2021
Panagiotis Radoglou Grammatikis; Panagiotis Sarigiannidis; Christos Dalamagkas; Yannis Spyridis; Thomas Lagkas; Georgios Efstathopoulos; Achilleas Sesis; Ignacio Labrador Pavon; Ruben Trapero Burgos; Rodrigo Diaz; Antonios Sarigiannidis; Dimitris Papamartzivanos; Sofia Anna Menesidou; Giannis Ledakis; Achilleas Pasias; Thanasis Kotsiopoulos; Anastasios Drosou; Orestis Mavropoulos; Alba Colet Subirachs; Pol Paradell Sola; José Luis Domínguez-García; Marisa Escalante; Molinuevo Martin Alberto; Benito Caracuel; Francisco Ramos; Vasileios Gkioulos; Sokratis Katsikas; Hans Christian Bolstad; Dan-Eric Archer; Nikola Paunovic; Ramon Gallart; Theodoros Rokkas; Alicia Arce
SDN-Based Resilient Smart Grid: The SDN-microSENSE Architecture Journal Article
In: Digital, vol. 1, no. 4, pp. 173–187, 2021, ISSN: 2673-6470.
Περίληψη | BibTeX | Ετικέτες: Anomaly Detection, Blockchain, Cybersecurity, energy management; honeypots, intrusiondetection, islanding, Privacy, Smart Grid, Software Defined Networking | Σύνδεσμοι:
@article{digital1040013,
title = {SDN-Based Resilient Smart Grid: The SDN-microSENSE Architecture},
author = { Panagiotis Radoglou Grammatikis and Panagiotis Sarigiannidis and Christos Dalamagkas and Yannis Spyridis and Thomas Lagkas and Georgios Efstathopoulos and Achilleas Sesis and Ignacio Labrador Pavon and Ruben Trapero Burgos and Rodrigo Diaz and Antonios Sarigiannidis and Dimitris Papamartzivanos and Sofia Anna Menesidou and Giannis Ledakis and Achilleas Pasias and Thanasis Kotsiopoulos and Anastasios Drosou and Orestis Mavropoulos and Alba Colet Subirachs and Pol Paradell Sola and José Luis Domínguez-García and Marisa Escalante and Molinuevo Martin Alberto and Benito Caracuel and Francisco Ramos and Vasileios Gkioulos and Sokratis Katsikas and Hans Christian Bolstad and Dan-Eric Archer and Nikola Paunovic and Ramon Gallart and Theodoros Rokkas and Alicia Arce},
url = {https://www.researchgate.net/publication/354992483_SDN-Based_Resilient_Smart_Grid_The_SDN-microSENSE_Architecture},
doi = {10.3390/digital1040013},
issn = {2673-6470},
year = {2021},
date = {2021-09-24},
journal = {Digital},
volume = {1},
number = {4},
pages = {173--187},
abstract = {The technological leap of smart technologies and the Internet of Things has advanced the conventional model of the electrical power and energy systems into a new digital era, widely known as the Smart Grid. The advent of Smart Grids provides multiple benefits, such as self-monitoring, self-healing and pervasive control. However, it also raises crucial cybersecurity and privacy concerns that can lead to devastating consequences, including cascading effects with other critical infrastructures or even fatal accidents. This paper introduces a novel architecture, which will increase the Smart Grid resiliency, taking full advantage of the Software-Defined Networking (SDN) technology. The proposed architecture called SDN-microSENSE architecture consists of three main tiers: (a) Risk assessment, (b) intrusion detection and correlation and (c) self-healing. The first tier is responsible for evaluating dynamically the risk level of each Smart Grid asset. The second tier undertakes to detect and correlate security events and, finally, the last tier mitigates the potential threats, ensuring in parallel the normal operation of the Smart Grid. It is noteworthy that all tiers of the SDN-microSENSE architecture interact with the SDN controller either for detecting or mitigating intrusions.},
keywords = {Anomaly Detection, Blockchain, Cybersecurity, energy management; honeypots, intrusiondetection, islanding, Privacy, Smart Grid, Software Defined Networking},
pubstate = {published},
tppubtype = {article}
}
The technological leap of smart technologies and the Internet of Things has advanced the conventional model of the electrical power and energy systems into a new digital era, widely known as the Smart Grid. The advent of Smart Grids provides multiple benefits, such as self-monitoring, self-healing and pervasive control. However, it also raises crucial cybersecurity and privacy concerns that can lead to devastating consequences, including cascading effects with other critical infrastructures or even fatal accidents. This paper introduces a novel architecture, which will increase the Smart Grid resiliency, taking full advantage of the Software-Defined Networking (SDN) technology. The proposed architecture called SDN-microSENSE architecture consists of three main tiers: (a) Risk assessment, (b) intrusion detection and correlation and (c) self-healing. The first tier is responsible for evaluating dynamically the risk level of each Smart Grid asset. The second tier undertakes to detect and correlate security events and, finally, the last tier mitigates the potential threats, ensuring in parallel the normal operation of the Smart Grid. It is noteworthy that all tiers of the SDN-microSENSE architecture interact with the SDN controller either for detecting or mitigating intrusions.
