2020
P. Radoglou-Grammatikis; I. Siniosoglou; T. Liatifis; A. Kourouniadis; K. Rompolos; P. Sarigiannidis
Implementation and detection of modbus cyberattacks Conference
2020.
Abstract | BibTeX | Tags: intrusion detection system, Modbus, Smart Grid, Smod, Supervisory Control and Data Acquisition | Links:
@conference{Radoglou-Grammatikis2020,
title = {Implementation and detection of modbus cyberattacks},
author = { P. Radoglou-Grammatikis and I. Siniosoglou and T. Liatifis and A. Kourouniadis and K. Rompolos and P. Sarigiannidis},
url = {https://www.researchgate.net/publication/344386530_Implementation_and_Detection_of_Modbus_Cyberattacks},
doi = {10.1109/MOCAST49295.2020.9200287},
year = {2020},
date = {2020-01-01},
journal = {2020 9th International Conference on Modern Circuits and Systems Technologies, MOCAST 2020},
abstract = {Supervisory Control and Data Acquisition (SCADA) systems play a significant role in Critical Infrastructures (CIs) since they monitor and control the automation processes of the industrial equipment. However, SCADA relies on vulnerable communication protocols without any cybersecurity mechanism, thereby making it possible to endanger the overall operation of the CI. In this paper, we focus on the Modbus/TCP protocol, which is commonly utilised in many CIs and especially in the electrical grid. In particular, our contribution is twofold. First, we study and enhance the cyberattacks provided by the Smod pen-testing tool. Second, we introduce an anomaly-based Intrusion Detection System (IDS) capable of detecting Denial of Service (DoS) cyberattacks related to Modbus/TCP. The efficacy of the proposed IDS is demonstrated by utilising real data stemming from a hydropower plant. The accuracy and the F1 score of the proposed IDS reach 81% and 77% respectively. © 2020 IEEE.},
keywords = {intrusion detection system, Modbus, Smart Grid, Smod, Supervisory Control and Data Acquisition},
pubstate = {published},
tppubtype = {conference}
}
P. Radoglou-Grammatikis; P. Sarigiannidis; G. Efstathopoulos; P.-A. Karypidis; A. Sarigiannidis
DIDEROT: An intrusion detection and prevention system for DNP3-based SCADA systems Conference
2020.
Abstract | BibTeX | Tags: Anomaly Detection, Autonencoder, Intrusion detection, machine learning, SCADA, SDN, Smart Grid | Links:
@conference{Radoglou-Grammatikis2020b,
title = {DIDEROT: An intrusion detection and prevention system for DNP3-based SCADA systems},
author = { P. Radoglou-Grammatikis and P. Sarigiannidis and G. Efstathopoulos and P.-A. Karypidis and A. Sarigiannidis},
url = {https://www.researchgate.net/publication/343853580_DIDEROT_an_intrusion_detection_and_prevention_system_for_DNP3-based_SCADA_systems},
doi = {10.1145/3407023.3409314},
year = {2020},
date = {2020-01-01},
journal = {ACM International Conference Proceeding Series},
abstract = {In this paper, an Intrusion Detection and Prevention System (IDPS) for the Distributed Network Protocol 3 (DNP3) Supervisory Control and Data Acquisition (SCADA) systems is presented. The proposed IDPS is called DIDEROT (Dnp3 Intrusion DetEction pReventiOn sysTem) and relies on both supervised Machine Learning (ML) and unsupervised/outlier ML detection models capable of discriminating whether a DNP3 network flow is related to a particular DNP3 cyberattack or anomaly. First, the supervised ML detection model is applied, trying to identify whether a DNP3 network flow is related to a specific DNP3 cyberattack. If the corresponding network flow is detected as normal, then the unsupervised/outlier ML anomaly detection model is activated, seeking to recognise the presence of a possible anomaly. Based on the DIDEROT detection results, the Software Defined Networking (SDN) technology is adopted in order to mitigate timely the corresponding DNP3 cyberattacks and anomalies. The performance of DIDEROT is demonstrated using real data originating from a substation environment. © 2020 ACM.},
keywords = {Anomaly Detection, Autonencoder, Intrusion detection, machine learning, SCADA, SDN, Smart Grid},
pubstate = {published},
tppubtype = {conference}
}
D. Pliatsios; P. Sarigiannidis; T. Lagkas; A.G. Sarigiannidis
A Survey on SCADA Systems: Secure Protocols, Incidents, Threats and Tactics Journal Article
In: IEEE Communications Surveys and Tutorials, vol. 22, no. 3, pp. 1942-1976, 2020.
