Harnessing the Unknown in Advanced Meter Infrastructure Traffic
|Title||Harnessing the Unknown in Advanced Meter Infrastructure Traffic|
|Publication Type||Conference Paper|
|Year of Publication||2015|
|Authors||Tudor V, Almgren M, Papatriantafilou M|
|Conference Name||the ACM Symposium on Applied Computing (SAC 2015)|
|Conference Location||Salamanca, Spain|
The Advanced Metering Infrastructure (AMI), a key component for smart grids, is expanding with more installed devices. Due to security and privacy concerns, the communication between these devices is encrypted, making it more secure against malicious third parties but also obscuring the ability of the network owner to detect any misbehaving user or equipment. We are investigating how to balance the need for confidentiality with the need to monitor the AMI. More specifically, we develop one important component for an AMI Intrusion Detection System (IDS), which can accurately determine the individual commands (but not their content) sent between AMI devices even when they are sent over an encrypted channel or in a protocol that the IDS cannot parse. We explain our methodology and propose features which summarize traffic characteristics. We conduct a feasibility study based on representative protocols in AMI and demonstrate the real utility of this IDScomponent. Our results are validated experimentally using two different datasets containing realistic traffic captured from two different AMI testbeds.