Publication Details
Outlier Detection in Smart Grid Communication
anomaly detection, communication pattern, smart grid, IEC 104, statistical model, ICS, LOF method.
Industrial Control System (ICS) networks transmit control and monitoring data in critical environments such as smart grid. Cyber attacks on smart grid communication may cause fatal consequences on energy production, distribution, and eventually the lives of people. Since the attacks can be initiated from both the inside and outside of the network, traditional smart grid security tools like firewalls or Intrusion Detection Systems (IDS), which are typically deployed on the edge of the network, are not able to detect internal threats. For this reason, we also need to analyze behavior of internal ICS communication. Due to its nature, ICS traffic exhibits stable and predictable communication patterns. These patterns can be described using statistical models. By observing selected features of ICS network communication like packet inter arrival times, we can create a statistical profile of the communication based on the patterns observed in the normal communication traffic. This technique is effective, fast and easy to implement. As our experiments show, statistical-based anomaly detection is able to detect common security incidents in ICS communication. This paper employs selected network packet attributes to create a statistical model for anomaly detection using the Local Outlier Factor (LOF) algorithm. The proof-of-concept is demonstrated on IEC 60870-5-104 (a.k.a. IEC 104) protocol.
@inproceedings{BUT175803,
author="Nelson Makau {Mutua} and Petr {Matoušek}",
title="Outlier Detection in Smart Grid Communication",
booktitle="Fast Abstracts and Student Forum Proceedings, 17th European Dependable Computing Conference",
year="2021",
pages="1--4",
address="Munich",
url="https://arxiv.org/abs/2108.12781"
}