Skip navigation

ARIES: a novel multivariate intrusion detection system for smart grid

ARIES: a novel multivariate intrusion detection system for smart grid

Radoglou Grammatikis, Panagiotis, Sarigiannidis, Panagiotis, Efstathopoulos, Georgios and Panaousis, Emmanouil ORCID: 0000-0001-7306-4062 (2020) ARIES: a novel multivariate intrusion detection system for smart grid. Sensors, 20 (18):5305. ISSN 1424-8220 (Online) (doi:https://doi.org/10.3390/s20185305)

[img]
Preview
PDF (Open Access Article)
29918 PANAOUSIS_ARIES_Novel_Multivariate_Intrusion_Detection_System_For_Smart_Grid_(OA)_2020.pdf - Published Version
Available under License Creative Commons Attribution.

Download (1MB) | Preview

Abstract

The advent of the Smart Grid (SG) raises severe cybersecurity risks that can lead to devastating consequences. In this paper, we present a novel anomaly-based Intrusion Detection System (IDS), called ARIES (smArt gRid Intrusion dEtection System), which is capable of protecting efficiently SG communications. ARIES combines three detection layers that are devoted to recognising possible cyberattacks and anomalies against (a) network flows, (b) Modbus/Transmission Control Protocol (TCP) packets and (c) operational data. Each detection layer relies on a Machine Learning (ML) model trained using data originating from a power plant. In particular, the first layer (network flow-based detection) performs a supervised multiclass classification, recognising Denial of Service (DoS), brute force attacks, port scanning attacks and bots. The second layer (packet-based detection) detects possible anomalies related to the Modbus packets, while the third layer (operational data based detection) monitors and identifies anomalies upon operational data (i.e., time series electricity measurements). By emphasising on the third layer, the ARIES Generative Adversarial Network (ARIES GAN) with novel error minimisation functions was developed, considering mainly the reconstruction difference. Moreover, a novel reformed conditional input was suggested, consisting of random noise and the signal features at any given time instance. Based on the evaluation analysis, the proposed GAN network overcomes the efficacy of conventional ML methods in terms of Accuracy and the F1 score.

Item Type: Article
Uncontrolled Keywords: cybersecurity, intrusion detection system, machine learning, modbus, SCADA, smart grid
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Faculty / Department / Research Group: Faculty of Liberal Arts & Sciences
Faculty of Liberal Arts & Sciences > Internet of Things and Security (ISEC)
Faculty of Liberal Arts & Sciences > School of Computing & Mathematical Sciences (CAM)
Last Modified: 26 Nov 2020 23:01
Selected for GREAT 2016: None
Selected for GREAT 2017: None
Selected for GREAT 2018: None
Selected for GREAT 2019: None
Selected for REF2021: None
URI: http://gala.gre.ac.uk/id/eprint/29918

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics