Statistical security incident forensics against data falsification in smart grid advanced metering infrastructure

Shameek Bhattacharjee; Aditya Thakur; Simone Silvestri; Sajal K. Das

doi:10.1145/3029806.3029833

Statistical security incident forensics against data falsification in smart grid advanced metering infrastructure

Shameek Bhattacharjee, Aditya Thakur, Simone Silvestri, Sajal K. Das

Producción científica: Conference contribution › revisión exhaustiva

28 Citas (Scopus)

Resumen

Compromised smart meters reporting false power consump-Tion data in Advanced Metering Infrastructure (AMI) may have drastic consequences on a smart grid's operations. Most existing works only deal with electricity theft from customers. However, several other types of data falsification attacks are possible, when meters are compromised by organized rivals. In this paper, we first propose a taxonomy of possible data falsification strategies such as additive, deductive, camouflage and conflict, in AMI micro-grids. Then, we devise a statistical anomaly detection technique to identify the incidence of proposed attack types, by studying their impact on the observed data. Subsequently, a trust model based on Kullback-Leibler divergence is proposed to identify com- promised smart meters for additive and deductive attacks. The resultant detection rates and false alarms are minimized through a robust aggregate measure that is calculated based on the detected attack type and successfully discriminating legitimate changes from malicious ones. For conflict and camouflage attacks, a generalized linear model and Weibull function based kernel trick is used over the trust score to facilitate more accurate classification. Using real data sets collected from AMI, we investigate several trade-offs that occur between attacker's revenue and costs, as well as the margin of false data and fraction of compromised nodes. Experimental results show that our model has a high true positive detection rate, while the average false alarm rate is just 8%, for most practical attack strategies, without depending on the expensive hardware based monitoring.

Idioma original	English
Título de la publicación alojada	CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy
Páginas	35-45
Número de páginas	11
ISBN (versión digital)	9781450345231
DOI	https://doi.org/10.1145/3029806.3029833
Estado	Published - mar 22 2017
Evento	7th ACM Conference on Data and Application Security and Privacy, CODASPY 2017 - Scottsdale, United States Duración: mar 22 2017 → mar 24 2017

Serie de la publicación

Nombre	CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy

Conference

Conference	7th ACM Conference on Data and Application Security and Privacy, CODASPY 2017
País/Territorio	United States
Ciudad	Scottsdale
Período	3/22/17 → 3/24/17

Nota bibliográfica

Publisher Copyright:
© 2017 ACM.

Financiación

The work is partially supported by the NSF grants under award numbers CNS-1545037, CNS- 1545050 and DGE-1433659.

Financiadores	Número del financiador
National Science Foundation (NSF)	DGE-1433659, CNS- 1545050, CNS-1545037

ASJC Scopus subject areas

Computer Science Applications
Information Systems
Software

ODS de las Naciones Unidas

Este resultado contribuye a los siguientes Objetivos de Desarrollo Sostenible

Acceder al documento

10.1145/3029806.3029833

Otros archivos y enlaces

Citar esto

Bhattacharjee, S., Thakur, A., Silvestri, S., & Das, S. K. (2017). Statistical security incident forensics against data falsification in smart grid advanced metering infrastructure. En CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy (pp. 35-45). (CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy). https://doi.org/10.1145/3029806.3029833

Bhattacharjee, Shameek ; Thakur, Aditya ; Silvestri, Simone et al. / Statistical security incident forensics against data falsification in smart grid advanced metering infrastructure. CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy. 2017. pp. 35-45 (CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy).

@inproceedings{45e5f1738cdd4ebbada63def0ad23864,

title = "Statistical security incident forensics against data falsification in smart grid advanced metering infrastructure",

abstract = "Compromised smart meters reporting false power consump-Tion data in Advanced Metering Infrastructure (AMI) may have drastic consequences on a smart grid's operations. Most existing works only deal with electricity theft from customers. However, several other types of data falsification attacks are possible, when meters are compromised by organized rivals. In this paper, we first propose a taxonomy of possible data falsification strategies such as additive, deductive, camouflage and conflict, in AMI micro-grids. Then, we devise a statistical anomaly detection technique to identify the incidence of proposed attack types, by studying their impact on the observed data. Subsequently, a trust model based on Kullback-Leibler divergence is proposed to identify com- promised smart meters for additive and deductive attacks. The resultant detection rates and false alarms are minimized through a robust aggregate measure that is calculated based on the detected attack type and successfully discriminating legitimate changes from malicious ones. For conflict and camouflage attacks, a generalized linear model and Weibull function based kernel trick is used over the trust score to facilitate more accurate classification. Using real data sets collected from AMI, we investigate several trade-offs that occur between attacker's revenue and costs, as well as the margin of false data and fraction of compromised nodes. Experimental results show that our model has a high true positive detection rate, while the average false alarm rate is just 8\%, for most practical attack strategies, without depending on the expensive hardware based monitoring.",

keywords = "Advanced metering infras-Tructure, Data falsification, Information theory, Relative entropy, Security incident forensics, Smart grid, Statistical anomaly detection, Su- pervised learning, Trust models",

author = "Shameek Bhattacharjee and Aditya Thakur and Simone Silvestri and Das, \{Sajal K.\}",

