Entry Ali:2015:RBI from tissec.bib

Last update: Sun Oct 15 02:58:48 MDT 2017                Valid HTML 3.2!

Index sections

Top | Symbols | Numbers | Math | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

BibTeX entry

@Article{Ali:2015:RBI,
  author =       "Muhammad Qasim Ali and Ehab Al-Shaer",
  title =        "Randomization-Based Intrusion Detection System for
                 Advanced Metering Infrastructure*",
  journal =      j-TISSEC,
  volume =       "18",
  number =       "2",
  pages =        "7:1--7:??",
  month =        dec,
  year =         "2015",
  CODEN =        "ATISBQ",
  DOI =          "https://doi.org/10.1145/2814936",
  ISSN =         "1094-9224 (print), 1557-7406 (electronic)",
  ISSN-L =       "1094-9224",
  bibdate =      "Mon Dec 21 18:18:49 MST 2015",
  bibsource =    "http://portal.acm.org/;
                 http://www.math.utah.edu/pub/tex/bib/tissec.bib",
  abstract =     "Smart grid deployment initiatives have been witnessed
                 in recent years. Smart grids provide bidirectional
                 communication between meters and head-end systems
                 through Advanced Metering Infrastructure (AMI). Recent
                 studies highlight the threats targeting AMI. Despite
                 the need for tailored Intrusion Detection Systems
                 (IDSs) for smart grids, very limited progress has been
                 made in this area. Unlike traditional networks, smart
                 grids have their own unique challenges, such as limited
                 computational power devices and potentially high
                 deployment cost, that restrict the deployment options
                 of intrusion detectors. We show that smart grids
                 exhibit deterministic and predictable behavior that can
                 be accurately modeled to detect intrusion. However, it
                 can also be leveraged by the attackers to launch
                 evasion attacks. To this end, in this article, we
                 present a robust mutation-based intrusion detection
                 system that makes the behavior unpredictable for the
                 attacker while keeping it deterministic for the system.
                 We model the AMI behavior using event logs collected at
                 smart collectors, which in turn can be verified using
                 the invariant specifications generated from the AMI
                 behavior and mutable configuration. Event logs are
                 modeled using fourth-order Markov chain and
                 specifications are written in Linear Temporal Logic
                 (LTL). To counter evasion and mimicry attacks, we
                 propose a configuration randomization module. The
                 approach provides robustness against evasion and
                 mimicry attacks; however, we discuss that it still can
                 be evaded to a certain extent. We validate our approach
                 on a real-world dataset of thousands of meters
                 collected at the AMI of a leading utility provider.",
  acknowledgement = ack-nhfb,
  articleno =    "7",
  fjournal =     "ACM Transactions on Information and System Security",
  journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J789",
}

Related entries