2021
Ilias Siniosoglou; Panagiotis Radoglou-Grammatikis; Georgios Efstathopoulos; Panagiotis Fouliras; Panagiotis Sarigiannidis
A Unified Deep Learning Anomaly Detection and Classification Approach for Smart Grid Environments Journal Article
In: {IEEE} Transactions on Network and Service Management, vol. 1, no. 1, pp. 1, 2021.
Περίληψη | BibTeX | Ετικέτες: Anomaly Detection, Auto-encoder, Cybersecurity, Deep Learning, Generative Adversarial Network, machine learning, Modbus, Smart Grid | Σύνδεσμοι:
@article{Siniosoglou2021b,
title = {A Unified Deep Learning Anomaly Detection and Classification Approach for Smart Grid Environments},
author = {Ilias Siniosoglou and Panagiotis Radoglou-Grammatikis and Georgios Efstathopoulos and Panagiotis Fouliras and Panagiotis Sarigiannidis},
url = {https://www.researchgate.net/publication/351344684_A_Unified_Deep_Learning_Anomaly_Detection_and_Classification_Approach_for_Smart_Grid_Environments},
doi = {10.1109/TNSM.2021.3078381},
year = {2021},
date = {2021-05-07},
journal = {{IEEE} Transactions on Network and Service Management},
volume = {1},
number = {1},
pages = {1},
abstract = {The interconnected and heterogeneous nature of the next-generation Electrical Grid (EG), widely known as Smart Grid (SG), bring severe cybersecurity and privacy risks that can also raise domino effects against other Critical Infrastructures (CIs). In this paper, we present an Intrusion Detection System (IDS) specially designed for the SG environments that use Modbus/Transmission Control Protocol (TCP) and Distributed Network Protocol 3 (DNP3) protocols. The proposed IDS called MENSA (anoMaly dEtection aNd claSsificAtion) adopts a novel Autoencoder-Generative Adversarial Network (GAN) architecture for (a) detecting operational anomalies and (b) classifying Modbus/TCP and DNP3 cyberattacks. In particular, MENSA combines the aforementioned Deep Neural Networks (DNNs) in a common architecture, taking into account the adversarial loss and the reconstruction difference. The proposed IDS is validated in four real SG evaluation environments, namely (a) SG lab, (b) substation, (c) hydropower plant and (d) power plant, solving successfully an outlier detection (i.e., anomaly detection) problem as well as a challenging multiclass classification problem consisting of 14 classes (13 Modbus/TCP cyberattacks and normal instances). Furthermore, MENSA can discriminate five cyberattacks against DNP3. The evaluation results demonstrate the efficiency of MENSA compared to other Machine Learning (ML) and Deep Learning (DL) methods in terms of Accuracy, False Positive Rate (FPR), True Positive Rate (TPR) and the F1 score.},
keywords = {Anomaly Detection, Auto-encoder, Cybersecurity, Deep Learning, Generative Adversarial Network, machine learning, Modbus, Smart Grid},
pubstate = {published},
tppubtype = {article}
}
The interconnected and heterogeneous nature of the next-generation Electrical Grid (EG), widely known as Smart Grid (SG), bring severe cybersecurity and privacy risks that can also raise domino effects against other Critical Infrastructures (CIs). In this paper, we present an Intrusion Detection System (IDS) specially designed for the SG environments that use Modbus/Transmission Control Protocol (TCP) and Distributed Network Protocol 3 (DNP3) protocols. The proposed IDS called MENSA (anoMaly dEtection aNd claSsificAtion) adopts a novel Autoencoder-Generative Adversarial Network (GAN) architecture for (a) detecting operational anomalies and (b) classifying Modbus/TCP and DNP3 cyberattacks. In particular, MENSA combines the aforementioned Deep Neural Networks (DNNs) in a common architecture, taking into account the adversarial loss and the reconstruction difference. The proposed IDS is validated in four real SG evaluation environments, namely (a) SG lab, (b) substation, (c) hydropower plant and (d) power plant, solving successfully an outlier detection (i.e., anomaly detection) problem as well as a challenging multiclass classification problem consisting of 14 classes (13 Modbus/TCP cyberattacks and normal instances). Furthermore, MENSA can discriminate five cyberattacks against DNP3. The evaluation results demonstrate the efficiency of MENSA compared to other Machine Learning (ML) and Deep Learning (DL) methods in terms of Accuracy, False Positive Rate (FPR), True Positive Rate (TPR) and the F1 score.
2020
P. Radoglou-Grammatikis; I. Siniosoglou; T. Liatifis; A. Kourouniadis; K. Rompolos; P. Sarigiannidis
Implementation and detection of modbus cyberattacks Conference
2020.
