SRID: State Relation Based Intrusion Detection for False Data Injection Attacks in SCADA

  • Yong Wang
  • Zhaoyan Xu
  • Jialong Zhang
  • Lei Xu
  • Haopei Wang
  • Guofei Gu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8713)


Advanced false data injection attack in targeted malware intrusion is becoming an emerging severe threat to the Supervisory Control And Data Acquisition (SCADA) system. Several intrusion detection schemes have been proposed previously [1, 2]. However, designing an effective real-time detection system for a resource-constraint device is still an open problem for the research community. In this paper, we propose a new relation-graph-based detection scheme to defeat false data injection attacks at the SCADA system, even when injected data may seemly fall within a valid/normal range. To balance effectiveness and efficiency, we design a novel detection model, alternation vectors with state relation graph. Furthermore, we propose a new inference algorithm to infer the injection point(s), i.e., the attack origin, in the system. We evaluate SRID with a real-world power plant simulator. The experiment results show that SRID can detect various false data injection attacks with a low false positive rate at 0.0125%. Meanwhile, SRID can dramatically reduce the search space of attack origins and accurately locate most of attack origins.


Intrusion Detection System Cyber Security in SCADA False Data Injection Attack 


  1. 1.
    Parthasarathy, S., Kundur, D.: Bloom filter based intrusion detection for smart grid scada. In: Proc. of the 25th IEEE Canadian Conference on Electrical & Computer Engineering (CCECE 2012), pp. 1–6 (April 2012)Google Scholar
  2. 2.
    Amin, S., Litrico, X., Sastry, S., Bayen, A.: Cyber security of water scada systems (i) analysis and experimentation of stealthy deception attacks. IEEE Transactions on Control Systems Technology 21(5), 1963–1970 (2013)CrossRefGoogle Scholar
  3. 3.
  4. 4.
    Cardenas, A.A., Amin, S., Lin, Z.S., Huang, Y.L., Huang, C.Y., Sastry, S.: Attacks against process control systems: Risk assessment, detection, and response. In: Proc. of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2011 (March 2011)Google Scholar
  5. 5.
    Valenzuela, J., Wang, J., Bissinger, N.: Real-time intrusion detection in power system operations. IEEE Transactions on Power Systems 28(2), 1052–1062 (2013)CrossRefGoogle Scholar
  6. 6.
    Stouffer, K., Falco, J., Scarfone, K.: Guide to industrial control systems (ics) security. In: NIST Special Publication (2013)Google Scholar
  7. 7.
    Sridhar, S., Hahn, A., Govindarasu, M.: Cyber physical system security for the electric power grid. IEEE Transactions on Power Systems 100(1), 210–224 (2012)Google Scholar
  8. 8.
    Scada vulnerabilitiesGoogle Scholar
  9. 9.
    Mitchell, R., Chen, I.: Behavior-rule based intrusion detection systems for safety critical smart grid applications. IEEE Transcations on Smart Grid 4(3), 1254–1263 (2013)CrossRefGoogle Scholar
  10. 10.
    Berthier, R., Sanders, W., Khurana, H.: Intrusion detection for advanced metering infrastructures: Requirements and architectural directions. In: Proc. of First IEEE International Conference on Smart Grid Communications (SmartGridComm 2010), pp. 350–355 (October 2010)Google Scholar
  11. 11.
    Liu, Y., Ning, P., Reiter, M.K.: False data injection attacks against state estimation in electric power grids. ACM Transactions on Information and System Security 14(1), 21–32 (2011)CrossRefGoogle Scholar
  12. 12.
    Rahman, M., AL-Shaer, E., Bera, P.: A noninvasive threat analyzer for advanced metering infrastructure in smart grid. IEEE Transcations on Smart Grid 4(1), 273–287 (2013)CrossRefGoogle Scholar
