Alarm based anomaly detection of insider attacks in SCADA system

Author

Nasr, Payam Mahmoudi ; Varjani, Ali Yazdian

Author_Institution

Electron. & Comput. Eng. Dept., Tarbiat Modares Univ., Tehran, Iran

fYear

2014

Firstpage

1

Lastpage

6

Abstract

Insider attacks are one of the most dangerous threats on security of critical infrastructures. An insider attack occurs when an authorized operator misuse the permissions, and brings catastrophic damages by sending legitimate control commands. Therefore, insider attacks have great impact and higher success rate, and it is difficult to predict and protect against them. This paper, by study on the SCADA alarms, proposes a new alarm based statistical anomaly detection method to identify potential insider attacks at substations and total transmission system in power grid. To demonstrate the proposed method, two insider attack scenarios have been simulated at both substations level and transmission system. Experimental scenarios illustrate proposed method is effective, and anomalies can be detected by minimum number of alarms.

Keywords

SCADA systems; computer network security; power system security; power transmission protection; statistical analysis; substation protection; SCADA system; alarm based statistical anomaly detection method; critical infrastructure security; potential insider attack identification; substations level; supervisory control-and-data acquisition systems; transmission system; Computers; Monitoring; Real-time systems; SCADA systems; Security; Servers; Substations; Insider attack; SCADA.; anomaly detection; security;

fLanguage

English

Publisher

ieee

Conference_Titel

Smart Grid Conference (SGC), 2014

Print_ISBN

978-1-4799-8313-1

Type

conf

DOI

10.1109/SGC.2014.7090881

Filename

7090881