Abstract | BibTeX | Tags: Cybersecurity, protocols, SCADA, security, Smart Grid, trends | Links:
@article{Pliatsios20201942,
title = {A Survey on SCADA Systems: Secure Protocols, Incidents, Threats and Tactics},
author = { D. Pliatsios and P. Sarigiannidis and T. Lagkas and A.G. Sarigiannidis},
url = {https://www.researchgate.net/publication/340453361_A_Survey_on_SCADA_Systems_Secure_Protocols_Incidents_Threats_and_Tactics},
doi = {10.1109/COMST.2020.2987688},
year = {2020},
date = {2020-01-01},
journal = {IEEE Communications Surveys and Tutorials},
volume = {22},
number = {3},
pages = {1942-1976},
abstract = {Supervisory Control and Data Acquisition (SCADA) systems are the underlying monitoring and control components of critical infrastructures, such as power, telecommunication, transportation, pipelines, chemicals and manufacturing plants. Legacy SCADA systems operated on isolated networks, that made them less exposed to Internet threats. However, the increasing connection of SCADA systems to the Internet, as well as corporate networks, introduces severe security issues. Security considerations for SCADA systems are gaining higher attention, as the number of security incidents against these critical infrastructures is increasing. In this survey, we provide an overview of the general SCADA architecture, along with a detailed description of the SCADA communication protocols. Additionally, we discuss certain high-impact security incidents, objectives, and threats. Furthermore, we carry out an extensive review of the security proposals and tactics that aim to secure SCADA systems. We also discuss the state of SCADA system security. Finally, we present the current research trends and future advancements of SCADA security. © 1998-2012 IEEE.},
keywords = {Cybersecurity, protocols, SCADA, security, Smart Grid, trends},
pubstate = {published},
tppubtype = {article}
}
P. Diamantoulakis; C. Dalamagkas; P. Radoglou-Grammatikis; P. Sarigiannidis; G. Karagiannidis
Game theoretic honeypot deployment in smart grid Journal Article
In: Sensors (Switzerland), vol. 20, no. 15, pp. 1-24, 2020.
Abstract | BibTeX | Tags: Cybersecurity, Game theory, Honeypots, Smart Grid | Links:
@article{Diamantoulakis20201,
title = {Game theoretic honeypot deployment in smart grid},
author = { P. Diamantoulakis and C. Dalamagkas and P. Radoglou-Grammatikis and P. Sarigiannidis and G. Karagiannidis},
url = {https://www.researchgate.net/publication/343188880_Game_Theoretic_Honeypot_Deployment_in_Smart_Grid},
doi = {10.3390/s20154199},
year = {2020},
date = {2020-01-01},
journal = {Sensors (Switzerland)},
volume = {20},
number = {15},
pages = {1-24},
abstract = {The smart grid provides advanced functionalities, including real-time monitoring, dynamic energy management, advanced pricing mechanisms, and self-healing, by enabling the two-way flow of power and data, as well as the use of Internet of Things (IoT) technologies and devices. However, converting the traditional power grids to smart grids poses severe security challenges and makes their components and services prone to cyber attacks. To this end, advanced techniques are required to mitigate the impact of the potential attacks. In this paper, we investigate the use of honeypots, which are considered to mimic the common services of the smart grid and are able to detect unauthorized accesses, collect evidence, and help hide the real devices. More specifically, the interaction of an attacker and a defender is considered, who both optimize the number of attacks and the defending system configuration, i.e., the number of real devices and honeypots, respectively, with the aim to maximize their individual payoffs. To solve this problem, game theoretic tools are used, considering an one-shot game and a repeated game with uncertainty about the payoff of the attacker, where the Nash Equilibrium (NE) and the Bayesian NE are derived, respectively. Finally, simulation results are provided, which illustrate the effectiveness of the proposed framework. © 2020 by the authors. Licensee MDPI, Basel, Switzerland.},
keywords = {Cybersecurity, Game theory, Honeypots, Smart Grid},
pubstate = {published},
tppubtype = {article}
}
P. Radoglou Grammatikis; P. Sarigiannidis; G. Efstathopoulos; E. Panaousis
ARIES: A Novel Multivariate Intrusion Detection System for Smart Grid Journal Article
In: Sensors (Basel, Switzerland), vol. 20, no. 18, 2020.