Ilias Siniosoglou; Panagiotis Radoglou-Grammatikis; Georgios Efstathopoulos; Panagiotis Fouliras; Panagiotis Sarigiannidis
A Unified Deep Learning Anomaly Detection and Classification Approach for Smart Grid Environments Journal Article
In: {IEEE} Transactions on Network and Service Management, vol. 1, no. 1, pp. 1, 2021.
Περίληψη | BibTeX | Ετικέτες: Anomaly Detection, Auto-encoder, Cybersecurity, Deep Learning, Generative Adversarial Network, machine learning, Modbus, Smart Grid | Σύνδεσμοι:
@article{Siniosoglou2021b,
title = {A Unified Deep Learning Anomaly Detection and Classification Approach for Smart Grid Environments},
author = {Ilias Siniosoglou and Panagiotis Radoglou-Grammatikis and Georgios Efstathopoulos and Panagiotis Fouliras and Panagiotis Sarigiannidis},
url = {https://www.researchgate.net/publication/351344684_A_Unified_Deep_Learning_Anomaly_Detection_and_Classification_Approach_for_Smart_Grid_Environments},
doi = {10.1109/TNSM.2021.3078381},
year = {2021},
date = {2021-05-07},
journal = {{IEEE} Transactions on Network and Service Management},
volume = {1},
number = {1},
pages = {1},
abstract = {The interconnected and heterogeneous nature of the next-generation Electrical Grid (EG), widely known as Smart Grid (SG), bring severe cybersecurity and privacy risks that can also raise domino effects against other Critical Infrastructures (CIs). In this paper, we present an Intrusion Detection System (IDS) specially designed for the SG environments that use Modbus/Transmission Control Protocol (TCP) and Distributed Network Protocol 3 (DNP3) protocols. The proposed IDS called MENSA (anoMaly dEtection aNd claSsificAtion) adopts a novel Autoencoder-Generative Adversarial Network (GAN) architecture for (a) detecting operational anomalies and (b) classifying Modbus/TCP and DNP3 cyberattacks. In particular, MENSA combines the aforementioned Deep Neural Networks (DNNs) in a common architecture, taking into account the adversarial loss and the reconstruction difference. The proposed IDS is validated in four real SG evaluation environments, namely (a) SG lab, (b) substation, (c) hydropower plant and (d) power plant, solving successfully an outlier detection (i.e., anomaly detection) problem as well as a challenging multiclass classification problem consisting of 14 classes (13 Modbus/TCP cyberattacks and normal instances). Furthermore, MENSA can discriminate five cyberattacks against DNP3. The evaluation results demonstrate the efficiency of MENSA compared to other Machine Learning (ML) and Deep Learning (DL) methods in terms of Accuracy, False Positive Rate (FPR), True Positive Rate (TPR) and the F1 score.},
keywords = {Anomaly Detection, Auto-encoder, Cybersecurity, Deep Learning, Generative Adversarial Network, machine learning, Modbus, Smart Grid},
pubstate = {published},
tppubtype = {article}
}
The interconnected and heterogeneous nature of the next-generation Electrical Grid (EG), widely known as Smart Grid (SG), bring severe cybersecurity and privacy risks that can also raise domino effects against other Critical Infrastructures (CIs). In this paper, we present an Intrusion Detection System (IDS) specially designed for the SG environments that use Modbus/Transmission Control Protocol (TCP) and Distributed Network Protocol 3 (DNP3) protocols. The proposed IDS called MENSA (anoMaly dEtection aNd claSsificAtion) adopts a novel Autoencoder-Generative Adversarial Network (GAN) architecture for (a) detecting operational anomalies and (b) classifying Modbus/TCP and DNP3 cyberattacks. In particular, MENSA combines the aforementioned Deep Neural Networks (DNNs) in a common architecture, taking into account the adversarial loss and the reconstruction difference. The proposed IDS is validated in four real SG evaluation environments, namely (a) SG lab, (b) substation, (c) hydropower plant and (d) power plant, solving successfully an outlier detection (i.e., anomaly detection) problem as well as a challenging multiclass classification problem consisting of 14 classes (13 Modbus/TCP cyberattacks and normal instances). Furthermore, MENSA can discriminate five cyberattacks against DNP3. The evaluation results demonstrate the efficiency of MENSA compared to other Machine Learning (ML) and Deep Learning (DL) methods in terms of Accuracy, False Positive Rate (FPR), True Positive Rate (TPR) and the F1 score.
