As the Power Grid is a large-scale system of variety of nodes with large amount of time-sensitive data and lack of processing capabilities, aggregation of data and resources becomes a potential approach for intrustion detection and attack containment. We propose an attack containment framework (ACF) which is a integration of early warning and cooperative response approach. The framework lies in the novel concept of attack container which is an information structure and captures the trust behavior of a group and assists to contain the damage of the attacks.
We are currently looking at the value-changing attacks which essentially comes from the threat of software/firmware updates of Intelligent Electronic Devices (IED) by the vendors. However, we are not limiting ourselves to this type of attacks. The next step we are taking is timing attacks such as Denial-of-Service (DoS) attacks. We will also look at other type of attacks such as slander attack, sybil attack. The ultimate goal is to design the framework that can mitigate and contain these attacks.
The ACF framework enables different degrees of containment. Coarse-grained (hard) containment (i.e. containment in previous work) applies expensive and maybe slow actions to contain possible attacks. Typical examples of these actions are changing firewall policies, blocking accesses.Fine-grained (soft) containment happens much earlier than coarse-grained containment. Its goal is to apply much cheaper and softer actions to limit attackers’ capabilities and to drive the system out of the critical state. We are currently investigating these actions. Please come back and check out this exciting research.
The ACF framework also integrates other preventive schemes such as key management issues.
We evaluate our framework by both analysis and testbed. The testbed consists of real power devices and emulated devices.
- Hoang Nguyen, Klara Nahrstedt, Attack Containment Frame for Large-Scale Critical Infrastructures, 16th International Conference on Computer Communications and Networks (ICCCN), 2007
- Wenbo He, Xue Liu, Hoang Nguyen, Klara Nahrstedt, Tarek Abdelzaher, PDA: Privacy-preserving Data Aggregation in Wireless Sensor Networks, 26th Annual IEEE Conference on Computer Communications (INFOCOM), 2007
- Wenbo He, Ying Huang, Klara Nahrstedt, Whay C. Lee, SMOCK: A Self-contained Public Key Management Scheme for Mission-critical Wireless Ad Hoc Networks, in Proc. of 5th Annual IEEE International Conference on Pervasive Computing and Communications (PerCom), 2007
- Hoang Nguyen, Klara Nahrstedt, Detecting Anomalies by Data Aggregation in the Power Grid, UIUC Tech. Report, 2006
This project is a part of NSF TCIP project at UIUC. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation or US government.