distributed agent based intrusion detection for the smart
play

Distributed Agent-Based Intrusion Detection for the Smart Grid - PowerPoint PPT Presentation

Mar 01, 2024 •456 likes •650 views

Distributed Agent-Based Intrusion Detection for the Smart Grid Presenter: Esther M. Amullen January 19, 2018 Introduction The smart-grid can be viewed as a Large-Scale Networked Control System (LSNCS). LSNCS components such as controllers,

  1. Distributed Agent-Based Intrusion Detection for the Smart Grid Presenter: Esther M. Amullen January 19, 2018

  2. Introduction The smart-grid can be viewed as a Large-Scale Networked Control System (LSNCS). LSNCS components such as controllers, plants, sensors and actuators are connected through communication links. Typically the computational and physical infrastructure operate side by side in a highly integrated manner. The next generation power system is envisioned to integrate advanced control,communication and computational technology improving resilience, reliability and e ffi ciency. Distributed Agent-Based Intrusion Detection for the Smart Grid

  3. Motivation Control of LSNCS is mostly centralized. Challenges associated with centralized management: Computational burden Reliance on telemetered data Sensitivity to failure and modeling errors Dynamic topology, configuration not always known Distributed operations, monitoring and control architectures solve some problems associated with centralized management. Computational advancements support such distributed algorithms. Multi-agent systems and robust control algorithms such as consensus are some desirable distributed paradigms. Consensus algorithms are robust and scalable Agents are autonomous,reactive, sociable and proactive. Facilitate distributed intrusion detection and mitigation in a time-bound and computationally e ffi cient manner. Distributed Agent-Based Intrusion Detection for the Smart Grid

  4. Our approach Study the impact of cyber attacks on the power grid control system False data injection attacks (FDIA) Adapt well studied control systems algorithms to address cyber related problems. Multi-agent systems State Estimation algorithms Consensus algorithms We propose a multi-agent system comprising multiple interacting autonomous agents that can: Breakdown a complex power system into smaller logical partitions Poll RTUs and IEDs for measurement data Process data in parallel Exchange data and state information in a time-bound fashion. RTU and IED data collected can be used by agents for state estimation, intrusion detection and resilient control. Consensus algorithms can be used by agents to rapidly and interactively share information to coordinate results. Distributed Agent-Based Intrusion Detection for the Smart Grid

  5. Overview-False data injection attacks False data injection attacks a ff ect: Control commands originating from the control center. Measurement data sent to the control center from remote field devices. Attacks on control commands alter the topology of the power grid. Attacks on measurement data a ff ect state estimation Distributed Agent-Based Intrusion Detection for the Smart Grid

  6. Attack Model Adversaries can gain access to control tra ffi c by penetrating the control center’s local area network (LAN). Within the substations, IEDs can be penetrated by attackers. We assume that the only data that can be trusted is data obtained directly from sensors and actuators within substations. Distributed Agent-Based Intrusion Detection for the Smart Grid

  7. Proposed approach-Distributed agent-based framework Deploying software-based agents at substations. We assume there’s some form communication among adjacent substations (Specified under the IEEE substation automation standards). Agents leverage this communication infrastructure to interact with adjacent agents and substation IEDs. Distributed Agent-Based Intrusion Detection for the Smart Grid

  8. Software agent architecture Inputs: Data from the RTU and PMUs Data from other agents Outputs: State Estimates Measurements Intrusion Detection results Algorithm suite (Knowledge base) Attack detection State estimation Consensus Distributed Agent-Based Intrusion Detection for the Smart Grid

  9. Using MAS to detect FDIA FDIA against state estimation Consider a power network with n substations and n agents each deployed at a substation. For substation i , the corresponding agent determines the measurement vector z i and corresponding state x i from z i = H i x i + e (1) For an FDIA vector a , to evade detection the attack must satisfy the condition (2) a i = H i c i The attack is detected if for any agent i the conditon (2) is not satisfied The condition is not satisfied if a i ∈ image ( H i ). For a subsystem created around a substation, H i is su ffi ciently small. Distributed Agent-Based Intrusion Detection for the Smart Grid