P. Radoglou-Grammatikis; P. Sarigiannidis; E. Iturbe; E. Rios; S. Martinez; A. Sarigiannidis; G. Eftathopoulos; I. Spyridis; A. Sesis; N. Vakakis; D. Tzovaras; E. Kafetzakis; I. Giannoulakis; M. Tzifas; A. Giannakoulias; M. Angelopoulos; F. Ramos
SPEAR SIEM: A Security Information and Event Management system for the Smart Grid Journal Article
In: Computer Networks, pp. 108008, 2021.
Περίληψη | BibTeX | Ετικέτες: Anomaly Detection, Cybersecurity, Deep Learning, Intrusion detection, machine learning, SCADA, Security Information and Event Management, Smart Grid | Σύνδεσμοι:
@article{RadoglouGrammatikis2021,
title = {SPEAR SIEM: A Security Information and Event Management system for the Smart Grid},
author = { P. Radoglou-Grammatikis and P. Sarigiannidis and E. Iturbe and E. Rios and S. Martinez and A. Sarigiannidis and G. Eftathopoulos and I. Spyridis and A. Sesis and N. Vakakis and D. Tzovaras and E. Kafetzakis and I. Giannoulakis and M. Tzifas and A. Giannakoulias and M. Angelopoulos and F. Ramos},
url = {https://www.researchgate.net/publication/350287201_SPEAR_SIEM_A_Security_Information_and_Event_Management_system_for_the_Smart_Grid},
doi = {10.1016/j.comnet.2021.108008},
year = {2021},
date = {2021-04-01},
journal = {Computer Networks},
pages = {108008},
publisher = {Elsevier BV},
abstract = {The technological leap of smart technologies has brought the conventional electrical grid in a new digital era called Smart Grid (SG), providing multiple benefits, such as two-way communication, pervasive control and self-healing. However, this new reality generates significant cybersecurity risks due to the heterogeneous and insecure nature of SG. In particular, SG relies on legacy communication protocols that have not been implemented having cybersecurity in mind. Moreover, the advent of the Internet of Things (IoT) creates severe cybersecurity challenges. The Security Information and Event Management (SIEM) systems constitute an emerging technology in the cybersecurity area, having the capability to detect, normalise and correlate a vast amount of security events. They can orchestrate the entire security of a smart ecosystem, such as SG. Nevertheless, the current SIEM systems do not take into account the unique SG peculiarities and characteristics like the legacy communication protocols. In this paper, we present the Secure and PrivatE smArt gRid (SPEAR) SIEM, which focuses on SG. The main contribution of our work is the design and implementation of a SIEM system capable of detecting, normalising and correlating cyberattacks and anomalies against a plethora of SG application-layer protocols. It is noteworthy that the detection performance of the SPEAR SIEM is demonstrated with real data originating from four real SG use case (a) hydropower plant, (b) substation, (c) power plant and (d) smart home.},
keywords = {Anomaly Detection, Cybersecurity, Deep Learning, Intrusion detection, machine learning, SCADA, Security Information and Event Management, Smart Grid},
pubstate = {published},
tppubtype = {article}
}
The technological leap of smart technologies has brought the conventional electrical grid in a new digital era called Smart Grid (SG), providing multiple benefits, such as two-way communication, pervasive control and self-healing. However, this new reality generates significant cybersecurity risks due to the heterogeneous and insecure nature of SG. In particular, SG relies on legacy communication protocols that have not been implemented having cybersecurity in mind. Moreover, the advent of the Internet of Things (IoT) creates severe cybersecurity challenges. The Security Information and Event Management (SIEM) systems constitute an emerging technology in the cybersecurity area, having the capability to detect, normalise and correlate a vast amount of security events. They can orchestrate the entire security of a smart ecosystem, such as SG. Nevertheless, the current SIEM systems do not take into account the unique SG peculiarities and characteristics like the legacy communication protocols. In this paper, we present the Secure and PrivatE smArt gRid (SPEAR) SIEM, which focuses on SG. The main contribution of our work is the design and implementation of a SIEM system capable of detecting, normalising and correlating cyberattacks and anomalies against a plethora of SG application-layer protocols. It is noteworthy that the detection performance of the SPEAR SIEM is demonstrated with real data originating from four real SG use case (a) hydropower plant, (b) substation, (c) power plant and (d) smart home.
