Abstract
Advanced false data injection attack in targeted malware intrusion is becoming an emerging severe threat to the Supervisory Control And Data Acquisition (SCADA) system. Several intrusion detection schemes have been proposed previously [1, 2]. However, designing an effective real-time detection system for a resource-constraint device is still an open problem for the research community. In this paper, we propose a new relation-graph-based detection scheme to defeat false data injection attacks at the SCADA system, even when injected data may seemly fall within a valid/normal range. To balance effectiveness and efficiency, we design a novel detection model, alternation vectors with state relation graph. Furthermore, we propose a new inference algorithm to infer the injection point(s), i.e., the attack origin, in the system. We evaluate SRID with a real-world power plant simulator. The experiment results show that SRID can detect various false data injection attacks with a low false positive rate at 0.0125%. Meanwhile, SRID can dramatically reduce the search space of attack origins and accurately locate most of attack origins.
Chapter PDF
Similar content being viewed by others
References
Parthasarathy, S., Kundur, D.: Bloom filter based intrusion detection for smart grid scada. In: Proc. of the 25th IEEE Canadian Conference on Electrical & Computer Engineering (CCECE 2012), pp. 1–6 (April 2012)
Amin, S., Litrico, X., Sastry, S., Bayen, A.: Cyber security of water scada systems (i) analysis and experimentation of stealthy deception attacks. IEEE Transactions on Control Systems Technology 21(5), 1963–1970 (2013)
Stuxnet, http://en.wikipedia.org/wiki/Stuxnet
Cardenas, A.A., Amin, S., Lin, Z.S., Huang, Y.L., Huang, C.Y., Sastry, S.: Attacks against process control systems: Risk assessment, detection, and response. In: Proc. of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2011 (March 2011)
Valenzuela, J., Wang, J., Bissinger, N.: Real-time intrusion detection in power system operations. IEEE Transactions on Power Systems 28(2), 1052–1062 (2013)
Stouffer, K., Falco, J., Scarfone, K.: Guide to industrial control systems (ics) security. In: NIST Special Publication (2013)
Sridhar, S., Hahn, A., Govindarasu, M.: Cyber physical system security for the electric power grid. IEEE Transactions on Power Systems 100(1), 210–224 (2012)
Scada vulnerabilities
Mitchell, R., Chen, I.: Behavior-rule based intrusion detection systems for safety critical smart grid applications. IEEE Transcations on Smart Grid 4(3), 1254–1263 (2013)
Berthier, R., Sanders, W., Khurana, H.: Intrusion detection for advanced metering infrastructures: Requirements and architectural directions. In: Proc. of First IEEE International Conference on Smart Grid Communications (SmartGridComm 2010), pp. 350–355 (October 2010)
Liu, Y., Ning, P., Reiter, M.K.: False data injection attacks against state estimation in electric power grids. ACM Transactions on Information and System Security 14(1), 21–32 (2011)
Rahman, M., AL-Shaer, E., Bera, P.: A noninvasive threat analyzer for advanced metering infrastructure in smart grid. IEEE Transcations on Smart Grid 4(1), 273–287 (2013)
Rahman, M., Bera, P., Al-Shaer, E.: Smartanalyzer: A noninvasive security threat analyzer for ami smart grid. In: Proc. of the 31st IEEE International Conference on Computer Communications (INFOCOM 2012), pp. 2255–2263 (March 2012)
Esmalifalak, M., Shi, G., Han, Z., Song, L.: Bad data injection attack and defense in electricity market using game theory study. IEEE Transactions on Smart Grid 4(1), 160–169 (2013)
Hagh, M., Mahaei, S., Zare, K.: Improving bad data detection in state estimation of power systems. International Journal of Electrical and Computer Engineering (IJECE 2011) 1(2), 85–92 (2011)
Ning, P., Jajodia, S.: Intrusion detection techniques (2003)
Xu, W., Wang, M., Tang, A.: On state estimation with bad data detection. In: Proceedings of 50th IEEE Conference on Decision and Control and European Control Conference (CDC-ECC 2011), pp. 5989–5994 (December 2011)
Reeves, J., Ramaswamy, A., Locasto, M., Bratus, S., Smith, S.: Intrusion detection for resource-constrained embedded control systems in the power grid. International Journal of Critical Infrastructure Protection 5(2), 74–83 (2012)
McDonald, M.J., Conrad, G.N., Service, T.C., Cassidy, R.H.: A retrofit network intrusion detection system for modbus rtu and ascii industrial control systems. In: Proc. of the 45th Hawaii International Conference on System Science (HICSS 2012), pp. 2338–2345 (January 2012)
Diaz, J.: Using snort for intrusion detection in modbus tcp/ip communications (2011)
Bi, S., Zhang, Y.: Defending mechanisms against false-data injection attacks in the power system state estimation. In: Proc. of the 2011 IEEE International Workshop on Smart Grid Communications and Networks (GC Wkshps 2011), pp. 1162–1167 (December 2011)
Xie, L., Mo, Y., Sinopoli, B.: False data injection attacks in electricity markets. In: Smart Grid Communications, pp. 226–231 (October 2010)
Feng, Y., Foglietta, C., Baiocco, A., Panzieri, S., Wolthusen, S.D.: Malicious false data injection in hierarchical electric power grid state estimation systems. In: Proc. of the 4th International Conference on Future Energy Systems (e-Energy 2013), pp. 183–192 (May 2013)
Tan, R., Krishna, V.B., Yau, D.K., Kalbarczyk, Z.: Impact of integrity attacks on real-time pricing in smart grids. In: Proc. of the 2013 ACM SIGSAC Conference on Computer & Communications Security (CCS 2013), pp. 439–450 (November 2013)
Pajic, S.: Power System State Estimation and Contingency Constrained Optimal Power Flow-A Numerically Robust Implementation. PhD thesis, Worcester Polytechnic Institute (2007)
Lin, J., Yu, W., Yang, X., Xu, G., Zhao, W.: On false data injection attacks against distributed energy routing in smart grid. In: 2012 IEEE/ACM Third International Conference on Cyber-Physical Systems (ICCPS 2012), pp. 183–192 (April 2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Wang, Y., Xu, Z., Zhang, J., Xu, L., Wang, H., Gu, G. (2014). SRID: State Relation Based Intrusion Detection for False Data Injection Attacks in SCADA. In: Kutyłowski, M., Vaidya, J. (eds) Computer Security - ESORICS 2014. ESORICS 2014. Lecture Notes in Computer Science, vol 8713. Springer, Cham. https://doi.org/10.1007/978-3-319-11212-1_23
Download citation
DOI: https://doi.org/10.1007/978-3-319-11212-1_23
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-11211-4
Online ISBN: 978-3-319-11212-1
eBook Packages: Computer ScienceComputer Science (R0)