Intrusion Detection of NSM Based DoS Attacks Using Data Mining in Smart Grid

Choi, Kyung Jun; Chen, Xinyi; Li, Shi; Kim, Mihui; Chae, Kijoon; Na, Jung Chan

doi:10.3390/en5104091

Cited by 42 publications

(23 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Kim et al [18] proposed a method where many different DDoS attacks [51,52] are described in terms of traffic patterns in a flow characteristics. In particular, the authors focused on counters like: number of flows, packets, bytes, the flow and packet sizes, average flow size and number of packets per flow.…”

Section: Detection Via Countersmentioning

confidence: 99%

An Entropy-Based Network Anomaly Detection Method

Bereziński

Jasiul

Szpyrka

2015

Entropy

156

View full text Add to dashboard Cite

Data mining is an interdisciplinary subfield of computer science involving methods at the intersection of artificial intelligence, machine learning and statistics. One of the data mining tasks is anomaly detection which is the analysis of large quantities of data to identify items, events or observations which do not conform to an expected pattern. Anomaly detection is applicable in a variety of domains, e.g., fraud detection, fault detection, system health monitoring but this article focuses on application of anomaly detection in the field of network intrusion detection.The main goal of the article is to prove that an entropy-based approach is suitable to detect modern botnet-like malware based on anomalous patterns in network. This aim is achieved by realization of the following points: (i) preparation of a concept of original entropy-based network anomaly detection method, (ii) implementation of the method, (iii) preparation of original dataset, (iv) evaluation of the method.

show abstract

Section: Detection Via Countersmentioning

confidence: 99%

An Entropy-Based Network Anomaly Detection Method

Bereziński

Jasiul

Szpyrka

2015

Entropy

156

View full text Add to dashboard Cite

show abstract

“…Kyung Choi et al [16] proposed the data attributes for the SYN flood attack and the buffer overflow attack, and the recognition procedure to find proficient data mining methods for those attacks. According to result obtained, in case of SYN flood attack, a total of 64 mining algorithms are executed with the selected key attributes.…”

Section: Related Workmentioning

confidence: 99%

“…Sixty four algorithms are achieved with selected key attributes using result of decision tree. Three algorithms show a 100% detection rate, 29 algorithms show 99.833% [16], [17], [18], [19]. Π -is the initial state distribution.…”

Section: Related Workmentioning

confidence: 99%

A Survey of Anomaly Detection Techniques and Hidden Markov Model

Sukhwani¹,

Sharma²,

Sharma³

2014

IJCA

View full text Add to dashboard Cite

An Intrusion detection System is software that is used for the malicious activities performed in the network whether in wired or in wireless. Although there are various techniques implemented for the detection of intrusions but still various techniques are yet to be implemented for the accurate detection of intrusion such that the false positive rate can be minimized. Hidden Markov model is a technique which consists of number of states having initial transition of data and at each transition from one state to another a probability is calculated, this technique can be considered for the detection of intrusions. Here in this paper a complete survey of all the technique implemented for the intrusion detection and their various advantages and disadvantages are discussed such that a new technique can be implemented in future.

show abstract

“…Most communication networks leave open a connection awaiting response to a SYN/ACK signal, sometimes as long as 75 s. An attacker can flood buffer with spoofed SYN requests creating congestion on the network. Bayesian statistical analysis can be used on the packet information to detect attack [24]. A fusion centre that uses transmitted data and library of previous data can also be used to determine whether malicious data are passed [25].…”

Section: Sensors and Devicesmentioning

confidence: 99%

Security Challenges in Smart Grid Implementation

Goel

Yuan

2015

SpringerBriefs in Cybersecurity

View full text Add to dashboard Cite

The smart grid architecture amalgamates the physical power grid and a communication grid into a single monolithic network. It poses several security threats that are well known (Li et al. in IEEE Trans Smart Grid 3:1540-1551 [1], McDaniel and McLaughlin in IEEE Secur Priv 7:75, 77, 2009 [2], Bisoi and Dash 2011 [3]). However, it faces unknown threats from the cyber-physical interfaces whereby either cyber-threats can lead to actuation of physical devices or vice versa if physical devices could be manipulated to disrupt the communication infrastructure. The most prevalent threats to the operation and safety of the smart grid come from physical destruction of infrastructure, data poisoning, denial of services, malware, and intrusion. The most prevalent threat to the consumer is breach of privacy of the data and malicious control of personal devices and appliances. This chapter articulates the smart grid architecture and the cyberphysical threats to which the smart grid is vulnerable. Smart Grid Architecture IntroductionThe smart grid is a traditional power grid with a communication network overlaid on top of the traditional power grid. The communication and power grid are interrelated such that the communication network depends on the power grid for data and the power grid depends on the communication for operational activities. The role of the grid is to provide ubiquitous communication capability for collecting data from sensors and meters, process it in situ, and provide pertinent information to support multiple activities such as ensuring grid stability, detecting and resolving anomalies, forecasting load, and facilitating demand response. All this needs to be done while protecting the privacy of the consumers, protecting critical operational data that from national adversaries, and ensuring the integrity of the data for both business and operational needs. This is not a trivial challenge for several reasons, including need to integrate disparate communication media into a single monolithic network, need to provide guaranteed latency and bandwidth for several applications, and need to ensure privacy and security of the data as necessary.The power grid is typically segregated into transmission, distribution, and the last mile. Transmission carries high-voltage current over long distances to substations. Distribution carries lower-voltage data from substations to local transformers. The last mile connects the local transformers to consumers, and it is where utilities and consumers interact to support real-time management of energy generation, distribution, usage, and efficiency. With the integration of the smart grid technologies, the traditional network is now entering households and businesses. Parallel to the power grid, the communication grid can be segregated into wide area network (WAN), metropolitan area network (MAN), field area network (FAN), and home area network (HAN) as shown in Fig. 1.1.The primary goal associated with the transmission network is to provide situational awareness where techn...

show abstract

Intrusion Detection of NSM Based DoS Attacks Using Data Mining in Smart Grid

Cited by 42 publications

References 14 publications

An Entropy-Based Network Anomaly Detection Method

An Entropy-Based Network Anomaly Detection Method

A Survey of Anomaly Detection Techniques and Hidden Markov Model

Security Challenges in Smart Grid Implementation

Contact Info

Product

Resources

About