2021
|
| 1. | Grammatikis, Panagiotis Radoglou; Sarigiannidis, Panagiotis; Iturbe, Eider; Rios, Erkuden; Martinez, Saturnino; Sarigiannidis, Antonios; Efstathopoulos, Georgios; Spyridis, Yannis; Sesis, Achilleas; Vakakis, Nikolaos; Tzovaras, Dimitrios; Kafetzakis, Emmanouil; Giannoulakis, Ioannis; Tzifas, Michalis; Giannakoulias, Alkiviadis; Angelopoulos, Michail; Ramos, Francisco SPEAR SIEM: A Security Information and Event Management system for the Smart Grid (Journal Article) In: Computer Networks, 2021. @article{article,
title = {SPEAR SIEM: A Security Information and Event Management system for the Smart Grid},
author = {Panagiotis Radoglou Grammatikis and Panagiotis Sarigiannidis and Eider Iturbe and Erkuden Rios and Saturnino Martinez and Antonios Sarigiannidis and Georgios Efstathopoulos and Yannis Spyridis and Achilleas Sesis and Nikolaos Vakakis and Dimitrios Tzovaras and Emmanouil Kafetzakis and Ioannis Giannoulakis and Michalis Tzifas and Alkiviadis Giannakoulias and Michail Angelopoulos and Francisco Ramos},
url = {https://www.researchgate.net/publication/350287201_SPEAR_SIEM_A_Security_Information_and_Event_Management_system_for_the_Smart_Grid},
doi = {10.1016/j.comnet.2021.108008},
year = {2021},
date = {2021-01-01},
journal = {Computer Networks},
abstract = {The technological leap of smart technologies has brought the conventional electrical grid in a new digital era called Smart Grid (SG), providing multiple benefits, such as two-way communication, pervasive control and self-healing. However, this new reality generates significant cybersecurity risks due to the heterogeneous and insecure nature of SG. In particular, SG relies on legacy communication protocols that have not been implemented having cybersecurity in mind. Moreover, the advent of the Internet of Things (IoT) creates severe cybersecurity challenges. The Security Information and Event Management (SIEM) systems constitute an emerging technology in the cybersecurity area, having the capability to detect, normalise and correlate a vast amount of security events. They can orchestrate the entire security of a smart ecosystem, such as SG. Nevertheless, the current SIEM systems do not take into account the unique SG peculiarities and characteristics like the legacy communication protocols. In this paper, we present the Secure and PrivatE smArt gRid (SPEAR) SIEM, which focuses on SG. The main contribution of our work is the design and implementation of a SIEM system capable of detecting, normalising and correlating cyberattacks and anomalies against a plethora of SG application-layer protocols. It is noteworthy that the detection performance of the SPEAR SIEM is demonstrated with real data originating from four real SG use case (a) hydropower plant, (b) substation, (c) power plant and (d) smart home.},
keywords = {Anomaly Detection, Auto-encoder, Cybersecurity, Deep Learning, Generative Adversarial Network, Machine Learning, Modbus, Smart Grid},
pubstate = {published},
tppubtype = {article}
}
The technological leap of smart technologies has brought the conventional electrical grid in a new digital era called Smart Grid (SG), providing multiple benefits, such as two-way communication, pervasive control and self-healing. However, this new reality generates significant cybersecurity risks due to the heterogeneous and insecure nature of SG. In particular, SG relies on legacy communication protocols that have not been implemented having cybersecurity in mind. Moreover, the advent of the Internet of Things (IoT) creates severe cybersecurity challenges. The Security Information and Event Management (SIEM) systems constitute an emerging technology in the cybersecurity area, having the capability to detect, normalise and correlate a vast amount of security events. They can orchestrate the entire security of a smart ecosystem, such as SG. Nevertheless, the current SIEM systems do not take into account the unique SG peculiarities and characteristics like the legacy communication protocols. In this paper, we present the Secure and PrivatE smArt gRid (SPEAR) SIEM, which focuses on SG. The main contribution of our work is the design and implementation of a SIEM system capable of detecting, normalising and correlating cyberattacks and anomalies against a plethora of SG application-layer protocols. It is noteworthy that the detection performance of the SPEAR SIEM is demonstrated with real data originating from four real SG use case (a) hydropower plant, (b) substation, (c) power plant and (d) smart home. |
