A Detection and Response Architecture for Stealthy Attacks on Cyber-Physical Systems
DOI: http://dx.doi.org/10.30630/joiv.7.3.1323
Abstract
Keywords
Full Text:
PDFReferences
[Online]. Available: https://www.se.com.sa/en-us/customers/Pages/ SmartMeters.aspx
T. Shawly, J. Liu, N. Burow, S. Bagchi, R. Berthier, and R. B. Bobba, “A risk assessment tool for advanced metering infrastructures,†in 2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014, 2015. doi: 10.1109/SmartGridComm.2014.7007777.
[Online]. Available: https://kts-intek.com/embee-iot-platform/home-area-network/
R. Anderson and S. Fuloria, “Who Controls the off Switch?,†in 2010 First IEEE International Conference on Smart Grid Communications, Oct. 2010, pp. 96–101. doi: 10.1109/SMARTGRID.2010.5622026.
National Electric Sector Cybersecurity Organization Resource (NESCOR). Electric sector failure scenarios and impact analyses. Technical report, EPRI, 2013.
A. Alromih, J. A. Clark, and P. Gope, “Electricity Theft Detection in the Presence of Prosumers Using a Cluster-based Multi-feature Detection Model,†in 2021 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm), Oct. 2021, pp. 339–345. doi: 10.1109/SmartGridComm51999.2021.9632322.
S. McLaughlin, B. Holbert, S. Zonouz, and R. Berthier, “AMIDS: A multi-sensor energy theft detection framework for advanced metering infrastructures,†in 2012 IEEE Third International Conference on Smart Grid Communications (SmartGridComm), Nov. 2012, pp. 354–359. doi: 10.1109/SmartGridComm.2012.6486009.
D. Grochocki et al., “AMI threats, intrusion detection requirements and deployment recommendations,†in 2012 IEEE Third International Conference on Smart Grid Communications (SmartGridComm), Nov. 2012, pp. 395–400. doi: 10.1109/SmartGridComm.2012.6486016.
R. Berthir, W. Sanders. “Monitoring Advanced Metering Infrastructures with Amilyzer,†Proceedings of CESAR: The Computer and Electronics Security Applications Rendezvous, Rennes, France, Nov. 19-21, 2013.
SecAMI tool. [Online]. Available: https://github.com/nburow/SecAMI/
A. Ahmadian Ramaki, A. Rasoolzadegan, and A. Javan Jafari, “A systematic review on intrusion detection based on the Hidden Markov Model,†Statistical Analysis and Data Mining: The ASA Data Science Journal, vol. 11, no. 3, pp. 111–134, Jun. 2018, doi: 10.1002/sam.11377.
J. Navarro, A. Deruyver, and P. Parrend, “A systematic survey on multi-step attack detection,†Comput Secur, vol. 76, pp. 214–249, Jul. 2018, doi: 10.1016/j.cose.2018.03.001.
H. Zhao et al., “An enhanced intrusion detection method for AIM of smart grid,†J Ambient Intell Humaniz Comput, Feb. 2023, doi: 10.1007/s12652-023-04538-4.
J. Ding, A. Qammar, Z. Zhang, A. Karim, and H. Ning, “Cyber Threats to Smart Grids: Review, Taxonomy, Potential Solutions, and Future Directions,†Energies (Basel), vol. 15, no. 18, p. 6799, Sep. 2022, doi: 10.3390/en15186799.
A. M. Khattak, S. I. Khanji, and W. A. Khan, “Smart Meter Security: Vulnerabilities, Threat Impacts, and Countermeasures,†2019, pp. 554–562. doi: 10.1007/978-3-030-19063-7_44.
M. Shokry, A. I. Awad, M. K. Abd-Ellah, and A. A. M. Khalaf, “Systematic survey of advanced metering infrastructure security: Vulnerabilities, attacks, countermeasures, and future vision,†Future Generation Computer Systems, vol. 136, pp. 358–377, Nov. 2022, doi: 10.1016/j.future.2022.06.013.
A. Goudarzi, F. Ghayoor, M. Waseem, S. Fahad, and I. Traore, “A Survey on IoT-Enabled Smart Grids: Emerging, Applications, Challenges, and Outlook,†Energies (Basel), vol. 15, no. 19, p. 6984, Sep. 2022, doi: 10.3390/en15196984.