  10. Using MAS to detect FDIA FDIA against control commands Let x i be the correct state estimate and z i be the vector of measurements for subsystem i . x i = ( H T i R i H i ) − 1 H T i R i z i (3) For a command with semantics s i , agents can simulate the impact of s i by computing x i = ( H T i R i H i ) − 1 H T ˆ i R i ( z i + s i ) (4) The resulting power flows can then be simulated by computing z si = H i ˆ x i (5) Distributed Agent-Based Intrusion Detection for the Smart Grid

  11. Consensus algorithm to coordinated detection results Information Sharing The Consenus problem Agent i uses state information from its neighbors to update its Agents converge to desired state according to the law state values using local information and that from n neighboring agents � ψ i ( k + 1) = − a ij ( ψ i ( k ) − ψ j ( k )) Let the undirected graph j = 1 G = ( V , E ) represent the (6) multi-agent system where the The information at each agent nodes V = (1 , 2 , . . . , n ) asymptotically converges to represent agents and edges E ⊂ V × V = ( V , E ) n ψ i : = lim k →∞ ( k ) = 1 � represent communication ψ i (0) n links between agents j = 1 (7) Distributed Agent-Based Intrusion Detection for the Smart Grid

  12. Detection Algorithm Algorithm 1 Distributed FDIA detection at agent Require: Sampling time k , Subsystem i , where i = { 1 , . . . , n } , 1: Initialize k = 0, z i (0), x i (0), ψ i (0) Ensure: z i (0), x i (0), ψ i (0), ψ j (0) , A i , H i , τ i 2: for Each iteration k ≥ 0 do ψ i ( k + 1) = ψ i ( k ) + � n j = 1 a ij ( ψ j ( k ) − ψ i ( k )) 3: z i ( k + 1) ← f ( ψ i ( k + 1) , z i ( k )) 4: x i ( k + 1) = ( H T i R i H i ) − 1 H T ˆ i R i ( z i ( k + 1)) 5: z si ( k + 1) = H i ˆ x i 6: for z si ( k + 1) � τ i do 7: Generate alert 8: end for 9: repeat for k = k + 1 10: 11: end for Distributed Agent-Based Intrusion Detection for the Smart Grid

  13. Experimental evaluation 100 Attacks against measurement data 90 80 9-buses MATPOWER is used to 14-buses 30-buses 70 simulated power flow for the 60 50 IEEE 9, IEEE 14 and IEEE 30 40 bus systems. 30 20 Attack scenario: 1000 random 10 attack vectors are simulated 5 10 15 20 25 30 Each agent performs a distributed 100 9-buses state estimation with a tighter 90 14-buses 30-buses 80 bound on the threshold of bad 70 data 60 50 For the attack cases simulated, 40 probability for a succesfull FDIA 30 20 against state estimation was 10 ≤ 0 . 01 5 10 15 20 25 30 Distributed Agent-Based Intrusion Detection for the Smart Grid

  14. Experimental evaluation on detecting FDIA against commands Using the IEEE 118 and IEEE 38 power systems simulated using MATPOWER Agents continuously run state estimation and consensus to update neighbors. To demonstrate how agents detect malicious commands, we simulate commands that disconnect transmission lines and vary loads and generation 1000 random attacks 1000 targeted attacks The agent based architecture successfully detects random and targeted attacks with a success rate of over 96% Distributed Agent-Based Intrusion Detection for the Smart Grid

  15. Experimental evaluation on detecting FDIA against commands Targeted attacks Random attacks 100 100 90 90 118-buses 80 80 118-buses 39-buses 39-buses MAS 39-buses MAS 39-buses 70 70 MAS 118-buses MAS 118-buses 60 60 50 50 40 40 30 30 20 20 10 10 0 0 3 4 5 6 7 8 9 10 3 4 5 6 7 8 9 10 Distributed Agent-Based Intrusion Detection for the Smart Grid

