EDMAND: Edge-Based Multi-Level Anomaly Detection for SCADA Networks

Wenyu Ren, Timothy Yardley, Klara Nahrstedt

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Supervisory Control and Data Acquisition (SCADA) systems play a critical role in the operation of large-scale distributed industrial systems. There are many vulnerabilities in SCADA systems and inadvertent events or malicious attacks from outside as well as inside could lead to catastrophic consequences. Network-based intrusion detection is a preferred approach to provide security analysis for SCADA systems due to its less intrusive nature. Data in SCADA network traffic can be generally divided into transport, operation, and content levels. Most existing solutions only focus on monitoring and event detection of one or two levels of data, which is not enough to detect and reason about attacks in all three levels. In this paper, we develop a novel edge-based multi-level anomaly detection framework for SCADA networks named EDMAND. EDMAND monitors all three levels of network traffic data and applies appropriate anomaly detection methods based on the distinct characteristics of data. Alerts are generated, aggregated, prioritized before sent back to control centers. A prototype of the framework is built to evaluate the detection ability and time overhead of it.

Original languageEnglish (US)
Title of host publication2018 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2018
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781538679548
DOIs
StatePublished - Dec 24 2018
Event2018 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2018 - Aalborg, Denmark
Duration: Oct 29 2018Oct 31 2018

Publication series

Name2018 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2018

Other

Other2018 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2018
CountryDenmark
CityAalborg
Period10/29/1810/31/18

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Networks and Communications
  • Computer Science Applications
  • Energy Engineering and Power Technology

Fingerprint Dive into the research topics of 'EDMAND: Edge-Based Multi-Level Anomaly Detection for SCADA Networks'. Together they form a unique fingerprint.

  • Cite this

    Ren, W., Yardley, T., & Nahrstedt, K. (2018). EDMAND: Edge-Based Multi-Level Anomaly Detection for SCADA Networks. In 2018 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2018 [8587533] (2018 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2018). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SmartGridComm.2018.8587533