An Approach of Replicating Multi-Staged Cyber-Attacks and Countermeasures in a Smart Grid Co-Simulation Environment

While the digitization of power distribution grids brings many benefits, it also introduces new vulnerabilities for cyber-attacks. To maintain secure operations in the emerging threat landscape, detecting and implementing countermeasures against cyber-attacks are paramount. However, due to the lack...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Sen, Ömer, van der Velde, Dennis, Peters, Sebastian N, Henze, Martin
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title
container_volume
creator Sen, Ömer
van der Velde, Dennis
Peters, Sebastian N
Henze, Martin
description While the digitization of power distribution grids brings many benefits, it also introduces new vulnerabilities for cyber-attacks. To maintain secure operations in the emerging threat landscape, detecting and implementing countermeasures against cyber-attacks are paramount. However, due to the lack of publicly available attack data against Smart Grids (SGs) for countermeasure development, simulation-based data generation approaches offer the potential to provide the needed data foundation. Therefore, our proposed approach provides flexible and scalable replication of multi-staged cyber-attacks in an SG Co-Simulation Environment (COSE). The COSE consists of an energy grid simulator, simulators for Operation Technology (OT) devices, and a network emulator for realistic IT process networks. Focusing on defensive and offensive use cases in COSE, our simulated attacker can perform network scans, find vulnerabilities, exploit them, gain administrative privileges, and execute malicious commands on OT devices. As an exemplary countermeasure, we present a built-in Intrusion Detection System (IDS) that analyzes generated network traffic using anomaly detection with Machine Learning (ML) approaches. In this work, we provide an overview of the SG COSE, present a multi-stage attack model with the potential to disrupt grid operations, and show exemplary performance evaluations of the IDS in specific scenarios.
doi_str_mv 10.48550/arxiv.2110.02040
format Article
fullrecord <record><control><sourceid>arxiv_GOX</sourceid><recordid>TN_cdi_arxiv_primary_2110_02040</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2110_02040</sourcerecordid><originalsourceid>FETCH-LOGICAL-a670-2a200d0df5ad284c0a01adcde84bbcdf584013d52d3d293593ae2023b70cacc93</originalsourceid><addsrcrecordid>eNotj8FOwzAQRH3hgAofwIn9AZeNndDkGEWlIBUhkd6jje0Ui8SOHKeif09aOI30RhrNY-whwXWaZxk-Ufixp7VIFoACU7xlU-mgHMfgSX2B7-DTjL1VFK07wvvcR8vrSEejoTq3JvAyRlLfE5BbiJ9dNGEwNM3BTGAdENQDhQi7YC89r-0w98uYd7B1Jxu8G4yLd-ymo34y9_-5YoeX7aF65fuP3VtV7jk9b5ALEogadZeRFnmqkDAhrbTJ07ZVC85TTKTOhJZaFDIrJBmBQrYbVKRUIVfs8W_2at2MwS7fzs3Fvrnay1-2c1Zw</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>An Approach of Replicating Multi-Staged Cyber-Attacks and Countermeasures in a Smart Grid Co-Simulation Environment</title><source>arXiv.org</source><creator>Sen, Ömer ; van der Velde, Dennis ; Peters, Sebastian N ; Henze, Martin</creator><creatorcontrib>Sen, Ömer ; van der Velde, Dennis ; Peters, Sebastian N ; Henze, Martin</creatorcontrib><description>While the digitization of power distribution grids brings many benefits, it also introduces new vulnerabilities for cyber-attacks. To maintain secure operations in the emerging threat landscape, detecting and implementing countermeasures against cyber-attacks are paramount. However, due to the lack of publicly available attack data against Smart Grids (SGs) for countermeasure development, simulation-based data generation approaches offer the potential to provide the needed data foundation. Therefore, our proposed approach provides flexible and scalable replication of multi-staged cyber-attacks in an SG Co-Simulation Environment (COSE). The COSE consists of an energy grid simulator, simulators for Operation Technology (OT) devices, and a network emulator for realistic IT process networks. Focusing on defensive and offensive use cases in COSE, our simulated attacker can perform network scans, find vulnerabilities, exploit them, gain administrative privileges, and execute malicious commands on OT devices. As an exemplary countermeasure, we present a built-in Intrusion Detection System (IDS) that analyzes generated network traffic using anomaly detection with Machine Learning (ML) approaches. In this work, we provide an overview of the SG COSE, present a multi-stage attack model with the potential to disrupt grid operations, and show exemplary performance evaluations of the IDS in specific scenarios.</description><identifier>DOI: 10.48550/arxiv.2110.02040</identifier><language>eng</language><subject>Computer Science - Cryptography and Security ; Computer Science - Networking and Internet Architecture ; Computer Science - Systems and Control</subject><creationdate>2021-10</creationdate><rights>http://arxiv.org/licenses/nonexclusive-distrib/1.