| 2. | Argyropoulos, Nikolaos; Khodashenas, Pouria Sayyad; Mavropoulos, Orestis; Karapistoli, Eirini; Lytos, Anastasios; Karypidis, Paris Alexandros; Hofmann, Klaus-Peter Addressing Cybersecurity in the Next Generation Mobility Ecosystem with CARAMEL (Journal Article) In: Transportation Research Procedia, vol. 52, pp. 307-314, 2021, ISSN: 2352-1465, (23rd EURO Working Group on Transportation Meeting, EWGT 2020, 16-18 September 2020, Paphos, Cyprus). @article{ARGYROPOULOS2021307,
title = {Addressing Cybersecurity in the Next Generation Mobility Ecosystem with CARAMEL},
author = {Nikolaos Argyropoulos and Pouria Sayyad Khodashenas and Orestis Mavropoulos and Eirini Karapistoli and Anastasios Lytos and Paris Alexandros Karypidis and Klaus-Peter Hofmann},
url = {https://www.sciencedirect.com/science/article/pii/S2352146521000685},
doi = {https://doi.org/10.1016/j.trpro.2021.01.036},
issn = {2352-1465},
year = {2021},
date = {2021-01-01},
journal = {Transportation Research Procedia},
volume = {52},
pages = {307-314},
abstract = {The proliferation of next generation mobility, promotes the use of autonomous cars, connected vehicles and electromobility. It creates novel attack surfaces for high impact cyberattacks affecting the society. Addressing the cybersecurity challenges introduced by modern vehicles requires a proactive and multi-faceted approach combining techniques originating from various domains of ICT. Emerging technologies such as 5G, LiDAR, novel in-vehicle and roadside sensors and smart charging, used in modern cars, introduce new challenges and potential security gaps in the next generation mobility ecosystem. Thus, it is critical that the domain’s cybersecurity must be approached in a structured manner from a multi-domain and multi-technology perspective. The CARAMEL H2020 project aims to address the cybersecurity challenges on the pillars upon which the next generation mobility is constructed (i.e., autonomous mobility, connected mobility, electromobility). To achieve that, advanced Artificial Intelligence (AI) and Machine Learning (ML) techniques will be utilized for the identification of anomalies and the classification of incoming signals indicating a cyber-attack or a cybersecurity risk. Apart from risk detection, methods for the mitigation of the identified risks will also be continuously incorporated to the CARAMEL solution. The final goal of CARAMEL is to create an anti-hacking platform for the European automotive cybersecurity and to demonstrate its value through extensive attack and penetration scenarios. In this paper we will expand on the unique cybersecurity-relevant characteristics of the pillars upon which the CARAMEL solution is built. Next, a number of use cases emerging from such analysis will be extracted in order to form the basis upon which the CARAMEL platform will be evaluated. Finally, we will conclude with an overview of the platform’s architectural composition.},
note = {23rd EURO Working Group on Transportation Meeting, EWGT 2020, 16-18 September 2020, Paphos, Cyprus},
keywords = {Artificial intelligence, Automated mobility, Connected mobility, Cybersecurity},
pubstate = {published},
tppubtype = {article}
}
The proliferation of next generation mobility, promotes the use of autonomous cars, connected vehicles and electromobility. It creates novel attack surfaces for high impact cyberattacks affecting the society. Addressing the cybersecurity challenges introduced by modern vehicles requires a proactive and multi-faceted approach combining techniques originating from various domains of ICT. Emerging technologies such as 5G, LiDAR, novel in-vehicle and roadside sensors and smart charging, used in modern cars, introduce new challenges and potential security gaps in the next generation mobility ecosystem. Thus, it is critical that the domain’s cybersecurity must be approached in a structured manner from a multi-domain and multi-technology perspective. The CARAMEL H2020 project aims to address the cybersecurity challenges on the pillars upon which the next generation mobility is constructed (i.e., autonomous mobility, connected mobility, electromobility). To achieve that, advanced Artificial Intelligence (AI) and Machine Learning (ML) techniques will be utilized for the identification of anomalies and the classification of incoming signals indicating a cyber-attack or a cybersecurity risk. Apart from risk detection, methods for the mitigation of the identified risks will also be continuously incorporated to the CARAMEL solution. The final goal of CARAMEL is to create an anti-hacking platform for the European automotive cybersecurity and to demonstrate its value through extensive attack and penetration scenarios. In this paper we will expand on the unique cybersecurity-relevant characteristics of the pillars upon which the CARAMEL solution is built. Next, a number of use cases emerging from such analysis will be extracted in order to form the basis upon which the CARAMEL platform will be evaluated. Finally, we will conclude with an overview of the platform’s architectural composition. |
