An Intrusion and Defense Testbed in a Cyber-Power System Environment

Junho Hong; Shinn-Shyan Wu; Alexandru Stefanov; Ahmed Fshosha; Chen-Ching Liu; Pavel  Gladyshev; Manimaran Govindarasu

doi:10.1109/PES.2011.6039375

An Intrusion and Defense Testbed in a Cyber-Power System Environment

Junho Hong, Shinn-Shyan Wu, Alexandru Stefanov, Ahmed Fshosha, Chen-Ching Liu, Pavel Gladyshev, Manimaran Govindarasu

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

Abstract

The proposed testbed of the cyber‐power system consists of power system simulation, substation automation, and the SCADA system. Scenarios for substation cyber security intrusions and anomaly detection concepts have been proposed. An attack tree method can be used to identify vulnerable substations and intrusions through remote access points. Specific substation vulnerability scenarios have been tested. Temporal anomaly is determined by data and information acquired at different time points. This is a metric to determine the anomaly between two snapshots. In a distributed intrusion detection algorithm, distributed agents are trained with a large number of scenarios and intended for real‐time applications. In a distributed environment, if an anomaly is detected by one agent, it is able to distribute critical information to other agents in the network.

Original language	English
Title of host publication	IEEE Power and Energy Society General Meeting
Place of Publication	Detroit, USA
Publisher	IEEE
Pages	1-5
ISBN (Electronic)	978-1-4577-1001-8
ISBN (Print)	978-1-4577-1000-1
DOIs	https://doi.org/10.1109/PES.2011.6039375
Publication status	Published - Jul 2011
Externally published	Yes

Keywords

Computer Security
Cyber Security
SCADA
Power Grids
Power Systems

Access to Document

10.1109/PES.2011.6039375

Cite this

@inproceedings{90820a411fe94d68b3d55c667443e1a5,

title = "An Intrusion and Defense Testbed in a Cyber-Power System Environment",

abstract = "The proposed testbed of the cyber‐power system consists of power system simulation, substation automation, and the SCADA system. Scenarios for substation cyber security intrusions and anomaly detection concepts have been proposed. An attack tree method can be used to identify vulnerable substations and intrusions through remote access points. Specific substation vulnerability scenarios have been tested. Temporal anomaly is determined by data and information acquired at different time points. This is a metric to determine the anomaly between two snapshots. In a distributed intrusion detection algorithm, distributed agents are trained with a large number of scenarios and intended for real‐time applications. In a distributed environment, if an anomaly is detected by one agent, it is able to distribute critical information to other agents in the network.",

keywords = "Computer Security, Cyber Security, SCADA, Power Grids, Power Systems",

author = "Junho Hong and Shinn-Shyan Wu and Alexandru Stefanov and Ahmed Fshosha and Chen-Ching Liu and Pavel Gladyshev and Manimaran Govindarasu",

year = "2011",

month = jul,

doi = "10.1109/PES.2011.6039375",

language = "English",

isbn = "978-1-4577-1000-1",

pages = "1--5",

booktitle = "IEEE Power and Energy Society General Meeting",

publisher = "IEEE",

address = "United States",

}

TY - GEN

T1 - An Intrusion and Defense Testbed in a Cyber-Power System Environment

AU - Hong, Junho

AU - Wu, Shinn-Shyan

AU - Stefanov, Alexandru

AU - Fshosha, Ahmed

AU - Liu, Chen-Ching

AU - Gladyshev, Pavel

AU - Govindarasu, Manimaran

PY - 2011/7

Y1 - 2011/7

N2 - The proposed testbed of the cyber‐power system consists of power system simulation, substation automation, and the SCADA system. Scenarios for substation cyber security intrusions and anomaly detection concepts have been proposed. An attack tree method can be used to identify vulnerable substations and intrusions through remote access points. Specific substation vulnerability scenarios have been tested. Temporal anomaly is determined by data and information acquired at different time points. This is a metric to determine the anomaly between two snapshots. In a distributed intrusion detection algorithm, distributed agents are trained with a large number of scenarios and intended for real‐time applications. In a distributed environment, if an anomaly is detected by one agent, it is able to distribute critical information to other agents in the network.

AB - The proposed testbed of the cyber‐power system consists of power system simulation, substation automation, and the SCADA system. Scenarios for substation cyber security intrusions and anomaly detection concepts have been proposed. An attack tree method can be used to identify vulnerable substations and intrusions through remote access points. Specific substation vulnerability scenarios have been tested. Temporal anomaly is determined by data and information acquired at different time points. This is a metric to determine the anomaly between two snapshots. In a distributed intrusion detection algorithm, distributed agents are trained with a large number of scenarios and intended for real‐time applications. In a distributed environment, if an anomaly is detected by one agent, it is able to distribute critical information to other agents in the network.

KW - Computer Security

KW - Cyber Security

KW - SCADA

KW - Power Grids

KW - Power Systems

U2 - 10.1109/PES.2011.6039375

DO - 10.1109/PES.2011.6039375

M3 - Conference contribution

SN - 978-1-4577-1000-1

SP - 1

EP - 5

BT - IEEE Power and Energy Society General Meeting

PB - IEEE

CY - Detroit, USA

ER -

An Intrusion and Defense Testbed in a Cyber-Power System Environment

Abstract

Keywords

Access to Document

Fingerprint

Cite this