Publication Details

Accurate Automata-Based Detection of Cyber Threats in Smart Grid Communication

HAVLENA Vojtěch, MATOUŠEK Petr, RYŠAVÝ Ondřej and HOLÍK Lukáš. Accurate Automata-Based Detection of Cyber Threats in Smart Grid Communication. IEEE Transactions on Smart Grid, vol. 2023, no. 14, pp. 2352-2366. ISSN 1949-3053. Available from: https://ieeexplore.ieee.org/document/9927376
Czech title
Použití automatů pro přesnou detekci kybernetických hrozeb v komunikaci chytrých rozvodných sítí
Type
journal article
Language
english
Authors
Havlena Vojtěch, Ing., Ph.D. (DITS FIT BUT)
Matoušek Petr, doc. Ing., Ph.D., M.A. (DIFS FIT BUT)
Ryšavý Ondřej, doc. Ing., Ph.D. (DIFS FIT BUT)
Holík Lukáš, doc. Mgr., Ph.D. (DITS FIT BUT)
URL
Keywords

Smart grid, cyber security, anomaly detection, probabilistic automata, network flows, MITRE ATT&CK

Abstract

Several industry sectors, including critical infrastructure, have experienced severe cyber attacks against their Industrial Control  Systems (ICS) due to the malware that masqueraded itself as a legitimate ICS process and communicated with valid ICS messages. Such behavior is difficult to detect by standard techniques. Intrusion Detection Systems (IDS) usually filter illegitimate communication using pre-defined patterns while statistical-based Anomaly Detection Systems (ADS) mostly observe selected attributes of transmitted packets without deeper analysis of ICS messages.

We propose a new detection approach based on Deterministic Probabilistic Automata (DPAs) that capture the intended semantics of the ICS message exchange. The method models normal ICS message sequences using a set of DPAs representing expected traffic patterns. Then the detection system applies reasoning about the model to reveal a malicious activity in the ICS traffic expressed by unexpected ICS messages. In this paper, we significantly improve the performance of the automata-based detection method and reduce its false-positive rate. We also present a technique that produces additional details about detected anomalies, which is important for real-world deployment. The approach is demonstrated on IEC 104 or MMS communication from different ICS systems.

Published
2023
Pages
2352-2366
Journal
IEEE Transactions on Smart Grid, vol. 2023, no. 14, ISSN 1949-3053
Publisher
Institute of Electrical and Electronics Engineers
DOI
10.1109/TSG.2022.3216726
UT WoS
000976141300054
EID Scopus
2-s2.0-85141545608
BibTeX 
@ARTICLE{FITPUB12712,
   author = "Vojt\v{e}ch Havlena and Petr Matou\v{s}ek and Ond\v{r}ej Ry\v{s}av\'{y} and Luk\'{a}\v{s} Hol\'{i}k",
   title = "Accurate Automata-Based Detection of Cyber Threats in Smart Grid Communication",
   pages = "2352--2366",
   journal = "IEEE Transactions on Smart Grid",
   volume = 2023,
   number = 14,
   year = 2023,
   ISSN = "1949-3053",
   doi = "10.1109/TSG.2022.3216726",
   language = "english",
   url = "https://www.fit.vut.cz/research/publication/12712"
}
Files
Back to top