| 3. | Grammatikis, Panagiotis Radoglou; Sarigiannidis, Panagiotis; Efstathopoulos, George; Lagkas, Thomas; Fragulis, George; Sarigiannidis, Antonios A Self-Learning Approach for Detecting Intrusions in Healthcare Systems (Inproceedings) In: IEEE International Conference on Communications, 2021. @inproceedings{inproceedings,
title = {A Self-Learning Approach for Detecting Intrusions in Healthcare Systems},
author = {Panagiotis Radoglou Grammatikis and Panagiotis Sarigiannidis and George Efstathopoulos and Thomas Lagkas and George Fragulis and Antonios Sarigiannidis},
url = {https://www.researchgate.net/publication/349158703_A_Self-Learning_Approach_for_Detecting_Intrusions_in_Healthcare_Systems/references},
doi = {10.1109/ICC42927.2021.9500354},
year = {2021},
date = {2021-01-01},
urldate = {2021-01-01},
booktitle = {IEEE International Conference on Communications},
abstract = {The rapid evolution of the Internet of Medical Things (IoMT) introduces the healthcare ecosystem into a new reality consisting of smart medical devices and applications that provide multiple benefits, such as remote medical assistance, timely administration of medication, real-time monitoring, preventive care and health education. However, despite the valuable advantages, this new reality increases the cybersecurity and privacy concerns since vulnerable IoMT devices can access and handle autonomously patients’ data. Furthermore, the continuous evolution of cyberattacks, malware and zero-day vulnerabilities require the development of the appropriate countermeasures. In the light of the aforementioned remarks, in this paper, we present an Intrusion Detection and Prevention System (IDPS), which can protect the healthcare communications that rely on the Hypertext Transfer Protocol (HTTP) and the Modbus/Transmission Control Protocol (TCP). HTTP is commonly adopted by conventional ICT healthcare-related services, such as web-based Electronic Health Record (EHR) applications, while Modbus/TCP is an industrial protocol adopted by IoMT. Although the Machine Learning (ML) and Deep Learning (DL) methods have already demonstrated their efficacy in detecting intrusions, the rarely available intrusion detection datasets (especially in the healthcare sector) complicate their global application. The main contribution of this work lies in the fact that an active learning approach is modelled and adopted in order to re-train dynamically the supervised classifiers behind the proposed IDPS. The evaluation analysis demonstrates the efficiency of this work against HTTP and Modbus/TCP cyberattacks, showing also how the entire accuracy is increased in the various re-training phases.},
keywords = {Cybersecurity, Healthcare, Machine Learning},
pubstate = {published},
tppubtype = {inproceedings}
}
The rapid evolution of the Internet of Medical Things (IoMT) introduces the healthcare ecosystem into a new reality consisting of smart medical devices and applications that provide multiple benefits, such as remote medical assistance, timely administration of medication, real-time monitoring, preventive care and health education. However, despite the valuable advantages, this new reality increases the cybersecurity and privacy concerns since vulnerable IoMT devices can access and handle autonomously patients’ data. Furthermore, the continuous evolution of cyberattacks, malware and zero-day vulnerabilities require the development of the appropriate countermeasures. In the light of the aforementioned remarks, in this paper, we present an Intrusion Detection and Prevention System (IDPS), which can protect the healthcare communications that rely on the Hypertext Transfer Protocol (HTTP) and the Modbus/Transmission Control Protocol (TCP). HTTP is commonly adopted by conventional ICT healthcare-related services, such as web-based Electronic Health Record (EHR) applications, while Modbus/TCP is an industrial protocol adopted by IoMT. Although the Machine Learning (ML) and Deep Learning (DL) methods have already demonstrated their efficacy in detecting intrusions, the rarely available intrusion detection datasets (especially in the healthcare sector) complicate their global application. The main contribution of this work lies in the fact that an active learning approach is modelled and adopted in order to re-train dynamically the supervised classifiers behind the proposed IDPS. The evaluation analysis demonstrates the efficiency of this work against HTTP and Modbus/TCP cyberattacks, showing also how the entire accuracy is increased in the various re-training phases. |
| 4. | Radoglou-Grammatikis, Panagiotis; Rompolos, Konstantinos; Sarigiannidis, Panagiotis; Argyriou, Vasileios; Lagkas, Thomas; Sarigiannidis, Antonios; Goudos, Sotirios; Wan, Shaohua Modeling, detecting, and mitigating threats against industrial healthcare systems: a combined software defined networking and reinforcement learning approach (Journal Article) In: IEEE Transactions on Industrial Informatics, vol. 18, no. 3, pp. 2041–2052, 2021. @article{radoglou2021modeling,
title = {Modeling, detecting, and mitigating threats against industrial healthcare systems: a combined software defined networking and reinforcement learning approach},
author = {Panagiotis Radoglou-Grammatikis and Konstantinos Rompolos and Panagiotis Sarigiannidis and Vasileios Argyriou and Thomas Lagkas and Antonios Sarigiannidis and Sotirios Goudos and Shaohua Wan},
url = {https://ieeexplore.ieee.org/abstract/document/9470933},
doi = {10.1109/TII.2021.3093905},
year = {2021},
date = {2021-01-01},
urldate = {2021-01-01},
journal = {IEEE Transactions on Industrial Informatics},
volume = {18},
number = {3},
pages = {2041--2052},
publisher = {IEEE},
abstract = {The rise of the Internet of Medical Things introduces the healthcare ecosystem in a new digital era with multiple benefits, such as remote medical assistance, real-time monitoring, and pervasive control. However, despite the valuable healthcare services, this progression raises significant cybersecurity and privacy concerns. In this article, we focus our attention on the IEC 60 870-5-104 protocol, which is widely adopted in industrial healthcare systems. First, we investigate and assess the severity of the IEC 60 870-5-104 cyberattacks by providing a quantitative threat model, which relies on Attack Defence Trees and Common Vulnerability Scoring System v3.1. Next, we introduce an intrusion detection and prevention system (IDPS), which is capable of discriminating and mitigating automatically the IEC 60 870-5-104 cyberattacks. The proposed IDPS takes full advantage of the machine learning (ML) and software defined networking (SDN) technologies. ML is used to detect the IEC 60 870-5-104 cyberattacks, utilizing 1) Transmission Control Protocol/Internet Protocol network flow statistics and 2) IEC 60 870-5-104 payload flow statistics. On the other side, the automated mitigation is transformed into a multiarmed bandit problem, which is solved through a reinforcement learning method called Thomson sampling and SDN. The evaluation analysis demonstrates the efficiency of the proposed IDPS in terms of intrusion detection accuracy and automated mitigation performance. The detection accuracy and the F1 score of the proposed IDPS reach 0.831 and 0.8258, respectively, while the mitigation accuracy is calculated at 0.923.},
keywords = {Cybersecurity, IEC-60870- 5-104, Internet of Things (IoT), Intrusion detection, Machine Learning, Software Defined Networks},
pubstate = {published},
tppubtype = {article}
}
The rise of the Internet of Medical Things introduces the healthcare ecosystem in a new digital era with multiple benefits, such as remote medical assistance, real-time monitoring, and pervasive control. However, despite the valuable healthcare services, this progression raises significant cybersecurity and privacy concerns. In this article, we focus our attention on the IEC 60 870-5-104 protocol, which is widely adopted in industrial healthcare systems. First, we investigate and assess the severity of the IEC 60 870-5-104 cyberattacks by providing a quantitative threat model, which relies on Attack Defence Trees and Common Vulnerability Scoring System v3.1. Next, we introduce an intrusion detection and prevention system (IDPS), which is capable of discriminating and mitigating automatically the IEC 60 