Title :
Alarm based anomaly detection of insider attacks in SCADA system
Author :
Nasr, Payam Mahmoudi ; Varjani, Ali Yazdian
Author_Institution :
Electron. & Comput. Eng. Dept., Tarbiat Modares Univ., Tehran, Iran
Abstract :
Insider attacks are one of the most dangerous threats on security of critical infrastructures. An insider attack occurs when an authorized operator misuse the permissions, and brings catastrophic damages by sending legitimate control commands. Therefore, insider attacks have great impact and higher success rate, and it is difficult to predict and protect against them. This paper, by study on the SCADA alarms, proposes a new alarm based statistical anomaly detection method to identify potential insider attacks at substations and total transmission system in power grid. To demonstrate the proposed method, two insider attack scenarios have been simulated at both substations level and transmission system. Experimental scenarios illustrate proposed method is effective, and anomalies can be detected by minimum number of alarms.
Keywords :
SCADA systems; computer network security; power system security; power transmission protection; statistical analysis; substation protection; SCADA system; alarm based statistical anomaly detection method; critical infrastructure security; potential insider attack identification; substations level; supervisory control-and-data acquisition systems; transmission system; Computers; Monitoring; Real-time systems; SCADA systems; Security; Servers; Substations; Insider attack; SCADA.; anomaly detection; security;
Conference_Titel :
Smart Grid Conference (SGC), 2014
Print_ISBN :
978-1-4799-8313-1
DOI :
10.1109/SGC.2014.7090881
