Adaptive and continuous intrusion and anomaly detection for smart grid systems

This report is the result of collaborative work between the Department of Computer Science and Engineering (CSE) at the Chalmers University of Technology and the Forescout Technologies Inc. Our main contribution in the UNITED-GRID project is an analysis of cyber-security related problems and Intrusion Detection Systems (IDS) as a viable solution for smart grids, especially in relation to the data streaming paradigm, which is a potential candidate to be the main data processing and handling mechanism in the next-generation power grid systems.

In this context, a detailed state of the art is presented, including definitions, architecture models, networking protocols, and use cases for the smart grid as a whole and the Advanced Metering Infrastructure (AMI) in particular. After presenting these basic elements, we study their implications for the security of the smart grid and AMI systems. We overview known and potential attacks, as well as privacy issues, discussing involved entities, and the consequences of malicious actions.

The rich analysis of producers’ and consumers’ behavior learning, which demands computational power that is found in central data centers, will need to be shared and synchronized with the one in charge of timely detecting critical situations, which will be run by edge devices deployed in the grid. In this manner, we introduce the data streaming paradigm, including its general benefits, challenges, and implementation tools, besides describing in detail its role in smart grid security, with a discussion on an intrusion detection algorithm leveraging the data streaming paradigm.

Finally, we survey the literature for related works on intrusion detection for the smart grid and discuss the possibilities for deploying practical intrusion detection systems on these networks. We conclude by foreseeing that future cyber-security systems, especially intrusion detection systems, employed at the smart grid should leverage data streaming in their detection algorithms due to their advantages.