Abstract | BibTeX | Tags: Cybersecurity, intrusion detection system, machine learning, Modbus, SCADA, Smart Grid | Links:
@article{RadoglouGrammatikis2020,
title = {ARIES: A Novel Multivariate Intrusion Detection System for Smart Grid},
author = { P. Radoglou Grammatikis and P. Sarigiannidis and G. Efstathopoulos and E. Panaousis},
url = {https://www.researchgate.net/publication/344176314_ARIES_A_Novel_Multivariate_Intrusion_Detection_System_for_Smart_Grid},
doi = {10.3390/s20185305},
year = {2020},
date = {2020-01-01},
journal = {Sensors (Basel, Switzerland)},
volume = {20},
number = {18},
abstract = {The advent of the Smart Grid (SG) raises severe cybersecurity risks that can lead to devastating consequences. In this paper, we present a novel anomaly-based Intrusion Detection System (IDS), called ARIES (smArt gRid Intrusion dEtection System), which is capable of protecting efficiently SG communications. ARIES combines three detection layers that are devoted to recognising possible cyberattacks and anomalies against (a) network flows, (b) Modbus/Transmission Control Protocol (TCP) packets and (c) operational data. Each detection layer relies on a Machine Learning (ML) model trained using data originating from a power plant. In particular, the first layer (network flow-based detection) performs a supervised multiclass classification, recognising Denial of Service (DoS), brute force attacks, port scanning attacks and bots. The second layer (packet-based detection) detects possible anomalies related to the Modbus packets, while the third layer (operational data based detection) monitors and identifies anomalies upon operational data (i.e., time series electricity measurements). By emphasising on the third layer, the ARIES Generative Adversarial Network (ARIES GAN) with novel error minimisation functions was developed, considering mainly the reconstruction difference. Moreover, a novel reformed conditional input was suggested, consisting of random noise and the signal features at any given time instance. Based on the evaluation analysis, the proposed GAN network overcomes the efficacy of conventional ML methods in terms of Accuracy and the F1 score.},
keywords = {Cybersecurity, intrusion detection system, machine learning, Modbus, SCADA, Smart Grid},
pubstate = {published},
tppubtype = {article}
}
2019
G. Efstathopoulos; P.R. Grammatikis; P. Sarigiannidis; V. Argyriou; A. Sarigiannidis; K. Stamatakis; M.K. Angelopoulos; S.K. Athanasopoulos
Operational data based intrusion detection system for smart grid Conference
vol. 2019-September, 2019.
Abstract | BibTeX | Tags: Anomaly Detection, Cybersecurity, intrusion detection system, machine learning, Operational Data, Smart Grid | Links:
@conference{Efstathopoulos2019,
title = {Operational data based intrusion detection system for smart grid},
author = { G. Efstathopoulos and P.R. Grammatikis and P. Sarigiannidis and V. Argyriou and A. Sarigiannidis and K. Stamatakis and M.K. Angelopoulos and S.K. Athanasopoulos},
url = {https://www.researchgate.net/publication/335866997_Operational_Data_Based_Intrusion_Detection_System_for_Smart_Grid},
doi = {10.1109/CAMAD.2019.8858503},
year = {2019},
date = {2019-01-01},
journal = {IEEE International Workshop on Computer Aided Modeling and Design of Communication Links and Networks, CAMAD},
volume = {2019-September},
abstract = {With the rapid progression of Information and Communication Technology (ICT) and especially of Internet of Things (IoT), the conventional electrical grid is transformed into a new intelligent paradigm, known as Smart Grid (SG). SG provides significant benefits both for utility companies and energy consumers such as the two-way communication (both electricity and information), distributed generation, remote monitoring, self-healing and pervasive control. However, at the same time, this dependence introduces new security challenges, since SG inherits the vulnerabilities of multiple heterogeneous, co-existing legacy and smart technologies, such as IoT and Industrial Control Systems (ICS). An effective countermeasure against the various cyberthreats in SG is the Intrusion Detection System (IDS), informing the operator timely about the possible cyberattacks and anomalies. In this paper, we provide an anomaly-based IDS especially designed for SG utilising operational data from a real power plant. In particular, many machine learning and deep learning models were deployed, introducing novel parameters and feature representations in a comparative study. The evaluation analysis demonstrated the efficacy of the proposed IDS and the improvement due to the suggested complex data representation. © 2019 IEEE.},
keywords = {Anomaly Detection, Cybersecurity, intrusion detection system, machine learning, Operational Data, Smart Grid},
pubstate = {published},
tppubtype = {conference}
}
P. Radoglou-Grammatikis; P. Sarigiannidis; I. Giannoulakis; E. Kafetzakis; E. Panaousis
Attacking IEC-60870-5-104 SCADA Systems Conference
2019.