  16. Experimental Evaluation on consensus algorithm The consensus algorithm described in (6) enables agents rapidly communicate their results to adjacent neighbors 39-bus 118-bus 1200 120 100 1000 80 800 60 600 40 20 400 0 200 -20 0 -40 -200 -60 0 50 100 150 200 0 50 100 150 200 Time = n i (3 n b ) | ψ i | Time = n i (3 n b ) | ψ i | = 0 . 001498 = 0 . 0101952 n t n t (8) (9) Distributed Agent-Based Intrusion Detection for the Smart Grid

  17. Conclusion Recap Introduced a distributed false data injection attack framework based on multi-agent systems. Demonstrated how agents use a limited amount of information to detect attacks and coordinate detection results by a consensus-based rapid information exchange algorithm. Future Work Evaluate the MAS systems in a realistic power grid environment Distributed Agent-Based Intrusion Detection for the Smart Grid

  18. Thank you!! Questions?? Distributed Agent-Based Intrusion Detection for the Smart Grid

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Intrusion Detection Distributed Host-Based Network-Based ITS335: IT Security Honeypots

Intrusion Detection Distributed Host-Based Network-Based ITS335: IT Security Honeypots

ITS335 Intrusion Detection Intruders Intrusion Detection Host-Based Intrusion Detection Distributed Host-Based Network-Based ITS335: IT Security Honeypots Summary Sirindhorn International Institute of Technology Thammasat University

584 views • 30 slides
Anomaly Based Intrusion Detection in Distributed Applications without global clock Eric Totel,

Anomaly Based Intrusion Detection in Distributed Applications without global clock Eric Totel,

Anomaly Based Intrusion Detection in Distributed Applications without global clock Eric Totel, Mouna Hkimi, Michel Hurfin, Mourad Leslous, Yvan Labiche SEC2-2016 5 July 2016 Outline of the Presentation Position of the problem Building

374 views • 26 slides
Signature Based Intrusion Detection Systems Philip Chan CS 598 MCC Spring 2013 Intrusion

Signature Based Intrusion Detection Systems Philip Chan CS 598 MCC Spring 2013 Intrusion

Signature Based Intrusion Detection Systems Philip Chan CS 598 MCC Spring 2013 Intrusion Detection Systems Detect malicious Raise alarms activities/attacks Alert administrators Hacking/ unauthorized access Trigger defense

217 views • 21 slides
Building a provenance-based intrusion detection system Thomas Pasquier, University of Bristol

Building a provenance-based intrusion detection system Thomas Pasquier, University of Bristol

Building a provenance-based intrusion detection system Thomas Pasquier, University of Bristol Toshiba, 26/11/2020 1 Talk loosely based on following publications Han et al. UNICORN: Revisiting Host-Based Intrusion Detection in the Age of

783 views • 55 slides
Kargus: A Highly scalable Software based Intrusion Detection System M. Asim Jamshed * ,

Kargus: A Highly scalable Software based Intrusion Detection System M. Asim Jamshed * ,

Kargus: A Highly scalable Software based Intrusion Detection System M. Asim Jamshed * , Jihyung Lee , Sangwoo Moon , InsuYun * , Deokjin Kim , Sungryoul Lee , Yung Yi , KyoungSoo Park * * Networked & Distributed

776 views • 41 slides
Styles of Intrusion Detection Misuse intrusion detection Try to detect things known to be

Styles of Intrusion Detection Misuse intrusion detection Try to detect things known to be

Styles of Intrusion Detection Misuse intrusion detection Try to detect things known to be bad Anomaly intrusion detection Try to detect deviations from normal behavior Specification intrusion detection Try to detect

627 views • 15 slides
A Framework for Distributed Intrusion Detection using Interest-Driven Cooperating Agents Rajeev

