vehicles and vehicle-to-grid networks. To minimize these threats, several methods have been proposed to defense against them. Yet, these methods are only for certain types of scenarios or attacks. Therefore, this review addresses security aspect from holistic view, provides the overview, challenges and future directions of cyber security technologies in low-carbon transportation. Firstly, based on the concept and importance of low-carbon transportation, this review positions the low-carbon transportation services. Then, with the perspective of network architecture and communication mode, this review classifies its typical attack risks. The corresponding defense technologies and relevant security suggestions are further reviewed from perspective of data security, network management security and network application security. Finally, in view of the long term development of low-carbon transportation, future research directions have been concerned.Comment: 34 pages, 6 figures, accepted by journal Renewable and Sustainable Energy Review