  13. 13.
    Rahman, M., Bera, P., Al-Shaer, E.: Smartanalyzer: A noninvasive security threat analyzer for ami smart grid. In: Proc. of the 31st IEEE International Conference on Computer Communications (INFOCOM 2012), pp. 2255–2263 (March 2012)Google Scholar
  14. 14.
    Esmalifalak, M., Shi, G., Han, Z., Song, L.: Bad data injection attack and defense in electricity market using game theory study. IEEE Transactions on Smart Grid 4(1), 160–169 (2013)CrossRefGoogle Scholar
  15. 15.
    Hagh, M., Mahaei, S., Zare, K.: Improving bad data detection in state estimation of power systems. International Journal of Electrical and Computer Engineering (IJECE 2011) 1(2), 85–92 (2011)Google Scholar
  16. 16.
    Ning, P., Jajodia, S.: Intrusion detection techniques (2003)Google Scholar
  17. 17.
    Xu, W., Wang, M., Tang, A.: On state estimation with bad data detection. In: Proceedings of 50th IEEE Conference on Decision and Control and European Control Conference (CDC-ECC 2011), pp. 5989–5994 (December 2011)Google Scholar
  18. 18.
    Reeves, J., Ramaswamy, A., Locasto, M., Bratus, S., Smith, S.: Intrusion detection for resource-constrained embedded control systems in the power grid. International Journal of Critical Infrastructure Protection 5(2), 74–83 (2012)CrossRefGoogle Scholar
  19. 19.
    McDonald, M.J., Conrad, G.N., Service, T.C., Cassidy, R.H.: A retrofit network intrusion detection system for modbus rtu and ascii industrial control systems. In: Proc. of the 45th Hawaii International Conference on System Science (HICSS 2012), pp. 2338–2345 (January 2012)Google Scholar
  20. 20.
    Diaz, J.: Using snort for intrusion detection in modbus tcp/ip communications (2011)Google Scholar
  21. 21.
    Bi, S., Zhang, Y.: Defending mechanisms against false-data injection attacks in the power system state estimation. In: Proc. of the 2011 IEEE International Workshop on Smart Grid Communications and Networks (GC Wkshps 2011), pp. 1162–1167 (December 2011)Google Scholar
  22. 22.
    Xie, L., Mo, Y., Sinopoli, B.: False data injection attacks in electricity markets. In: Smart Grid Communications, pp. 226–231 (October 2010)Google Scholar
  23. 23.
    Feng, Y., Foglietta, C., Baiocco, A., Panzieri, S., Wolthusen, S.D.: Malicious false data injection in hierarchical electric power grid state estimation systems. In: Proc. of the 4th International Conference on Future Energy Systems (e-Energy 2013), pp. 183–192 (May 2013)Google Scholar
  24. 24.
    Tan, R., Krishna, V.B., Yau, D.K., Kalbarczyk, Z.: Impact of integrity attacks on real-time pricing in smart grids. In: Proc. of the 2013 ACM SIGSAC Conference on Computer & Communications Security (CCS 2013), pp. 439–450 (November 2013)Google Scholar
  25. 25.
    Pajic, S.: Power System State Estimation and Contingency Constrained Optimal Power Flow-A Numerically Robust Implementation. PhD thesis, Worcester Polytechnic Institute (2007)Google Scholar
  26. 26.
    Lin, J., Yu, W., Yang, X., Xu, G., Zhao, W.: On false data injection attacks against distributed energy routing in smart grid. In: 2012 IEEE/ACM Third International Conference on Cyber-Physical Systems (ICCPS 2012), pp. 183–192 (April 2012)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Yong Wang
    • 1
    • 2
  • Zhaoyan Xu
    • 1
  • Jialong Zhang
    • 1
  • Lei Xu
    • 1
  • Haopei Wang
    • 1
  • Guofei Gu
    • 1
  1. 1.SUCCESS LabTexas A&M UniversityCollege StationUSA
  2. 2.Department of Information SecurityShanghai University of Electric PowerShanghaiChina

Personalised recommendations