A Framework for Distributed Intrusion Detection using Interest-Driven Cooperating Agents Rajeev

A Framework for Distributed Intrusion Detection using Interest-Driven Cooperating Agents Rajeev Gopalakrishna and Eugene H. Spafford Distributed IDS a system where the analysis of the data is performed on a number of locations

387 views • 17 slides
Constrained approximate search in misuse-based intrusion detection Ambika Shrestha Chitrakar

Constrained approximate search in misuse-based intrusion detection Ambika Shrestha Chitrakar

Constrained approximate search in misuse-based intrusion detection Ambika Shrestha Chitrakar Supervisor: Prof. Slobodan Petrovic FINSE 10th of may 2017 Contents Introduction Snort: a misuse-based intrusion detection Problem

247 views • 14 slides
Intrusion Detection Principles Basics Models of Intrusion Detection

Intrusion Detection Principles Basics Models of Intrusion Detection

Intrusion Detection Principles Basics Models of Intrusion Detection Architecture of an IDS Architecture of an IDS Organization Incident Response Slide #22-1 FEARLESS engineering Principles of Intrusion Detection

744 views • 40 slides
Chapter 25: Intrusion Detection Principles Basics Models of Intrusion Detection

Chapter 25: Intrusion Detection Principles Basics Models of Intrusion Detection

Chapter 25: Intrusion Detection Principles Basics Models of Intrusion Detection Architecture of an IDS Organization Incident Response June 2, 2005 ECS 235, Computer and Information Slide #1 Security Principles of

1.38k views • 104 slides
PANACEA: AUTOMATING ATTACK CLASSIFICATION FOR ANOMALY-BASED NETWORK INTRUSION DETECTION SYSTEMS

PANACEA: AUTOMATING ATTACK CLASSIFICATION FOR ANOMALY-BASED NETWORK INTRUSION DETECTION SYSTEMS

PANACEA: AUTOMATING ATTACK CLASSIFICATION FOR ANOMALY-BASED NETWORK INTRUSION DETECTION SYSTEMS DAMIANO BOLZONI, SANDRO ETALLE AND PIETER HARTEL DISTRIBUTED AND EMBEDDED SECURITY GROUP TWENTE SECURITY LAB 10+ YEARS OF RESEARCH OVER ANOMALY

160 views • 14 slides
Signal Processing General Introduction Based Intrusion Detection Using Several drawbacks to

Signal Processing General Introduction Based Intrusion Detection Using Several drawbacks to

Signal Processing General Introduction Based Intrusion Detection Using Several drawbacks to signature-based PCA detection Human intervention By Jeff Terrell Not adaptive; can't learn For COMP 290 - IDS - Spring 2005 Can be

360 views • 7 slides
Intrusion Detection System Amir Hossein Payberah payberah@yahoo.com 1 Contents Intrusion

Intrusion Detection System Amir Hossein Payberah payberah@yahoo.com 1 Contents Intrusion

Intrusion Detection System Amir Hossein Payberah payberah@yahoo.com 1 Contents Intrusion Detection Systems Tripwire Snort 2 IDS (Definition) Intrusion Detection is the process of monitoring the events occurring in a computer

571 views • 30 slides
Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection

Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection

Customizing and Evolving Intrusion Detection A static, globally useful intrusion detection solution is impossible Good behavior on one system is bad behavior on another Behaviors change and new vulnerabilities are discovered

700 views • 23 slides
Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 239

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 239

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 239 systems Computer Software Some sample intrusion detection March 9, 2005 systems Lecture 15 Lecture 15 Page 1 Page 2 CS 239, Winter 2005

602 views • 12 slides
Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 236

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 236

Outline Introduction Intrusion Detection Characteristics of intrusion detection CS 236 systems Computer Software Some sample intrusion detection March 12, 2007 systems Lecture 14 Lecture 14 Page 1 Page 2 CS 236, Winter 2007