870-5-104 cyberattacks. The proposed IDPS takes full advantage of the machine learning (ML) and software defined networking (SDN) technologies. ML is used to detect the IEC 60 870-5-104 cyberattacks, utilizing 1) Transmission Control Protocol/Internet Protocol network flow statistics and 2) IEC 60 870-5-104 payload flow statistics. On the other side, the automated mitigation is transformed into a multiarmed bandit problem, which is solved through a reinforcement learning method called Thomson sampling and SDN. The evaluation analysis demonstrates the efficiency of the proposed IDPS in terms of intrusion detection accuracy and automated mitigation performance. The detection accuracy and the F1 score of the proposed IDPS reach 0.831 and 0.8258, respectively, while the mitigation accuracy is calculated at 0.923. |
2020
|
| 5. | Grammatikis, Panagiotis Radoglou; Sarigiannidis, Panagiotis; Sarigiannidis, Antonios; Margounakis, Dimitrios; Tsiakalos, Apostolos; Efstathopoulos, Georgios An Anomaly Detection Mechanism for IEC 60870-5-104 (Inproceedings) In: 2020 9th International Conference on Modern Circuits and Systems Technologies (MOCAST), 2020. @inproceedings{inproceedingsb,
title = {An Anomaly Detection Mechanism for IEC 60870-5-104},
author = {Panagiotis Radoglou Grammatikis and Panagiotis Sarigiannidis and Antonios Sarigiannidis and Dimitrios Margounakis and Apostolos Tsiakalos and Georgios Efstathopoulos},
url = {https://www.researchgate.net/publication/344386495_An_Anomaly_Detection_Mechanism_for_IEC_60870-5-104},
doi = {10.1109/MOCAST49295.2020.9200285},
year = {2020},
date = {2020-01-01},
booktitle = {2020 9th International Conference on Modern Circuits and Systems Technologies (MOCAST)},
abstract = {The transformation of the conventional electricity grid into a new paradigm called smart grid demands the appropriate cybersecurity solutions. In this paper, we focus on the security of the IEC 60870-5-104 (IEC-104) protocol which is commonly used by Supervisory Control and Data Acquisition (SCADA) systems in the energy domain. In particular, after investigating its security issues, we provide a multivariate Intrusion Detection System (IDS) which adopts both access control and outlier detection mechanisms in order to detect timely possible anomalies against IEC-104. The efficiency of the proposed IDS is reflected by the Accuracy and F1 metrics that reach 98% and 87%, respectively.},
keywords = {Anomaly Detection, Cybersecurity, Data Acquisition, IEC-60870- 5-104},
pubstate = {published},
tppubtype = {inproceedings}
}
The transformation of the conventional electricity grid into a new paradigm called smart grid demands the appropriate cybersecurity solutions. In this paper, we focus on the security of the IEC 60870-5-104 (IEC-104) protocol which is commonly used by Supervisory Control and Data Acquisition (SCADA) systems in the energy domain. In particular, after investigating its security issues, we provide a multivariate Intrusion Detection System (IDS) which adopts both access control and outlier detection mechanisms in order to detect timely possible anomalies against IEC-104. The efficiency of the proposed IDS is reflected by the Accuracy and F1 metrics that reach 98% and 87%, respectively. |
| 6. | Grammatikis, Panagiotis Radoglou; Sarigiannidis, Panagiotis; Iturbe, Eider; Rios, Erkuden; Sarigiannidis, Antonios; Nikolis, Odysseas; Ioannidis, Dimosthenis; Machamint, Vasileios; Tzifas, Michalis; Giannakoulias, Alkiviadis; Angelopoulos, Michail; Papadopoulos, Anastasios; Ramos, Francisco Secure and Private Smart Grid: The SPEAR Architecture (Inproceedings) In: 2020 6th IEEE International Conference on Network Softwarization (NetSoft), pp. 450-456, 2020. @inproceedings{inproceedingsb,
title = {Secure and Private Smart Grid: The SPEAR Architecture},
author = {Panagiotis Radoglou Grammatikis and Panagiotis Sarigiannidis and Eider Iturbe and Erkuden Rios and Antonios Sarigiannidis and Odysseas Nikolis and Dimosthenis Ioannidis and Vasileios Machamint and Michalis Tzifas and Alkiviadis Giannakoulias and Michail Angelopoulos and Anastasios Papadopoulos and Francisco Ramos},
url = {https://www.researchgate.net/publication/343621502_Secure_and_Private_Smart_Grid_The_SPEAR_Architecture},
doi = {10.1109/NetSoft48620.2020.9165420},
year = {2020},
date = {2020-01-01},
booktitle = {2020 6th IEEE International Conference on Network Softwarization (NetSoft)},
pages = {450-456},
