Subscribe to Syndicate

Harnessing the Unknown in Advanced Meter Infrastructure Traffic

TitleHarnessing the Unknown in Advanced Meter Infrastructure Traffic
Publication TypeConference Paper
Year of Publication2015
AuthorsTudor V, Almgren M, Papatriantafilou M
Conference Namethe ACM Symposium on Applied Computing (SAC 2015)
Date Published04/2015
PublisherACM
Conference LocationSalamanca, Spain
Abstract

The Advanced Metering Infrastructure (AMI), a key component for smart grids, is expanding with more installed devices. Due to security and privacy concerns, the communication between these devices is encrypted, making it more secure against malicious third parties but also obscuring the ability of the network owner to detect any misbehaving user or equipment. We are investigating how to balance the need for confidentiality with the need to monitor the AMI. More specifically, we develop one important component for an AMI Intrusion Detection System (IDS), which can accurately determine the individual commands (but not their content) sent between AMI devices even when they are sent over an encrypted channel or in a protocol that the IDS cannot parse. We explain our methodology and propose features which summarize traffic characteristics. We conduct a feasibility study based on representative protocols in AMI and demonstrate the real utility of this IDScomponent. Our results are validated experimentally using two different datasets containing realistic traffic captured from two different AMI testbeds.