2020
P. Radoglou-Grammatikis; P. Sarigiannidis; E. Iturbe; E. Rios; A. Sarigiannidis; O. Nikolis; D. Ioannidis; V. Machamint; M. Tzifas; A. Giannakoulias; M. Angelopoulos; A. Papadopoulos; F. Ramos
Secure and private smart grid: The SPEAR architecture Conference
2020 6th IEEE Conference on Network Softwarization (NetSoft), IEEE, 2020.
Περίληψη | BibTeX | Ετικέτες: Anomaly Detection, Anonymity, Cybersecurity, Forensics, Honeypots, Intrusion detection, Privacy, Smart Grid | Σύνδεσμοι:
@conference{Grammatikis2020450,
title = {Secure and private smart grid: The SPEAR architecture},
author = { P. Radoglou-Grammatikis and P. Sarigiannidis and E. Iturbe and E. Rios and A. Sarigiannidis and O. Nikolis and D. Ioannidis and V. Machamint and M. Tzifas and A. Giannakoulias and M. Angelopoulos and A. Papadopoulos and F. Ramos},
url = {https://www.researchgate.net/publication/343621502_Secure_and_Private_Smart_Grid_The_SPEAR_Architecture?_sg=ajSET8e8bb-KvKba1e9QHd7a7IFuKtI-72RhxDMcm-yozF1Q-5Jx4b8jAVrAhVncE1vtLBx2eVdgcx4},
doi = {10.1109/NetSoft48620.2020.9165420},
year = {2020},
date = {2020-06-01},
booktitle = {2020 6th IEEE Conference on Network Softwarization (NetSoft)},
journal = {Proceedings of the 2020 IEEE Conference on Network Softwarization: Bridging the Gap Between AI and Network Softwarization, NetSoft 2020},
pages = {450-456},
publisher = {IEEE},
abstract = {Information and Communication Technology (ICT) is an integral part of Critical Infrastructures (CIs), bringing both significant pros and cons. Focusing our attention on the energy sector, ICT converts the conventional electrical grid into a new paradigm called Smart Grid (SG), providing crucial benefits such as pervasive control, better utilisation of the existing resources, self-healing, etc. However, in parallel, ICT increases the attack surface of this domain, generating new potential cyberthreats. In this paper, we present the Secure and PrivatE smArt gRid (SPEAR) architecture which constitutes an overall solution aiming at protecting SG, by enhancing situational awareness, detecting timely cyberattacks, collecting appropriate forensic evidence and providing an anonymous cybersecurity information-sharing mechanism. Operational characteristics and technical specifications details are analysed for each component, while also the communication interfaces among them are described in detail. © 2020 IEEE.},
keywords = {Anomaly Detection, Anonymity, Cybersecurity, Forensics, Honeypots, Intrusion detection, Privacy, Smart Grid},
pubstate = {published},
tppubtype = {conference}
}
Information and Communication Technology (ICT) is an integral part of Critical Infrastructures (CIs), bringing both significant pros and cons. Focusing our attention on the energy sector, ICT converts the conventional electrical grid into a new paradigm called Smart Grid (SG), providing crucial benefits such as pervasive control, better utilisation of the existing resources, self-healing, etc. However, in parallel, ICT increases the attack surface of this domain, generating new potential cyberthreats. In this paper, we present the Secure and PrivatE smArt gRid (SPEAR) architecture which constitutes an overall solution aiming at protecting SG, by enhancing situational awareness, detecting timely cyberattacks, collecting appropriate forensic evidence and providing an anonymous cybersecurity information-sharing mechanism. Operational characteristics and technical specifications details are analysed for each component, while also the communication interfaces among them are described in detail. © 2020 IEEE.
