Cyber-physical security metric inference in smart grid critical infrastructures based on system administrators' responsive behavior

Saman Zonouz, Parisa Haghani

Research output: Contribution to journalArticle

13 Citations (Scopus)

Abstract

To protect complex power-grid control networks, efficient security assessment techniques are required. However, efficiently making sure that calculated security measures match the expert knowledge is a challenging endeavor. In this paper, we present EliMet, a framework that combines information from different sources and estimates the extent to which a control network meets its security objective. Initially, EliMet passively observes system operators' online reactive behavior against security incidents, and accordingly refines the calculated security measure values. To make the values comply with the expert knowledge, EliMet actively queries operators regarding those states for which sufficient information was not gained during the passive observation. Finally, EliMet makes use of the estimated security measure values for predictive situational awareness by ranking potential cyber-physical contingencies that the security administrators should plan for upfront. Our experimental results show that EliMet can optimally make use of prior knowledge as well as automated inference techniques to minimize human involvement and efficiently deduce the expert knowledge regarding individual states of that particular system.

Original languageEnglish
Pages (from-to)190-200
Number of pages11
JournalComputers and Security
Volume39
Issue numberPART B
DOIs
StatePublished - Dec 6 2013

Fingerprint

Critical infrastructures
infrastructure
expert knowledge
Values
contingency
ranking
incident
knowledge

Keywords

  • Cyber-physical system security
  • Intrusion detection and response
  • Power grid critical infrastructure
  • Security metric
  • Situational awareness

ASJC Scopus subject areas

  • Computer Science(all)
  • Law

Cite this

Cyber-physical security metric inference in smart grid critical infrastructures based on system administrators' responsive behavior. / Zonouz, Saman; Haghani, Parisa.

In: Computers and Security, Vol. 39, No. PART B, 06.12.2013, p. 190-200.

Research output: Contribution to journalArticle

@article{ab17e3f86ec94378b7d4fd64296db9dc,
title = "Cyber-physical security metric inference in smart grid critical infrastructures based on system administrators' responsive behavior",
abstract = "To protect complex power-grid control networks, efficient security assessment techniques are required. However, efficiently making sure that calculated security measures match the expert knowledge is a challenging endeavor. In this paper, we present EliMet, a framework that combines information from different sources and estimates the extent to which a control network meets its security objective. Initially, EliMet passively observes system operators' online reactive behavior against security incidents, and accordingly refines the calculated security measure values. To make the values comply with the expert knowledge, EliMet actively queries operators regarding those states for which sufficient information was not gained during the passive observation. Finally, EliMet makes use of the estimated security measure values for predictive situational awareness by ranking potential cyber-physical contingencies that the security administrators should plan for upfront. Our experimental results show that EliMet can optimally make use of prior knowledge as well as automated inference techniques to minimize human involvement and efficiently deduce the expert knowledge regarding individual states of that particular system.",
keywords = "Cyber-physical system security, Intrusion detection and response, Power grid critical infrastructure, Security metric, Situational awareness",
author = "Saman Zonouz and Parisa Haghani",
year = "2013",
month = "12",
day = "6",
doi = "10.1016/j.cose.2013.07.003",
language = "English",
volume = "39",
pages = "190--200",
journal = "Computers and Security",
issn = "0167-4048",
publisher = "Elsevier Limited",
number = "PART B",

}

TY - JOUR

T1 - Cyber-physical security metric inference in smart grid critical infrastructures based on system administrators' responsive behavior

AU - Zonouz, Saman

AU - Haghani, Parisa

PY - 2013/12/6

Y1 - 2013/12/6

N2 - To protect complex power-grid control networks, efficient security assessment techniques are required. However, efficiently making sure that calculated security measures match the expert knowledge is a challenging endeavor. In this paper, we present EliMet, a framework that combines information from different sources and estimates the extent to which a control network meets its security objective. Initially, EliMet passively observes system operators' online reactive behavior against security incidents, and accordingly refines the calculated security measure values. To make the values comply with the expert knowledge, EliMet actively queries operators regarding those states for which sufficient information was not gained during the passive observation. Finally, EliMet makes use of the estimated security measure values for predictive situational awareness by ranking potential cyber-physical contingencies that the security administrators should plan for upfront. Our experimental results show that EliMet can optimally make use of prior knowledge as well as automated inference techniques to minimize human involvement and efficiently deduce the expert knowledge regarding individual states of that particular system.

AB - To protect complex power-grid control networks, efficient security assessment techniques are required. However, efficiently making sure that calculated security measures match the expert knowledge is a challenging endeavor. In this paper, we present EliMet, a framework that combines information from different sources and estimates the extent to which a control network meets its security objective. Initially, EliMet passively observes system operators' online reactive behavior against security incidents, and accordingly refines the calculated security measure values. To make the values comply with the expert knowledge, EliMet actively queries operators regarding those states for which sufficient information was not gained during the passive observation. Finally, EliMet makes use of the estimated security measure values for predictive situational awareness by ranking potential cyber-physical contingencies that the security administrators should plan for upfront. Our experimental results show that EliMet can optimally make use of prior knowledge as well as automated inference techniques to minimize human involvement and efficiently deduce the expert knowledge regarding individual states of that particular system.

KW - Cyber-physical system security

KW - Intrusion detection and response

KW - Power grid critical infrastructure

KW - Security metric

KW - Situational awareness

UR - http://www.scopus.com/inward/record.url?scp=84888877788&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84888877788&partnerID=8YFLogxK

U2 - 10.1016/j.cose.2013.07.003

DO - 10.1016/j.cose.2013.07.003

M3 - Article

VL - 39

SP - 190

EP - 200

JO - Computers and Security

JF - Computers and Security

SN - 0167-4048

IS - PART B

ER -