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,776,881</link.rule.ids><linktorsrc>$$Uhttps://arxiv.org/abs/2110.02040$$EView_record_in_Cornell_University$$FView_record_in_$$GCornell_University$$Hfree_for_read</linktorsrc><backlink>$$Uhttps://doi.org/10.48550/arXiv.2110.02040$$DView paper in arXiv$$Hfree_for_read</backlink></links><search><creatorcontrib>Sen, Ömer</creatorcontrib><creatorcontrib>van der Velde, Dennis</creatorcontrib><creatorcontrib>Peters, Sebastian N</creatorcontrib><creatorcontrib>Henze, Martin</creatorcontrib><title>An Approach of Replicating Multi-Staged Cyber-Attacks and Countermeasures in a Smart Grid Co-Simulation Environment</title><description>While the digitization of power distribution grids brings many benefits, it also introduces new vulnerabilities for cyber-attacks. To maintain secure operations in the emerging threat landscape, detecting and implementing countermeasures against cyber-attacks are paramount. However, due to the lack of publicly available attack data against Smart Grids (SGs) for countermeasure development, simulation-based data generation approaches offer the potential to provide the needed data foundation. Therefore, our proposed approach provides flexible and scalable replication of multi-staged cyber-attacks in an SG Co-Simulation Environment (COSE). The COSE consists of an energy grid simulator, simulators for Operation Technology (OT) devices, and a network emulator for realistic IT process networks. Focusing on defensive and offensive use cases in COSE, our simulated attacker can perform network scans, find vulnerabilities, exploit them, gain administrative privileges, and execute malicious commands on OT devices. As an exemplary countermeasure, we present a built-in Intrusion Detection System (IDS) that analyzes generated network traffic using anomaly detection with Machine Learning (ML) approaches. In this work, we provide an overview of the SG COSE, present a multi-stage attack model with the potential to disrupt grid operations, and show exemplary performance evaluations of the IDS in specific scenarios.</description><subject>Computer Science - Cryptography and Security</subject><subject>Computer Science - Networking and Internet Architecture</subject><subject>Computer Science - Systems and Control</subject><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2021</creationdate><recordtype>article</recordtype><sourceid>GOX</sourceid><recordid>eNotj8FOwzAQRH3hgAofwIn9AZeNndDkGEWlIBUhkd6jje0Ui8SOHKeif09aOI30RhrNY-whwXWaZxk-Ufixp7VIFoACU7xlU-mgHMfgSX2B7-DTjL1VFK07wvvcR8vrSEejoTq3JvAyRlLfE5BbiJ9dNGEwNM3BTGAdENQDhQi7YC89r-0w98uYd7B1Jxu8G4yLd-ymo34y9_-5YoeX7aF65fuP3VtV7jk9b5ALEogadZeRFnmqkDAhrbTJ07ZVC85TTKTOhJZaFDIrJBmBQrYbVKRUIVfs8W_2at2MwS7fzs3Fvrnay1-2c1Zw</recordid><startdate>20211005</startdate><enddate>20211005</enddate><creator>Sen, Ömer</creator><creator>van der Velde, Dennis</creator><creator>Peters, Sebastian N</creator><creator>Henze, Martin</creator><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20211005</creationdate><title>An Approach of Replicating Multi-Staged Cyber-Attacks and Countermeasures in a Smart Grid Co-Simulation Environment</title><author>Sen, Ömer ; van der Velde, Dennis ; Peters, Sebastian N ; Henze, Martin</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a670-2a200d0df5ad284c0a01adcde84bbcdf584013d52d3d293593ae2023b70cacc93</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2021</creationdate><topic>Computer Science - Cryptography and Security</topic><topic>Computer Science - Networking and Internet Architecture</topic><topic>Computer Science - Systems and Control</topic><toplevel>online_resources</toplevel><creatorcontrib>Sen, Ömer</creatorcontrib><creatorcontrib>van der Velde, Dennis</creatorcontrib><creatorcontrib>Peters, Sebastian N</creatorcontrib><creatorcontrib>Henze, Martin</creatorcontrib><collection>arXiv Computer Science</collection><collection>arXiv.org</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Sen, Ömer</au><au>van der Velde, Dennis</au><au>Peters, Sebastian N</au><au>Henze, Martin</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>An Approach of Replicating Multi-Staged Cyber-Attacks and Countermeasures in a Smart Grid Co-Simulation Environment</atitle><date>2021-10-05</date><risdate>2021</risdate><abstract>While the digitization of power distribution grids brings many benefits, it also introduces new vulnerabilities for cyber-attacks. To maintain secure operations in the emerging threat landscape, detecting and implementing countermeasures against cyber-attacks are paramount. However, due to the lack of publicly available attack data against Smart Grids (SGs) for countermeasure development, simulation-based data generation approaches offer the potential to provide the needed data foundation. Therefore, our proposed approach provides flexible and scalable replication of multi-staged cyber-attacks in an SG Co-Simulation Environment (COSE). The COSE consists of an energy grid simulator, simulators for Operation Technology (OT) devices, and a network emulator for realistic IT process networks. Focusing on defensive and offensive use cases in COSE, our simulated attacker can perform network scans, find vulnerabilities, exploit them, gain administrative privileges, and execute malicious commands on OT devices. As an exemplary countermeasure, we present a built-in Intrusion Detection System (IDS) that analyzes generated network traffic using anomaly detection with Machine Learning (ML) approaches. In this work, we provide an overview of the SG COSE, present a multi-stage attack model with the potential to disrupt grid operations, and show exemplary performance evaluations of the IDS in specific scenarios.</abstract><doi>10.48550/arxiv.2110.02040</doi><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier DOI: 10.48550/arxiv.2110.02040
ispartof
issn
language eng
recordid cdi_arxiv_primary_2110_02040
source arXiv.org
subjects Computer Science - Cryptography and Security
Computer Science - Networking and Internet Architecture
Computer Science - Systems and Control
title An Approach of Replicating Multi-Staged Cyber-Attacks and Countermeasures in a Smart Grid Co-Simulation Environment
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-22T15%3A44%3A35IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-arxiv_GOX&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=An%20Approach%20of%20Replicating%20Multi-Staged%20Cyber-Attacks%20and%20Countermeasures%20in%20a%20Smart%20Grid%20Co-Simulation%20Environment&rft.au=Sen,%20%C3%96mer&rft.date=2021-10-05&rft_id=info:doi/10.48550/arxiv.2110.02040&rft_dat=%3Carxiv_GOX%3E2110_02040%3C/arxiv_GOX%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true