Abstract | BibTeX | Tags: Coloured Petri Net, IEC 60870 5 104, OSSIM, SCADA security, Smart Grid, Threat modelling | Links:
@conference{Radoglou-Grammatikis201941,
title = {Attacking IEC-60870-5-104 SCADA Systems},
author = { P. Radoglou-Grammatikis and P. Sarigiannidis and I. Giannoulakis and E. Kafetzakis and E. Panaousis},
url = {https://www.researchgate.net/publication/333671061_Attacking_IEC-60870-5-104_SCADA_Systems},
doi = {10.1109/SERVICES.2019.00022},
year = {2019},
date = {2019-01-01},
journal = {Proceedings - 2019 IEEE World Congress on Services, SERVICES 2019},
pages = {41-46},
abstract = {The rapid evolution of the Information and Communications Technology (ICT) services transforms the conventional electrical grid into a new paradigm called Smart Grid (SG). Even though SG brings significant improvements, such as increased reliability and better energy management, it also introduces multiple security challenges. One of the main reasons for this is that SG combines a wide range of heterogeneous technologies, including Internet of Things (IoT) devices as well as Supervisory Control and Data Acquisition (SCADA) systems. The latter are responsible for monitoring and controlling the automatic procedures of energy transmission and distribution. Nevertheless, the presence of these systems introduces multiple vulnerabilities because their protocols do not implement essential security mechanisms such as authentication and access control. In this paper, we focus our attention on the security issues of the IEC 60870-5-104 (IEC-104) protocol, which is widely utilized in the European energy sector. In particular, we provide a SCADA threat model based on a Coloured Petri Net (CPN) and emulate four different types of cyber attacks against IEC-104. Last, we used AlienVault's risk assessment model to evaluate the risk level that each of these cyber attacks introduces to our system to confirm our intuition about their severity. © 2019 IEEE.},
keywords = {Coloured Petri Net, IEC 60870 5 104, OSSIM, SCADA security, Smart Grid, Threat modelling},
pubstate = {published},
tppubtype = {conference}
}
P.I. Radoglou-Grammatikis; P.G. Sarigiannidis
Securing the Smart Grid: A Comprehensive Compilation of Intrusion Detection and Prevention Systems Journal Article
In: IEEE Access, vol. 7, pp. 46595-46620, 2019.
Abstract | BibTeX | Tags: Advanced Metering Infrastructure, cyberattacks, intrusion detection system, Intrusion prevention system, SCADA, security, Smart Grid, substation, Synchrophasor | Links:
@article{Radoglou-Grammatikis201946595,
title = {Securing the Smart Grid: A Comprehensive Compilation of Intrusion Detection and Prevention Systems},
author = { P.I. Radoglou-Grammatikis and P.G. Sarigiannidis},
url = {https://www.researchgate.net/publication/332188706_Securing_the_Smart_Grid_A_Comprehensive_Compilation_of_Intrusion_Detection_and_Prevention_Systems},
doi = {10.1109/ACCESS.2019.2909807},
year = {2019},
date = {2019-01-01},
journal = {IEEE Access},
volume = {7},
pages = {46595-46620},
abstract = {The smart grid (SG) paradigm is the next technological leap of the conventional electrical grid, contributing to the protection of the physical environment and providing multiple advantages such as increased reliability, better service quality, and the efficient utilization of the existing infrastructure and the renewable energy resources. However, despite the fact that it brings beneficial environmental, economic, and social changes, the existence of such a system possesses important security and privacy challenges, since it includes a combination of heterogeneous, co-existing smart, and legacy technologies. Based on the rapid evolution of the cyber-physical systems (CPS), both academia and industry have developed appropriate measures for enhancing the security surface of the SG paradigm using, for example, integrating efficient, lightweight encryption and authorization mechanisms. Nevertheless, these mechanisms may not prevent various security threats, such as denial of service (DoS) attacks that target on the availability of the underlying systems. An efficient countermeasure against several cyberattacks is the intrusion detection and prevention system (IDPS). In this paper, we examine the contribution of the IDPSs in the SG paradigm, providing an analysis of 37 cases. More detailed, these systems can be considered as a secondary defense mechanism, which enhances the cryptographic processes, by timely detecting or/and preventing potential security violations. For instance, if a cyberattack bypasses the essential encryption and authorization mechanisms, then the IDPS systems can act as a secondary protection service, informing the system operator for the presence of the specific attack or enabling appropriate preventive countermeasures. The cases we study focused on the advanced metering infrastructure (AMI), supervisory control and data acquisition (SCADA) systems, substations, and synchrophasors. Based on our comparative analysis, the limitations and the shortcomings of the current IDPS systems are identified, whereas appropriate recommendations are provided for future research efforts. © 2013 IEEE.},
keywords = {Advanced Metering Infrastructure, cyberattacks, intrusion detection system, Intrusion prevention system, SCADA, security, Smart Grid, substation, Synchrophasor},
pubstate = {published},
tppubtype = {article}
}
A. Triantafyllou; P. Sarigiannidis; A. Sarigiannidis; E. Rios; E. Iturbe
Towards An Anonymous Incident Communication Channel for Electric Smart Grids Journal Article
In: Azerbaijan Journal of High Performance Computing, vol. 2, no. 1, pp. 7-28, 2019.
