Loading...

Intrusion Detection System in Smart Grids

Beigi, Hossein | 2020

929 Viewed
  1. Type of Document: M.Sc. Thesis
  2. Language: Farsi
  3. Document No: 53297 (19)
  4. University: Sharif University of Technology
  5. Department: Computer Engineering
  6. Advisor(s): Amini, Morteza
  7. Abstract:
  8. Smart grids are the new generation of power grids that combine the power distribution grid with the communications network. The purpose of these networks is to create a secure, two-way infrastructure for the transmission of power and information. The complex structure of smart grids, along with the inherent vulnerabilities of physical systems, old devices and protocols on the network and the need for backward compatibility, have created serious cyber risks to critical assets and infrastructures. The difference between these types of networks and conventional computer networks has made the security mechanisms developed in conventional computer networks not very suitable for these types of networks. The intermittent behavior of control and measurement data, the need for low network latency, the availability of legacy devices, and the limited number of communication protocols, are the differences between smart grids and conventional IT networks. In this thesis, a framework for intrusion detection in smart grids is presented. The proposed framework utilizes both signature-based and specification-based methods simultaneously. With the help of the specification-based method, a state machine is specified by the protocol correct behavior and the value of state variables by which malware behaviors are detected in network traffic and with the help of the signature-based method by matching the network traffic with patterns known from attacks on these protocols, more precise identification of the attacks occurred. The combination of these two methods allows for the detection of unknown and known attacks more accurately and with less false-positive errors. Other key features of the proposed framework in this thesis include the possibility of dynamic operator interaction in intrusion detection decisions, dynamic extraction of states and the rules mentioned, the possibility of interoperability of intrusion detection methods, the possibility of extending the system in a distributed hierarchical smart grid, as well as simultaneous intrusion detection over several protocols. At the end of the project, after initialization, the proposed intrusion detection system has been evaluated using data recorded from a network with the Modbus protocol. Of the 12 simulated attacks, 11 were detected and one was not detected. Of the 9 identified attacks, 4 had false-positive results and two had false-negative results. Due to the limitations of using real network traffic and assuming the packets used were real network simulations, the percentage of false-positive errors cannot be calculated correctly. False-negative errors can also be reduced by increasing state and state variables as well as adding new rules
  9. Keywords:
  10. Intrusion Detection System ; Smart Distribution Networks ; Cyber Security ; Network Security ; Smart Power Grid

 Digital Object List

 Bookmark

...see more