Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
129 tokens/sec
GPT-4o
28 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

An Approach to Abstract Multi-stage Cyberattack Data Generation for ML-Based IDS in Smart Grids (2312.13737v1)

Published 21 Dec 2023 in cs.CR, cs.SY, and eess.SY

Abstract: Power grids are becoming more digitized, resulting in new opportunities for the grid operation but also new challenges, such as new threats from the cyber-domain. To address these challenges, cybersecurity solutions are being considered in the form of preventive, detective, and reactive measures. Machine learning-based intrusion detection systems are used as part of detection efforts to detect and defend against cyberattacks. However, training and testing data for these systems are often not available or suitable for use in machine learning models for detecting multi-stage cyberattacks in smart grids. In this paper, we propose a method to generate synthetic data using a graph-based approach for training machine learning models in smart grids. We use an abstract form of multi-stage cyberattacks defined via graph formulations and simulate the propagation behavior of attacks in the network. Within the selected scenarios, we observed promising results, but a larger number of scenarios need to be studied to draw a more informed conclusion about the suitability of synthesized data.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (36)
  1. Z. Vale et al., “Distributed energy resources management with cyber-physical scada in the context of future smart grids,” in IEEE Mediterranean Electrotechnical Conference, 2010.
  2. M. R. Hossain et al., “Smart grid,” in Smart Grids, 2013.
  3. D. van der Velde et al., “Methods for Actors in the Electric Power System to Prevent, Detect and React to ICT Attacks and Failures,” in IEEE ENERGYCon, 2020.
  4. Y. Yan et al., “A survey on cyber security for smart grid communications,” IEEE communications surveys & tutorials, 2012.
  5. C.-M. Mathas et al., “Threat landscape for smart grid systems,” in ARES, 2020.
  6. A. I. Kawoosa et al., “A review of cyber securities in smart grid technology,” in ICCAKM.   IEEE, 2021.
  7. S. Sridhar et al., “Cyber–physical system security for the electric power grid,” Proceedings of the IEEE, 2011.
  8. T. Krause et al., “Cybersecurity in Power Grids: Challenges and Opportunities,” Sensors, 2021.
  9. K. Demertzis et al., “The next generation cognitive security operations center: network flow forensics using cybersecurity intelligence,” Big Data and Cognitive Computing, 2018.
  10. A. J. Burstein, “Toward a culture of cybersecurity research,” UC Berkeley Public Law Research Paper, 2008.
  11. B. B. Zarpelão et al., “How machine learning can support cyberattack detection in smart grids,” in Artificial Intelligence Techniques for a Scalable Energy Transition, 2020.
  12. A. Ashok et al., “Powercyber: A remotely accessible testbed for cyber physical security of the smart grid,” in IEEE ISGT, 2016.
  13. M. J. Assante et al., “The industrial control system cyber kill chain,” SANS Institute, 2015.
  14. K. Es-Salhi, “Segmentation and segregation mechanisms and models to secure the integration of industrial control systems (ics) with corporate system,” Ph.D. dissertation, 2019.
  15. M. Baptiste et al., “Systematic and efficient anomaly detection framework using machine learning on public ics datasets,” in IEEE CSR, 2021.
  16. Á. L. Perales Gómez et al., “Madics: A methodology for anomaly detection in industrial control systems,” Symmetry, 2020.
  17. K. Wolsing et al., “IPAL: Breaking up Silos of Protocol-dependent and Domain-specific Industrial Intrusion Detection Systems,” in RAID, 2022.
  18. Ö. Sen et al., “On Using Contextual Correlation to Detect Multi-stage Cyber Attacks in Smart Grids,” Sustainable Energy, Grids and Networks, vol. 32, 12 2022.
  19. D. Kus et al., “A False Sense of Security? Revisiting the State of Machine Learning-Based Industrial Intrusion Detection,” in CPSS, 2022.
  20. A. Ju et al., “Mckc: a modified cyber kill chain model for cognitive apts analysis within enterprise multimedia network,” Multimedia Tools and Applications, 2020.
  21. T. Yadav et al., “Technical aspects of cyber kill chain,” in International symposium on security in computing and communication, 2015.
  22. O. Alexander et al., “Mitre att&ck for industrial control systems: Design and philosophy,” The MITRE Corporation, 2020.
  23. W. Xiong et al., “Cyber security threat modeling based on the mitre enterprise att&ck matrix,” Software and Systems Modeling, 2022.
  24. S. Choi et al., “A comparison of ics datasets for security research based on attack paths,” in International Conference on Critical Information Infrastructures Security.   Springer, 2019.
  25. S. Choi et al., “Probabilistic attack sequence generation and execution based on mitre att&ck for ics datasets,” in Cyber Security Experimentation and Test Workshop, 2021.
  26. I. Sharafaldin et al., “Toward generating a new intrusion detection dataset and intrusion traffic characterization.” ICISSp, 2018.
  27. C. G. Cordero et al., “On generating network traffic datasets with synthetic attacks for intrusion detection,” ACM TOPS, 2021.
  28. S. K. Pandey et al., “Gan-based data generation approach for ids: Evaluation on decision tree,” in AISC: V14, 2021.
  29. H. Gwon et al., “Network intrusion detection based on lstm and feature embedding,” arXiv:1911.11552, 2019.
  30. N. Oliveira et al., “Intelligent cyber attack detection and classification for network-based intrusion detection systems,” Applied Sciences, 2021.
  31. M. Bristow, “A sans 2021 survey: Ot/ics cybersecurity,” eng. In, 2021.
  32. M. A. Bamboat et al., “Performance of rdf library of java, c# and python on large rdf models.”
  33. J. E. Labra Gayo et al., “Rdfshape: An rdf playground based on shapes,” in Proceedings of ISWC, 2018.
  34. K. Stouffer et al., “Guide to industrial control systems (ics) security,” NIST, 2011.
  35. David Szili, “pcap of wannacry spreading using etnernalblue,” 2017. [Online]. Available: https://www.malware-traffic-analysis.net/2017/05/18/index2.html
  36. Proofpoint Inc, “Emerging threats rules,” 2022. [Online]. Available: https://rules.emergingthreats.net/
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now