Semantic Security Analysis of SCADA Networks to Detect Malicious Control Commands in Power Grid
In the modern SCADA (Supervisory Control and Data Acquisition) systems used in power grids, a sophisticated attacker can exploit system vulnerabilities and issue malicious control commands to drive remote facilities into an unsafe state without exhibiting any obvious protocol-level red flags. It is challenging to detect such attacks based solely on network activities. In order to overcome this challenge, we introduce a semantic analysis framework as part of intrusion detection system (IDS). The framework combines system knowledge on both cyber and physical infrastructure in the power grid to estimate execution consequences of control commands and thus, to reveal attacker’s malicious intentions. In this talk we first discuss the framework and then provide evaluation results on the IEEE 30-bus system.
Dr. Zbigniew T. Kalbarczyk is Research Professor at the Coordinated Science Laboratory, University of Illinois at Urbana-Champaign. Dr. Kalbarczyk’s research interests are in the area of design and validation of reliable and secure computing systems. His current work explores emerging technologies, such as resource virtualization to provide redundancy and assure system resiliency to accidental errors and malicious attacks. Currently, he is a lead researcher on the project to explore and develop high availability and security infrastructure capable of managing redundant resources to foil reliability and security threats, detect errors in both the user applications and the infrastructure components, and recover quickly from failures when they occur. Dr. Kalbarczyk’s research also involves analysis of data on failures and security attacks in large computing systems, and development of techniques for automated validation and benchmarking of dependable and secure computing systems using formal (e.g., model checking) and experimental methods (e.g., fault/attack injection).
Dr. Kalbarczyk served as a program Chair of Dependable Computing and Communication Symposium (DCCS), a track of the International Conference on Dependable Systems and Networks (DSN) 2007 and Program Co-Chair of Computer Performance and Dependability Symposium, a track of the DSN 2002. He has been an Associate Editor of IEEE Transactions on Dependable and Secure Computing. Dr. Kalbarczyk has published over 130 technical papers and is regularly invited to give tutorials and lectures on issues related to design and assessment of complex computing systems. He is a member of the IEEE, the IEEE Computer Society, and IFIP Working Group 10.4 on Dependable Computing and Fault Tolerance.
The seminar series is presented by the Trustworthy Cyber Infrastructure for the Power Grid (TCIPG) Project, an $18 million multi-university research effort whose partner institutions include the University of Illinois at Urbana-Champaign, Arizona State University, Dartmouth, and Washington State University. The TCIPG Project, a successor to the earlier NSF-funded TCIP Center, was founded in 2009 with support from the U.S. Department of Energy and the U.S. Department of Homeland Security. It is housed in the Information Trust Institute, University of Illinois at Urbana-Champaign.