TY - GEN
T1 - AMI threats, intrusion detection requirements and deployment recommendations
AU - Grochocki, David
AU - Huh, Jun Ho
AU - Berthier, Robin
AU - Bobba, Rakesh
AU - Sanders, William H.
AU - Cardenas, Alvaro A.
AU - Jetcheva, Jorjeta G.
PY - 2012
Y1 - 2012
N2 - Advanced Metering Infrastructures (AMI) facilitate bidirectional communication between smart meters and utilities, allowing information about consumption, outages, and electricity rates to be shared reliably and efficiently. However, the numerous smart meters being connected through mesh networks open new opportunities for attackers to interfere with communications and compromise utilities' assets or steal customers' private information. The goal of this paper is to survey the various threats facing AMIs and the common attack techniques used to realize them in order to identify and understand the requirements for a comprehensive intrusion detection solution. The threat analysis leads to an extensive 'attack tree' that captures the attackers' key objectives (e.g., energy theft) and the individual attack steps (e.g., eavesdropping on the network) that would be involved in achieving them. With reference to the attack tree, we show the type of information that would be required to effectively detect attacks. We also suggest that the widest coverage in monitoring the attacks can be provided by a hybrid sensing infrastructure that uses both a centralized intrusion detection system and embedded meter sensors.
AB - Advanced Metering Infrastructures (AMI) facilitate bidirectional communication between smart meters and utilities, allowing information about consumption, outages, and electricity rates to be shared reliably and efficiently. However, the numerous smart meters being connected through mesh networks open new opportunities for attackers to interfere with communications and compromise utilities' assets or steal customers' private information. The goal of this paper is to survey the various threats facing AMIs and the common attack techniques used to realize them in order to identify and understand the requirements for a comprehensive intrusion detection solution. The threat analysis leads to an extensive 'attack tree' that captures the attackers' key objectives (e.g., energy theft) and the individual attack steps (e.g., eavesdropping on the network) that would be involved in achieving them. With reference to the attack tree, we show the type of information that would be required to effectively detect attacks. We also suggest that the widest coverage in monitoring the attacks can be provided by a hybrid sensing infrastructure that uses both a centralized intrusion detection system and embedded meter sensors.
UR - http://www.scopus.com/inward/record.url?scp=84876069525&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84876069525&partnerID=8YFLogxK
U2 - 10.1109/SmartGridComm.2012.6486016
DO - 10.1109/SmartGridComm.2012.6486016
M3 - Conference contribution
AN - SCOPUS:84876069525
SN - 9781467309110
T3 - 2012 IEEE 3rd International Conference on Smart Grid Communications, SmartGridComm 2012
SP - 395
EP - 400
BT - 2012 IEEE 3rd International Conference on Smart Grid Communications, SmartGridComm 2012
T2 - 2012 IEEE 3rd International Conference on Smart Grid Communications, SmartGridComm 2012
Y2 - 5 November 2012 through 8 November 2012
ER -