537 views • 10 slides
Yu (Tony) Zhang Arizona State University During AAAI 2016 in winter! Minimality in

Yu (Tony) Zhang Arizona State University During AAAI 2016 in winter! Minimality in

MINIMALITY IN MULTI-ROBOT SYSTEMS Yu (Tony) Zhang Arizona State University During AAAI 2016 in winter! Minimality in single-robot systems Environment Design Task Resource What is minimality in multi-robot systems ? Environment ! What

402 views • 15 slides
Agilla/ Agim one: Middleware Existing sensor network software lacks flexibility Entire network

Agilla/ Agim one: Middleware Existing sensor network software lacks flexibility Entire network

Motivation Agilla/ Agim one: Middleware Existing sensor network software lacks flexibility Entire network runs just one application for Sensor Networks Cannot adapt to changes in the environment the network user requirements

374 views • 8 slides
Feature Markov Decision Processes Marcus Hutter Canberra, ACT, 0200, Australia

Feature Markov Decision Processes Marcus Hutter Canberra, ACT, 0200, Australia

Feature Markov Decision Processes Marcus Hutter Canberra, ACT, 0200, Australia http://www.hutter1.net/ ANU RSISE NICTA AGI, 69 March 2009, Washington DC Marcus Hutter - 2 - Feature Markov Decision Processes Abstract General purpose

309 views • 20 slides
Agents and Artifacts: The A&A Meta-model for Multiagent Systems Multiagent Systems LS

Agents and Artifacts: The A&A Meta-model for Multiagent Systems Multiagent Systems LS

Agents and Artifacts: The A&A Meta-model for Multiagent Systems Multiagent Systems LS Sistemi Multiagente LS Andrea Omicini andrea.omicini@unibo.it Ingegneria Due Alma Mater Studiorum Universit` a di Bologna a Cesena Academic Year

600 views • 56 slides
Agent Architectures and Hierarchical Control Overview: Agents and Robots Agent systems and

Agent Architectures and Hierarchical Control Overview: Agents and Robots Agent systems and

Agent Architectures and Hierarchical Control Overview: Agents and Robots Agent systems and architectures Agent controllers Hierarchical controllers D. Poole and A. Mackworth 2010 c Artificial Intelligence, Lecture 2.1, Page 1 Agents and

612 views • 23 slides
ENCAPSULATING REACTING BEHAVIOUR IN GOAL-BASED PLANS FOR PROGRAMMING BDI AGENTS Rafael H. Bordini

ENCAPSULATING REACTING BEHAVIOUR IN GOAL-BASED PLANS FOR PROGRAMMING BDI AGENTS Rafael H. Bordini

ENCAPSULATING REACTING BEHAVIOUR IN GOAL-BASED PLANS FOR PROGRAMMING BDI AGENTS Rafael H. Bordini Rem Collier Jomi F. Hbner Alessandro Ricci School of Technology, PUCRS University College of Dublin DAS, Fed. Univ. of Santa Catarina DISI,

441 views • 14 slides
Modelling, Specification and Verification of Reactive Systems Milners Calculus of

Modelling, Specification and Verification of Reactive Systems Milners Calculus of

Introduction to CCS Syntax of CCS Semantics of CCS Value Passing CCS Modelling, Specification and Verification of Reactive Systems Milners Calculus of Communicating Systems (CCS) Plan for this part of the course: Informal introduction to

763 views • 50 slides
Knowledge-Based Policies for Qualitative Decentralized POMDPs Abdallah Saffidine Bruno Zanuttini

Knowledge-Based Policies for Qualitative Decentralized POMDPs Abdallah Saffidine Bruno Zanuttini

Knowledge-based programs Semantics Mathematical properties Conclusion Knowledge-Based Policies for Qualitative Decentralized POMDPs Abdallah Saffidine Bruno Zanuttini Franc ois Schwarzentruber 68NQRT January 25th, 2018 1 / 50

808 views • 50 slides

More recommend