P.R. Grammatikis; P. Sarigiannidis; A. Sarigiannidis; D. Margounakis; A. Tsiakalos; G. Efstathopoulos
An Anomaly Detection Mechanism for IEC 60870-5-104 Conference
2020.
Περίληψη | BibTeX | Ετικέτες: Anomaly Detection, Cybersecurity, IEC-60870-5-104, Supervisory Control and Data Acquisition | Σύνδεσμοι:
@conference{Grammatikis2020,
title = {An Anomaly Detection Mechanism for IEC 60870-5-104},
author = { P.R. Grammatikis and P. Sarigiannidis and A. Sarigiannidis and D. Margounakis and A. Tsiakalos and G. Efstathopoulos},
url = {https://www.researchgate.net/publication/344386495_An_Anomaly_Detection_Mechanism_for_IEC_60870-5-104},
doi = {10.1109/MOCAST49295.2020.9200285},
year = {2020},
date = {2020-01-01},
journal = {2020 9th International Conference on Modern Circuits and Systems Technologies, MOCAST 2020},
abstract = {The transformation of the conventional electricity grid into a new paradigm called smart grid demands the appropriate cybersecurity solutions. In this paper, we focus on the security of the IEC 60870-5-104 (IEC-104) protocol which is commonly used by Supervisory Control and Data Acquisition (SCADA) systems in the energy domain. In particular, after investigating its security issues, we provide a multivariate Intrusion Detection System (IDS) which adopts both access control and outlier detection mechanisms in order to detect timely possible anomalies against IEC-104. The efficiency of the proposed IDS is reflected by the Accuracy and F1 metrics that reach 98% and 87%, respectively. © 2020 IEEE.},
keywords = {Anomaly Detection, Cybersecurity, IEC-60870-5-104, Supervisory Control and Data Acquisition},
pubstate = {published},
tppubtype = {conference}
}
The transformation of the conventional electricity grid into a new paradigm called smart grid demands the appropriate cybersecurity solutions. In this paper, we focus on the security of the IEC 60870-5-104 (IEC-104) protocol which is commonly used by Supervisory Control and Data Acquisition (SCADA) systems in the energy domain. In particular, after investigating its security issues, we provide a multivariate Intrusion Detection System (IDS) which adopts both access control and outlier detection mechanisms in order to detect timely possible anomalies against IEC-104. The efficiency of the proposed IDS is reflected by the Accuracy and F1 metrics that reach 98% and 87%, respectively. © 2020 IEEE.
A. Protopsaltis; P. Sarigiannidis; D. Margounakis; A. Lytos
Data Visualization in Internet of Things: Tools, Methodologies, and Challenges Conference
Proceedings of the 15th International Conference on Availability, Reliability and Security, ARES '20 Association for Computing Machinery, Virtual Event, Ireland, 2020, ISBN: 9781450388337.