P. A. Schirmer and I. Mporas, “Non-Intrusive Load Monitoring: A Review,†IEEE Trans Smart Grid, vol. 14, no. 1, pp. 769–784, Jan. 2023, doi: 10.1109/TSG.2022.3189598.
C. Song, Y. Sun, G. Han, and J. J. P. C. Rodrigues, “Intrusion detection based on hybrid classifiers for smart grid,†Computers & Electrical Engineering, vol. 93, p. 107212, Jul. 2021, doi: 10.1016/j.compeleceng.2021.107212.
R. Yao, N. Wang, Z. Liu, P. Chen, and X. Sheng, “Intrusion Detection System in the Advanced Metering Infrastructure: A Cross-Layer Feature-Fusion CNN-LSTM-Based Approach,†Sensors, vol. 21, no. 2, p. 626, Jan. 2021, doi: 10.3390/s21020626.
T. Yang, Y. Liu, and W. Li, “Attack and defence methods in cyberâ€physical power system,†IET Energy Systems Integration, vol. 4, no. 2, pp. 159–170, Jun. 2022, doi: 10.1049/esi2.12068.
Z. A. Khan and A. S. Namin, “A Survey of DDOS Attack Detection Techniques for IoT Systems Using BlockChain Technology,†Electronics (Basel), vol. 11, no. 23, p. 3892, Nov. 2022, doi: 10.3390/electronics11233892.
Y. Javed, M. Felemban, T. Shawly, J. Kobes, and A. Ghafoor, “A Partition-Driven Integrated Security Architecture for Cyberphysical Systems,†Computer (Long Beach Calif), vol. 53, no. 3, pp. 47–56, Mar. 2020, doi: 10.1109/MC.2019.2914906.
L. R. Rabiner, “A tutorial on hidden Markov models and selected applications in speech recognition,†Proceedings of the IEEE, vol. 77, no. 2, pp. 257–286, 1989, doi: 10.1109/5.18626.
D. Ourston, S. Matzner, W. Stump, and B. Hopkins, “Applications of hidden Markov models to detecting multi-stage network attacks,†in 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the, 2003, p. 10 pp. doi: 10.1109/HICSS.2003.1174909.
S. A. Zonouz, H. Khurana, W. H. Sanders, and T. M. Yardley, “RRE: A Game-Theoretic Intrusion Response and Recovery Engine,†IEEE Transactions on Parallel and Distributed Systems, vol. 25, no. 2, pp. 395–406, Feb. 2014, doi: 10.1109/TPDS.2013.211.
S. Iannucci and S. Abdelwahed, “Model-Based Response Planning Strategies for Autonomic Intrusion Protection,†ACM Transactions on Autonomous and Adaptive Systems, vol. 13, no. 1, pp. 1–23, Mar. 2018, doi: 10.1145/3168446.
E. Miehling, M. Rasouli, and D. Teneketzis, “A POMDP Approach to the Dynamic Defense of Large-Scale Cyber Networks,†IEEE Transactions on Information Forensics and Security, vol. 13, no. 10, pp. 2490–2505, Oct. 2018, doi: 10.1109/TIFS.2018.2819967.
A. Beynier, F. Charpillet, D. Szer, and A.-I. Mouaddib, “DEC-MDP/POMDP,†in Markov Decision Processes in Artificial Intelligence, Hoboken, NJ USA: John Wiley & Sons, Inc., 2013, pp. 277–318. doi: 10.1002/9781118557426.ch9.
T. Shawly, A. Elghariani, J. Kobes, and A. Ghafoor, “Architectures for Detecting Interleaved Multi-stage Network Attacks Using Hidden Markov Models,†IEEE Trans Dependable Secure Comput, pp. 1–1, 2019, doi: 10.1109/TDSC.2019.2948623.
T. Shawly, M. Khayat, A. Elghariani, and A. Ghafoor, “Evaluation of HMM-Based Network Intrusion Detection System for Multiple Multi-Stage Attacks,†IEEE Netw, vol. 34, no. 3, pp. 240–248, May 2020, doi: 10.1109/MNET.001.1900426.
Snort intrusion detection/prevention system. [Online]. Available: https://www.snort.org