Περίληψη | BibTeX | Ετικέτες: intrusion detection system, Modbus, Smart Grid, Smod, Supervisory Control and Data Acquisition | Σύνδεσμοι:
@conference{Radoglou-Grammatikis2020,
title = {Implementation and detection of modbus cyberattacks},
author = { P. Radoglou-Grammatikis and I. Siniosoglou and T. Liatifis and A. Kourouniadis and K. Rompolos and P. Sarigiannidis},
url = {https://www.researchgate.net/publication/344386530_Implementation_and_Detection_of_Modbus_Cyberattacks},
doi = {10.1109/MOCAST49295.2020.9200287},
year = {2020},
date = {2020-01-01},
journal = {2020 9th International Conference on Modern Circuits and Systems Technologies, MOCAST 2020},
abstract = {Supervisory Control and Data Acquisition (SCADA) systems play a significant role in Critical Infrastructures (CIs) since they monitor and control the automation processes of the industrial equipment. However, SCADA relies on vulnerable communication protocols without any cybersecurity mechanism, thereby making it possible to endanger the overall operation of the CI. In this paper, we focus on the Modbus/TCP protocol, which is commonly utilised in many CIs and especially in the electrical grid. In particular, our contribution is twofold. First, we study and enhance the cyberattacks provided by the Smod pen-testing tool. Second, we introduce an anomaly-based Intrusion Detection System (IDS) capable of detecting Denial of Service (DoS) cyberattacks related to Modbus/TCP. The efficacy of the proposed IDS is demonstrated by utilising real data stemming from a hydropower plant. The accuracy and the F1 score of the proposed IDS reach 81% and 77% respectively. © 2020 IEEE.},
keywords = {intrusion detection system, Modbus, Smart Grid, Smod, Supervisory Control and Data Acquisition},
pubstate = {published},
tppubtype = {conference}
}
Supervisory Control and Data Acquisition (SCADA) systems play a significant role in Critical Infrastructures (CIs) since they monitor and control the automation processes of the industrial equipment. However, SCADA relies on vulnerable communication protocols without any cybersecurity mechanism, thereby making it possible to endanger the overall operation of the CI. In this paper, we focus on the Modbus/TCP protocol, which is commonly utilised in many CIs and especially in the electrical grid. In particular, our contribution is twofold. First, we study and enhance the cyberattacks provided by the Smod pen-testing tool. Second, we introduce an anomaly-based Intrusion Detection System (IDS) capable of detecting Denial of Service (DoS) cyberattacks related to Modbus/TCP. The efficacy of the proposed IDS is demonstrated by utilising real data stemming from a hydropower plant. The accuracy and the F1 score of the proposed IDS reach 81% and 77% respectively. © 2020 IEEE.
P. Radoglou Grammatikis; P. Sarigiannidis; G. Efstathopoulos; E. Panaousis
ARIES: A Novel Multivariate Intrusion Detection System for Smart Grid Journal Article
In: Sensors (Basel, Switzerland), vol. 20, no. 18, 2020.
Περίληψη | BibTeX | Ετικέτες: Cybersecurity, intrusion detection system, machine learning, Modbus, SCADA, Smart Grid | Σύνδεσμοι:
@article{RadoglouGrammatikis2020,
title = {ARIES: A Novel Multivariate Intrusion Detection System for Smart Grid},
author = { P. Radoglou Grammatikis and P. Sarigiannidis and G. Efstathopoulos and E. Panaousis},
url = {https://www.researchgate.net/publication/344176314_ARIES_A_Novel_Multivariate_Intrusion_Detection_System_for_Smart_Grid},
doi = {10.3390/s20185305},
year = {2020},
date = {2020-01-01},
journal = {Sensors (Basel, Switzerland)},
volume = {20},
number = {18},
abstract = {The advent of the Smart Grid (SG) raises severe cybersecurity risks that can lead to devastating consequences. In this paper, we present a novel anomaly-based Intrusion Detection System (IDS), called ARIES (smArt gRid Intrusion dEtection System), which is capable of protecting efficiently SG communications. ARIES combines three detection layers that are devoted to recognising possible cyberattacks and anomalies against (a) network flows, (b) Modbus/Transmission Control Protocol (TCP) packets and (c) operational data. Each detection layer relies on a Machine Learning (ML) model trained using data originating from a power plant. In particular, the first layer (network flow-based detection) performs a supervised multiclass classification, recognising Denial of Service (DoS), brute force attacks, port scanning attacks and bots. The second layer (packet-based detection) detects possible anomalies related to the Modbus packets, while the third layer (operational data based detection) monitors and identifies anomalies upon operational data (i.e., time series electricity measurements). By emphasising on the third layer, the ARIES Generative Adversarial Network (ARIES GAN) with novel error minimisation functions was developed, considering mainly the reconstruction difference. Moreover, a novel reformed conditional input was suggested, consisting of random noise and the signal features at any given time instance. Based on the evaluation analysis, the proposed GAN network overcomes the efficacy of conventional ML methods in terms of Accuracy and the F1 score.},
keywords = {Cybersecurity, intrusion detection system, machine learning, Modbus, SCADA, Smart Grid},
pubstate = {published},
tppubtype = {article}
}
The advent of the Smart Grid (SG) raises severe cybersecurity risks that can lead to devastating consequences. In this paper, we present a novel anomaly-based Intrusion Detection System (IDS), called ARIES (smArt gRid Intrusion dEtection System), which is capable of protecting efficiently SG communications. ARIES combines three detection layers that are devoted to recognising possible cyberattacks and anomalies against (a) network flows, (b) Modbus/Transmission Control Protocol (TCP) packets and (c) operational data. Each detection layer relies on a Machine Learning (ML) model trained using data originating from a power plant. In particular, the first layer (network flow-based detection) performs a supervised multiclass classification, recognising Denial of Service (DoS), brute force attacks, port scanning attacks and bots. The second layer (packet-based detection) detects possible anomalies related to the Modbus packets, while the third layer (operational data based detection) monitors and identifies anomalies upon operational data (i.e., time series electricity measurements). By emphasising on the third layer, the ARIES Generative Adversarial Network (ARIES GAN) with novel error minimisation functions was developed, considering mainly the reconstruction difference. Moreover, a novel reformed conditional input was suggested, consisting of random noise and the signal features at any given time instance. Based on the evaluation analysis, the proposed GAN network overcomes the efficacy of conventional ML methods in terms of Accuracy and the F1 score.
Διεύθυνση
Internet of Things and Applications Lab
Department of Electrical and Computer Engineering
University of Western Macedonia Campus
ZEP Area, Kozani 50100
Greece
Πληροφορίες Επικοινωνίας
tel: +30 2461 056527
Email: ithaca@uowm.gr