Περίληψη | BibTeX | Ετικέτες: Anomaly Detection, Μεγάλα Δεδομένα και Ευφυείς Εφαρμογές στο Διαδίκτυο των Πραγμάτων, Data visualization, Internet of Things (IoT) | Σύνδεσμοι:
@conference{Protopsaltis2020,
title = {Data Visualization in Internet of Things: Tools, Methodologies, and Challenges},
author = { A. Protopsaltis and P. Sarigiannidis and D. Margounakis and A. Lytos},
url = {https://www.researchgate.net/publication/343935293_Data_Visualization_in_Internet_of_Things_Tools_Methodologies_and_Challenges},
doi = {10.1145/3407023.3409228},
isbn = {9781450388337},
year = {2020},
date = {2020-01-01},
booktitle = {Proceedings of the 15th International Conference on Availability, Reliability and Security},
publisher = {Association for Computing Machinery},
address = {Virtual Event, Ireland},
series = {ARES '20},
abstract = {As the Internet of Things (IoT) grows rapidly, huge amounts of wireless sensor networks emerged monitoring a wide range of infrastructure, in various domains such as healthcare, energy, transportation, smart city, building automation, agriculture, and industry producing continuously streamlines of data. Big Data technologies play a significant role within IoT processes, as visual analytics tools, generating valuable knowledge in real-time in order to support critical decision making. This paper provides a comprehensive survey of visualization methods, tools, and techniques for the IoT. We position data visualization inside the visual analytics process by reviewing the visual analytics pipeline. We provide a study of various chart types available for data visualization and analyze rules for employing each one of them, taking into account the special conditions of the particular use case. We further examine some of the most promising visualization tools. Since each IoT domain is isolated in terms of Big Data approaches, we investigate visualization issues in each domain. Additionally, we review visualization methods oriented to anomaly detection. Finally, we provide an overview of the major challenges in IoT visualizations.},
keywords = {Anomaly Detection, Big Data, Data visualization, Internet of Things (IoT)},
pubstate = {published},
tppubtype = {conference}
}
As the Internet of Things (IoT) grows rapidly, huge amounts of wireless sensor networks emerged monitoring a wide range of infrastructure, in various domains such as healthcare, energy, transportation, smart city, building automation, agriculture, and industry producing continuously streamlines of data. Big Data technologies play a significant role within IoT processes, as visual analytics tools, generating valuable knowledge in real-time in order to support critical decision making. This paper provides a comprehensive survey of visualization methods, tools, and techniques for the IoT. We position data visualization inside the visual analytics process by reviewing the visual analytics pipeline. We provide a study of various chart types available for data visualization and analyze rules for employing each one of them, taking into account the special conditions of the particular use case. We further examine some of the most promising visualization tools. Since each IoT domain is isolated in terms of Big Data approaches, we investigate visualization issues in each domain. Additionally, we review visualization methods oriented to anomaly detection. Finally, we provide an overview of the major challenges in IoT visualizations.
P. Radoglou-Grammatikis; P. Sarigiannidis; G. Efstathopoulos; P.-A. Karypidis; A. Sarigiannidis
DIDEROT: An intrusion detection and prevention system for DNP3-based SCADA systems Conference
2020.
Περίληψη | BibTeX | Ετικέτες: Anomaly Detection, Autonencoder, Intrusion detection, machine learning, SCADA, SDN, Smart Grid | Σύνδεσμοι:
@conference{Radoglou-Grammatikis2020b,
title = {DIDEROT: An intrusion detection and prevention system for DNP3-based SCADA systems},
author = { P. Radoglou-Grammatikis and P. Sarigiannidis and G. Efstathopoulos and P.-A. Karypidis and A. Sarigiannidis},
url = {https://www.researchgate.net/publication/343853580_DIDEROT_an_intrusion_detection_and_prevention_system_for_DNP3-based_SCADA_systems},
doi = {10.1145/3407023.3409314},
year = {2020},
date = {2020-01-01},
journal = {ACM International Conference Proceeding Series},
abstract = {In this paper, an Intrusion Detection and Prevention System (IDPS) for the Distributed Network Protocol 3 (DNP3) Supervisory Control and Data Acquisition (SCADA) systems is presented. The proposed IDPS is called DIDEROT (Dnp3 Intrusion DetEction pReventiOn sysTem) and relies on both supervised Machine Learning (ML) and unsupervised/outlier ML detection models capable of discriminating whether a DNP3 network flow is related to a particular DNP3 cyberattack or anomaly. First, the supervised ML detection model is applied, trying to identify whether a DNP3 network flow is related to a specific DNP3 cyberattack. If the corresponding network flow is detected as normal, then the unsupervised/outlier ML anomaly detection model is activated, seeking to recognise the presence of a possible anomaly. Based on the DIDEROT detection results, the Software Defined Networking (SDN) technology is adopted in order to mitigate timely the corresponding DNP3 cyberattacks and anomalies. The performance of DIDEROT is demonstrated using real data originating from a substation environment. © 2020 ACM.},
keywords = {Anomaly Detection, Autonencoder, Intrusion detection, machine learning, SCADA, SDN, Smart Grid},
pubstate = {published},
tppubtype = {conference}
}
In this paper, an Intrusion Detection and Prevention System (IDPS) for the Distributed Network Protocol 3 (DNP3) Supervisory Control and Data Acquisition (SCADA) systems is presented. The proposed IDPS is called DIDEROT (Dnp3 Intrusion DetEction pReventiOn sysTem) and relies on both supervised Machine Learning (ML) and unsupervised/outlier ML detection models capable of discriminating whether a DNP3 network flow is related to a particular DNP3 cyberattack or anomaly. First, the supervised ML detection model is applied, trying to identify whether a DNP3 network flow is related to a specific DNP3 cyberattack. If the corresponding network flow is detected as normal, then the unsupervised/outlier ML anomaly detection model is activated, seeking to recognise the presence of a possible anomaly. Based on the DIDEROT detection results, the Software Defined Networking (SDN) technology is adopted in order to mitigate timely the corresponding DNP3 cyberattacks and anomalies. The performance of DIDEROT is demonstrated using real data originating from a substation environment. © 2020 ACM.
