Publication Details

Security of Smart Grid Communication

MATOUŠEK, P. Security of Smart Grid Communication. Brno: Faculty of Information Technology BUT, 2021. p. 0-0.
Czech title
Bezpečnost komunikace energetických sítí
Type
habilitation thesis
Language
English
Authors
Matoušek Petr, doc. Ing., Ph.D., M.A. (DIFS)
Keywords

smart grid, ICS communication, cyber security, anomaly detection, probabilistic
automata, statistical modeling

Abstract

Protection of industrial communication systems against cyber attacks has become
a great challenge during the past years due to the convergence of Operational
Technologies (OT) and Information Technologies (IT), adoption of the TCP/IP to
industrial networks, and the rising level of automation and intelligent control
of industrial processes. Security and safety of critical infrastructure systems
that include power plants, substations, water and gas distribution, traffic
control systems, etc., can be implemented on various levels. In this work we
focus on security of industrial system via high-level communication monitoring
and automated anomaly detection.

The first issue that should be addressed for cyber security of ICS communication
is high-level visibility of transmitted commands. For this taks we adopt
Netflow/IPFIX technology extended by meta-data obtained from ICS protocol
headers, e.g., transmitted commands, device status, requested objects, etc.
Enhanced visiblity provides rich data for detection of unexpected events like
malfunctioning or cyber attacks.

Second part of this work introduces two technique for anomaly detection of ICS
communication. The first technique models communication sequences using
probabilistic automata and observe the frequency of their occurence. If an
unknown sequence or a sequence with unexpected frequence is found, it is
considered as anomaly. The second technique applies statistical modeling where we
observe typical distribution of packet features like inter-arrival time and
direction. Using learnt distributions we create a profile of a normal
communication. When a communication deviates significantly from the learnt
profile, anomaly alarm is raised.

By combination of both technique we are able to detect common anomalies and cyber
attack vectors that are typical for smart grid communication. Application of the
presented approach can improve security of smart grid networks.

Published
2021
Pages
150
Publisher
Faculty of Information Technology BUT
Place
Brno
BibTeX 
@misc{BUT176725,
  author="Petr {Matoušek}",
  title="Security of Smart Grid Communication",
  year="2021",
  pages="150",
  publisher="Faculty of Information Technology BUT",
  address="Brno",
  url="https://www.fit.vut.cz/research/publication/12593/",
  note="habilitation thesis"
}
Files
Back to top