Publication Details
Outlier Detection in Smart Grid Communication
anomaly detection, communication pattern, smart grid, IEC 104, statistical model,
ICS, LOF method.
Industrial Control System (ICS) networks transmit control and monitoring data in
critical environments such as smart grid. Cyber attacks on smart grid
communication may cause fatal consequences on energy production, distribution,
and eventually the lives of people. Since the attacks can be initiated from both
the inside and outside of the network, traditional smart grid security tools like
firewalls or Intrusion Detection Systems (IDS), which are typically deployed on
the edge of the network, are not able to detect internal threats. For this
reason, we also need to analyze behavior of internal ICS communication. Due to
its nature, ICS traffic exhibits stable and predictable communication patterns.
These patterns can be described using statistical models. By observing selected
features of ICS network communication like packet inter arrival times, we can
create a statistical profile of the communication based on the patterns observed
in the normal communication traffic. This technique is effective, fast and easy
to implement. As our experiments show, statistical-based anomaly detection is
able to detect common security incidents in ICS communication. This paper employs
selected network packet attributes to create a statistical model for anomaly
detection using the Local Outlier Factor (LOF) algorithm. The proof-of-concept is
demonstrated on IEC 60870-5-104 (a.k.a. IEC 104) protocol.
@inproceedings{BUT175803,
author="Nelson Makau {Mutua} and Petr {Matoušek}",
title="Outlier Detection in Smart Grid Communication",
booktitle="Fast Abstracts and Student Forum Proceedings, 17th European Dependable Computing Conference",
year="2021",
pages="1--4",
address="Munich",
url="https://arxiv.org/abs/2108.12781"
}