2019
G. Efstathopoulos; P.R. Grammatikis; P. Sarigiannidis; V. Argyriou; A. Sarigiannidis; K. Stamatakis; M.K. Angelopoulos; S.K. Athanasopoulos
Operational data based intrusion detection system for smart grid Conference
vol. 2019-September, 2019.
Περίληψη | BibTeX | Ετικέτες: Anomaly Detection, Cybersecurity, intrusion detection system, machine learning, Operational Data, Smart Grid | Σύνδεσμοι:
@conference{Efstathopoulos2019,
title = {Operational data based intrusion detection system for smart grid},
author = { G. Efstathopoulos and P.R. Grammatikis and P. Sarigiannidis and V. Argyriou and A. Sarigiannidis and K. Stamatakis and M.K. Angelopoulos and S.K. Athanasopoulos},
url = {https://www.researchgate.net/publication/335866997_Operational_Data_Based_Intrusion_Detection_System_for_Smart_Grid},
doi = {10.1109/CAMAD.2019.8858503},
year = {2019},
date = {2019-01-01},
journal = {IEEE International Workshop on Computer Aided Modeling and Design of Communication Links and Networks, CAMAD},
volume = {2019-September},
abstract = {With the rapid progression of Information and Communication Technology (ICT) and especially of Internet of Things (IoT), the conventional electrical grid is transformed into a new intelligent paradigm, known as Smart Grid (SG). SG provides significant benefits both for utility companies and energy consumers such as the two-way communication (both electricity and information), distributed generation, remote monitoring, self-healing and pervasive control. However, at the same time, this dependence introduces new security challenges, since SG inherits the vulnerabilities of multiple heterogeneous, co-existing legacy and smart technologies, such as IoT and Industrial Control Systems (ICS). An effective countermeasure against the various cyberthreats in SG is the Intrusion Detection System (IDS), informing the operator timely about the possible cyberattacks and anomalies. In this paper, we provide an anomaly-based IDS especially designed for SG utilising operational data from a real power plant. In particular, many machine learning and deep learning models were deployed, introducing novel parameters and feature representations in a comparative study. The evaluation analysis demonstrated the efficacy of the proposed IDS and the improvement due to the suggested complex data representation. © 2019 IEEE.},
keywords = {Anomaly Detection, Cybersecurity, intrusion detection system, machine learning, Operational Data, Smart Grid},
pubstate = {published},
tppubtype = {conference}
}
With the rapid progression of Information and Communication Technology (ICT) and especially of Internet of Things (IoT), the conventional electrical grid is transformed into a new intelligent paradigm, known as Smart Grid (SG). SG provides significant benefits both for utility companies and energy consumers such as the two-way communication (both electricity and information), distributed generation, remote monitoring, self-healing and pervasive control. However, at the same time, this dependence introduces new security challenges, since SG inherits the vulnerabilities of multiple heterogeneous, co-existing legacy and smart technologies, such as IoT and Industrial Control Systems (ICS). An effective countermeasure against the various cyberthreats in SG is the Intrusion Detection System (IDS), informing the operator timely about the possible cyberattacks and anomalies. In this paper, we provide an anomaly-based IDS especially designed for SG utilising operational data from a real power plant. In particular, many machine learning and deep learning models were deployed, introducing novel parameters and feature representations in a comparative study. The evaluation analysis demonstrated the efficacy of the proposed IDS and the improvement due to the suggested complex data representation. © 2019 IEEE.
Διεύθυνση
Internet of Things and Applications Lab
Department of Electrical and Computer Engineering
University of Western Macedonia Campus
ZEP Area, Kozani 50100
Greece
Πληροφορίες Επικοινωνίας
tel: +30 2461 056527
Email: ithaca@uowm.gr
