Powered by OpenAIRE graph
Found an issue? Give us feedback
image/svg+xml Jakob Voss, based on art designer at PLoS, modified by Wikipedia users Nina and Beao Closed Access logo, derived from PLoS Open Access logo. This version with transparent background. http://commons.wikimedia.org/wiki/File:Closed_Access_logo_transparent.svg Jakob Voss, based on art designer at PLoS, modified by Wikipedia users Nina and Beao University of Twente...arrow_drop_down
image/svg+xml Jakob Voss, based on art designer at PLoS, modified by Wikipedia users Nina and Beao Closed Access logo, derived from PLoS Open Access logo. This version with transparent background. http://commons.wikimedia.org/wiki/File:Closed_Access_logo_transparent.svg Jakob Voss, based on art designer at PLoS, modified by Wikipedia users Nina and Beao
University of Twente Research Information
Conference object . 2020
Data sources: University of Twente Research Information
image/svg+xml Jakob Voss, based on art designer at PLoS, modified by Wikipedia users Nina and Beao Closed Access logo, derived from PLoS Open Access logo. This version with transparent background. http://commons.wikimedia.org/wiki/File:Closed_Access_logo_transparent.svg Jakob Voss, based on art designer at PLoS, modified by Wikipedia users Nina and Beao
https://doi.org/10.1109/srds47...
Conference object . 2019 . Peer-reviewed
License: IEEE Copyright
Data sources: Crossref
https://research.utwente.nl/en...
Article
Data sources: Microsoft Academic Graph
 View all 3 versions
Claim

This Research product is the result of merged Research products in OpenAIRE.

You have already added 0 works in your ORCID record related to the merged Research product.

Architecture and Prototype Implementation for Process-Aware Intrusion Detection in Electrical Grids

descriptionPublicationkeyboard_double_arrow_right Conference object , Article 01 Oct 2019 Netherlands Publisher:IEEEJournal:2019 38th Symposium on Reliable Distributed Systems (SRDS)
Authors: Anne Remke; Justyna Joanna Chromik; Robert Flosbach;

doi: 10.1109/srds47363.2019.00015

Architecture and Prototype Implementation for Process-Aware Intrusion Detection in Electrical Grids

Abstract

Supervisory Control and Data Acquisition (SCADA) systems monitor and control electric power distribution. Recent history has shown that cyber-attacks pose a tremendous risk for the economy and safety of modern countries. This paper introduces an architecture and a prototype implementation for a process-aware, network-based Intrusion Detection System (IDS) to secure control networks in the domain of power distribution. Based on a recently proposed process model, the system continuously assesses the local physical process and all control commands with regard to consistency and safety of the underlying physical process. Its detection capabilities focus on process-based attacks like manipulated control commands, which appear legitimate to traditional IDS but might nevertheless have devastating effects on the power distribution. The architecture separates the evaluation part from the traffic processing, which ensures extensibility and scalability. The developed implementation has been successfully deployed at a Dutch power distribution substation. Its detection performance is characterized by a very low miss rate and high precision.

Country
Netherlands
Related Organizations
Keywords

Zeek, power distribution, Intrusion detection, SCADA, n/a OA procedure, process-aware

  • BIP!
    Impact byBIP!
    citations
    This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
    		 7
    popularity
    This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
    		 Top 10%
    influence
    This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
    		 Average
    impulse
    This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
    		 Average
Powered by OpenAIRE graph
Found an issue? Give us feedback
citations
This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
BIP!Citations provided by BIP!
popularity
This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
BIP!Popularity provided by BIP!
influence
This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
BIP!Influence provided by BIP!
impulse
This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
BIP!Impulse provided by BIP!
7
Top 10%
Average
Average
Related to Research communities
Energy Research