abstract = {Information and Communication Technology (ICT) is an integral part of Critical Infrastructures (CIs), bringing both significant pros and cons. Focusing our attention on the energy sector, ICT converts the conventional electrical grid into a new paradigm called Smart Grid (SG), providing crucial benefits such as pervasive control, better utilisation of the existing resources, self-healing, etc. However, in parallel, ICT increases the attack surface of this domain, generating new potential cyberthreats. In this paper, we present the Secure and PrivatE smArt gRid (SPEAR) architecture which constitutes an overall solution aiming at protecting SG, by enhancing situational awareness, detecting timely cyberattacks, collecting appropriate forensic evidence and providing an anonymous cybersecurity information-sharing mechanism. Operational characteristics and technical specifications details are analysed for each component, while also the communication interfaces among them are described in detail.},
keywords = {Anomaly Detection, Anonymity, Cybersecurity, Forensics, Honeypots, Intrusion detection, Privacy, Smart Grid},
pubstate = {published},
tppubtype = {inproceedings}
}
Information and Communication Technology (ICT) is an integral part of Critical Infrastructures (CIs), bringing both significant pros and cons. Focusing our attention on the energy sector, ICT converts the conventional electrical grid into a new paradigm called Smart Grid (SG), providing crucial benefits such as pervasive control, better utilisation of the existing resources, self-healing, etc. However, in parallel, ICT increases the attack surface of this domain, generating new potential cyberthreats. In this paper, we present the Secure and PrivatE smArt gRid (SPEAR) architecture which constitutes an overall solution aiming at protecting SG, by enhancing situational awareness, detecting timely cyberattacks, collecting appropriate forensic evidence and providing an anonymous cybersecurity information-sharing mechanism. Operational characteristics and technical specifications details are analysed for each component, while also the communication interfaces among them are described in detail. |
| 7. | Pliatsios, Dimitrios; Sarigiannidis, Panagiotis; Lagkas, Thomas; Sarigiannidis, Antonios G A Survey on SCADA Systems: Secure Protocols, Incidents, Threats and Tactics (Journal Article) In: IEEE Communications Surveys Tutorials, vol. 22, no. 3, pp. 1942-1976, 2020. @article{9066892,
title = {A Survey on SCADA Systems: Secure Protocols, Incidents, Threats and Tactics},
author = {Dimitrios Pliatsios and Panagiotis Sarigiannidis and Thomas Lagkas and Antonios G Sarigiannidis},
url = {https://ieeexplore.ieee.org/abstract/document/9066892},
doi = {10.1109/COMST.2020.2987688},
year = {2020},
date = {2020-01-01},
journal = {IEEE Communications Surveys Tutorials},
volume = {22},
number = {3},
pages = {1942-1976},
abstract = {Supervisory Control and Data Acquisition (SCADA) systems are the underlying monitoring and control components of critical infrastructures, such as power, telecommunication, transportation, pipelines, chemicals and manufacturing plants. Legacy SCADA systems operated on isolated networks, that made them less exposed to Internet threats. However, the increasing connection of SCADA systems to the Internet, as well as corporate networks, introduces severe security issues. Security considerations for SCADA systems are gaining higher attention, as the number of security incidents against these critical infrastructures is increasing. In this survey, we provide an overview of the general SCADA architecture, along with a detailed description of the SCADA communication protocols. Additionally, we discuss certain high-impact security incidents, objectives, and threats. Furthermore, we carry out an extensive review of the security proposals and tactics that aim to secure SCADA systems. We also discuss the state of SCADA system security. Finally, we present the current research trends and future advancements of SCADA security.},
keywords = {Cybersecurity, Protocols, SCADA, Security, Smart Grid, Trends},
pubstate = {published},
tppubtype = {article}
}
