Semantic security analysis of SCADA networks to detect malicious control commands in power grids

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In the current generation of SCADA (Supervisory Control And Data Acquisition) systems used in power grids, a sophisticated attacker can exploit system vulnerabilities and use a legitimate maliciously crafted command to cause a wide range of system changes that traditional contingency analysis does not consider and remedial action schemes cannot handle. To detect such malicious commands, we propose a semantic analysis framework based on a distributed network of intrusion detection systems (IDSes). The framework combines system knowledge of both cyber and physical infrastructure in power grid to help IDS to estimate execution consequences of control commands, thus to reveal attacker's malicious intentions. We evaluated the approach on the IEEE 30-bus system. Our experiments demonstrate that: (i) by opening 3 transmission lines, an attacker can avoid detection by the traditional contingency analysis and instantly put the tested 30-bus system into an insecure state and (ii) the semantic analysis provides reliable detection of malicious commands with a small amount of analysis time.

Original languageEnglish (US)
Title of host publicationSEGS 2013 - Proceedings of the 2013 ACM Workshop on Smart Energy Grid Security, Co-located with CCS 2013
Pages29-34
Number of pages6
DOIs
StatePublished - Dec 9 2013
Event2013 1st ACM Workshop on Smart Energy Grid Security, SEGS 2013, Held in Conjunction with the 20th ACM Conference on Computer and Communications Security, CCS 2013 - Berlin, Germany
Duration: Nov 8 2013Nov 8 2013

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Other

Other2013 1st ACM Workshop on Smart Energy Grid Security, SEGS 2013, Held in Conjunction with the 20th ACM Conference on Computer and Communications Security, CCS 2013
CountryGermany
CityBerlin
Period11/8/1311/8/13

Keywords

  • contingency analysis
  • intrusion detection system
  • scada
  • semantic analysis

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Semantic security analysis of SCADA networks to detect malicious control commands in power grids'. Together they form a unique fingerprint.

Cite this