note = "Publisher Copyright: {\textcopyright} 2017 ACM.; 7th ACM Conference on Data and Application Security and Privacy, CODASPY 2017 ; Conference date: 22-03-2017 Through 24-03-2017",

year = "2017",

month = mar,

day = "22",

doi = "10.1145/3029806.3029833",

language = "English",

series = "CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy",

pages = "35--45",

booktitle = "CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy",

}

Bhattacharjee, S, Thakur, A, Silvestri, S & Das, SK 2017, Statistical security incident forensics against data falsification in smart grid advanced metering infrastructure. En CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy. CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy, pp. 35-45, 7th ACM Conference on Data and Application Security and Privacy, CODASPY 2017, Scottsdale, United States, 3/22/17. https://doi.org/10.1145/3029806.3029833

Statistical security incident forensics against data falsification in smart grid advanced metering infrastructure. / Bhattacharjee, Shameek; Thakur, Aditya; Silvestri, Simone et al.
CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy. 2017. p. 35-45 (CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy).

Producción científica: Conference contribution › revisión exhaustiva

TY - GEN

T1 - Statistical security incident forensics against data falsification in smart grid advanced metering infrastructure

AU - Bhattacharjee, Shameek

AU - Thakur, Aditya

AU - Silvestri, Simone

AU - Das, Sajal K.

PY - 2017/3/22

Y1 - 2017/3/22

N2 - Compromised smart meters reporting false power consump-Tion data in Advanced Metering Infrastructure (AMI) may have drastic consequences on a smart grid's operations. Most existing works only deal with electricity theft from customers. However, several other types of data falsification attacks are possible, when meters are compromised by organized rivals. In this paper, we first propose a taxonomy of possible data falsification strategies such as additive, deductive, camouflage and conflict, in AMI micro-grids. Then, we devise a statistical anomaly detection technique to identify the incidence of proposed attack types, by studying their impact on the observed data. Subsequently, a trust model based on Kullback-Leibler divergence is proposed to identify com- promised smart meters for additive and deductive attacks. The resultant detection rates and false alarms are minimized through a robust aggregate measure that is calculated based on the detected attack type and successfully discriminating legitimate changes from malicious ones. For conflict and camouflage attacks, a generalized linear model and Weibull function based kernel trick is used over the trust score to facilitate more accurate classification. Using real data sets collected from AMI, we investigate several trade-offs that occur between attacker's revenue and costs, as well as the margin of false data and fraction of compromised nodes. Experimental results show that our model has a high true positive detection rate, while the average false alarm rate is just 8%, for most practical attack strategies, without depending on the expensive hardware based monitoring.

AB - Compromised smart meters reporting false power consump-Tion data in Advanced Metering Infrastructure (AMI) may have drastic consequences on a smart grid's operations. Most existing works only deal with electricity theft from customers. However, several other types of data falsification attacks are possible, when meters are compromised by organized rivals. In this paper, we first propose a taxonomy of possible data falsification strategies such as additive, deductive, camouflage and conflict, in AMI micro-grids. Then, we devise a statistical anomaly detection technique to identify the incidence of proposed attack types, by studying their impact on the observed data. Subsequently, a trust model based on Kullback-Leibler divergence is proposed to identify com- promised smart meters for additive and deductive attacks. The resultant detection rates and false alarms are minimized through a robust aggregate measure that is calculated based on the detected attack type and successfully discriminating legitimate changes from malicious ones. For conflict and camouflage attacks, a generalized linear model and Weibull function based kernel trick is used over the trust score to facilitate more accurate classification. Using real data sets collected from AMI, we investigate several trade-offs that occur between attacker's revenue and costs, as well as the margin of false data and fraction of compromised nodes. Experimental results show that our model has a high true positive detection rate, while the average false alarm rate is just 8%, for most practical attack strategies, without depending on the expensive hardware based monitoring.

KW - Advanced metering infras-Tructure

KW - Data falsification

KW - Information theory

KW - Relative entropy

KW - Security incident forensics

KW - Smart grid

KW - Statistical anomaly detection

KW - Su- pervised learning

KW - Trust models

UR - http://www.scopus.com/inward/record.url?scp=85018504138&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85018504138&partnerID=8YFLogxK

U2 - 10.1145/3029806.3029833

DO - 10.1145/3029806.3029833

M3 - Conference contribution

AN - SCOPUS:85018504138

T3 - CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy

SP - 35

EP - 45

BT - CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy

T2 - 7th ACM Conference on Data and Application Security and Privacy, CODASPY 2017

Y2 - 22 March 2017 through 24 March 2017

ER -

Bhattacharjee S, Thakur A, Silvestri S, Das SK. Statistical security incident forensics against data falsification in smart grid advanced metering infrastructure. En CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy. 2017. p. 35-45. (CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Application Security and Privacy). doi: 10.1145/3029806.3029833

Statistical security incident forensics against data falsification in smart grid advanced metering infrastructure

Resumen

Serie de la publicación

Conference

Nota bibliográfica

Financiación

ASJC Scopus subject areas

ODS de las Naciones Unidas

Acceder al documento

Otros archivos y enlaces

Huella

Citar esto