Abstract | BibTeX | Tags: Anonymity, Anonymous repository of incidents, Group signature, Smart Grid | Links:
@article{Triantafyllou201834b,
title = {Towards An Anonymous Incident Communication Channel for Electric Smart Grids},
author = { A. Triantafyllou and P. Sarigiannidis and A. Sarigiannidis and E. Rios and E. Iturbe},
url = {https://www.researchgate.net/publication/334498387_TOWARDS_AN_ANONYMOUS_INCIDENT_COMMUNICATION_CHANNEL_FOR_ELECTRIC_SMART_GRIDS},
doi = {10.1145/3291533.3291559},
year = {2019},
date = {2019-01-01},
journal = {Azerbaijan Journal of High Performance Computing},
volume = {2},
number = {1},
pages = {7-28},
abstract = {The Electric Smart Grid (ESG) is an intelligent critical infrastructure aiming to create an automated and distributed advanced energy delivery network, while preserving information privacy. This study proposes the implementation of an Anonymous Incident Communication Channel (AICC) amongst smart grids across Europe to improve situational awareness and enhance security of the new electric intelligent infrastructures. All participating organizations will have the ability to broadcast sensitive information, stored anonymously in a repository, without exposing the reputation of the organisation. This work focuses on the requirements of establishment, the possible obstacles and proposed data protection techniques to be applied in the AICC. Furthermore, a discussion is conducted regarding the documentation of cyber-incidents. Last but not least, the benefits and the potential risks of this AICC concept are also provided. © 2018 Association for Computing Machinery.},
keywords = {Anonymity, Anonymous repository of incidents, Group signature, Smart Grid},
pubstate = {published},
tppubtype = {article}
}
2018
P. I. Radoglou-Grammatikis; P. G. Sarigiannidis
An Anomaly-Based Intrusion Detection System for the Smart Grid Based on CART Decision Tree Conference
2018 Global Information Infrastructure and Networking Symposium (GIIS), IEEE, 2018.
Abstract | BibTeX | Tags: Advanced Metering Infrastructure, intrusion detection system, security, Smart Grid | Links:
@conference{Radoglou-Grammatikis2019b,
title = {An Anomaly-Based Intrusion Detection System for the Smart Grid Based on CART Decision Tree},
author = { P. I. Radoglou-Grammatikis and P. G. Sarigiannidis},
url = {An Anomaly-Based Intrusion Detection System for the Smart Grid Based on CART Decision Tree},
doi = {10.1109/GIIS.2018.8635743},
year = {2018},
date = {2018-10-01},
booktitle = {2018 Global Information Infrastructure and Networking Symposium (GIIS)},
journal = {2018 Global Information Infrastructure and Networking Symposium, GIIS 2018},
publisher = {IEEE},
abstract = {The Smart Grid (SG) paradigm constitutes the new technological evolution of the traditional electrical grid, providing remote monitoring and controlling capabilities among all its operations through computing services. These new capabilities offer a lot of benefits, such as better energy management, increased reliability and security, as well as more economical pricing. However, despite these advantages, it introduces significant security challenges, as the computing systems and the corresponding communications are characterized by several cybersecurity threats. An efficient solution against cyberattacks is the Intrusion Detection Systems (IDS). These systems usually operate as a second line of defence and have the ability to detect or even prevent cyberattacks in near real-Time. In this paper, we present a new IDS for the Advanced Metering Infrastructure (AMI) utilizing machine learning capabilities based on a decision tree. Decision trees have been used for multiple classification problems like the distinguishment between the normal and malicious activities. The experimental evaluation demonstrates the efficiency of the proposed IDS, as the Accuracy and the True Positive Rate of our IDS reach 0.996 and 0.993 respectively. © 2018 IEEE.},
keywords = {Advanced Metering Infrastructure, intrusion detection system, security, Smart Grid},
pubstate = {published},
tppubtype = {conference}
}
Address
Internet of Things and Applications Lab
Department of Electrical and Computer Engineering
University of Western Macedonia Campus
ZEP Area, Kozani 50100
Greece
Contact Information
tel: +30 2461 056527
Email: ithaca@uowm.gr