Supervisory Control and Data Acquisition (SCADA) systems are the underlying monitoring and control components of critical infrastructures, such as power, telecommunication, transportation, pipelines, chemicals and manufacturing plants. Legacy SCADA systems operated on isolated networks, that made them less exposed to Internet threats. However, the increasing connection of SCADA systems to the Internet, as well as corporate networks, introduces severe security issues. Security considerations for SCADA systems are gaining higher attention, as the number of security incidents against these critical infrastructures is increasing. In this survey, we provide an overview of the general SCADA architecture, along with a detailed description of the SCADA communication protocols. Additionally, we discuss certain high-impact security incidents, objectives, and threats. Furthermore, we carry out an extensive review of the security proposals and tactics that aim to secure SCADA systems. We also discuss the state of SCADA system security. Finally, we present the current research trends and future advancements of SCADA security. |
2019
|
| 8. | Efstathopoulos, Georgios; Grammatikis, Panagiotis Radoglou; Sarigiannidis, Panagiotis; Argyriou, Vasilis; Sarigiannidis, Antonios; Stamatakis, Konstantinos; Angelopoulos, Michail K; Athanasopoulos, Solon K Operational Data Based Intrusion Detection System for Smart Grid (Inproceedings) In: 2019 IEEE 24th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD), pp. 1-6, 2019. @inproceedings{8858503,
title = {Operational Data Based Intrusion Detection System for Smart Grid},
author = {Georgios Efstathopoulos and Panagiotis Radoglou Grammatikis and Panagiotis Sarigiannidis and Vasilis Argyriou and Antonios Sarigiannidis and Konstantinos Stamatakis and Michail K Angelopoulos and Solon K Athanasopoulos},
url = {https://ieeexplore.ieee.org/document/8858503},
doi = {10.1109/CAMAD.2019.8858503},
year = {2019},
date = {2019-01-01},
booktitle = {2019 IEEE 24th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD)},
pages = {1-6},
abstract = {With the rapid progression of Information and Communication Technology (ICT) and especially of Internet of Things (IoT), the conventional electrical grid is transformed into a new intelligent paradigm, known as Smart Grid (SG). SG provides significant benefits both for utility companies and energy consumers such as the two-way communication (both electricity and information), distributed generation, remote monitoring, self-healing and pervasive control. However, at the same time, this dependence introduces new security challenges, since SG inherits the vulnerabilities of multiple heterogeneous, co-existing legacy and smart technologies, such as IoT and Industrial Control Systems (ICS). An effective countermeasure against the various cyberthreats in SG is the Intrusion Detection System (IDS), informing the operator timely about the possible cyberattacks and anomalies. In this paper, we provide an anomaly-based IDS especially designed for SG utilising operational data from a real power plant. In particular, many machine learning and deep learning models were deployed, introducing novel parameters and feature representations in a comparative study. The evaluation analysis demonstrated the efficacy of the proposed IDS and the improvement due to the suggested complex data representation.},
keywords = {Anomaly Detection, Cybersecurity, Intrusion Detection System, Machine Learning, Operational Data, Smart Grid},
pubstate = {published},
tppubtype = {inproceedings}
}
With the rapid progression of Information and Communication Technology (ICT) and especially of Internet of Things (IoT), the conventional electrical grid is transformed into a new intelligent paradigm, known as Smart Grid (SG). SG provides significant benefits both for utility companies and energy consumers such as the two-way communication (both electricity and information), distributed generation, remote monitoring, self-healing and pervasive control. However, at the same time, this dependence introduces new security challenges, since SG inherits the vulnerabilities of multiple heterogeneous, co-existing legacy and smart technologies, such as IoT and Industrial Control Systems (ICS). An effective countermeasure against the various cyberthreats in SG is the Intrusion Detection System (IDS), informing the operator timely about the possible cyberattacks and anomalies. In this paper, we provide an anomaly-based IDS especially designed for SG utilising operational data from a real power plant. In particular, many machine learning and deep learning models were deployed, introducing novel parameters and feature representations in a comparative study. The evaluation analysis demonstrated the efficacy of the proposed IDS and the improvement due to the suggested complex data representation. |