Fraunhofer-Institut für Angewandte Informationstechnik FIT

Filters

5
Reset filters

Settings
Now showing 1 - 5 of 5
  • Publication
    Investigation of Multi-Stage Attack and Defense Simulation for Data Synthesis
    ( 2023-09)
    Sen, Ömer
    ;
    Ivanov, Bozhidar
    ;
    Henze, Martin
    ;
    Ulbig, Andreas
    The power grid is a critical infrastructure that plays a vital role in modern society. Its availability is of utmost importance, as a loss can endanger human lives. However, with the increasing digitalization of the power grid, it also becomes vulnerable to new cyberattacks that can compromise its availability. To counter these threats, intrusion detection systems are developed and deployed to detect cyberattacks targeting the power grid. Among intrusion detection systems, anomaly detection models based on machine learning have shown potential in detecting unknown attack vectors. However, the scarcity of data for training these models remains a challenge due to confidentiality concerns. To overcome this challenge, this study proposes a model for generating synthetic data of multi-stage cyber attacks in the power grid, using attack trees to model the attacker's sequence of steps and a game-theoretic approach to incorporate the defender's actions. This model aims to create diverse attack data on which machine learning algorithms can be trained.
  • Publication
    An Approach to Abstract Multi-stage Cyberattack Data Generation for ML-Based IDS in Smart Grids
    ( 2023)
    Sen, Ömer
    ;
    Malskorn, Philipp
    ;
    Glomb, Simon
    ;
    Hacker, Immanuel
    ;
    Henze, Martin
    ;
    Ulbig, Andreas
    Power grids are becoming more digitized, resulting in new opportunities for the grid operation but also new chal-lenges, such as new threats from the cyber-domain. To address these challenges, cybersecurity solutions are being considered in the form of preventive, detective, and reactive measures. Machine learning-based intrusion detection systems are used as part of detection efforts to detect and defend against cyberattacks. However, training and testing data for these systems are often not available or suitable for use in machine learning models for detecting multi-stage cyberattacks in smart grids. In this paper, we propose a method to generate synthetic data using a graph-based approach for training machine learning models in smart grids. We use an abstract form of multi-stage cyberattacks defined via graph formulations and simulate the propagation behavior of attacks in the network. Within the selected scenarios, we observed promising results, but a larger number of scenarios need to be studied to draw a more informed conclusion about the suitability of synthesized data.
  • Publication
    A cyber-physical digital twin approach to replicating realistic multi-stage cyberattacks on smart grids
    ( 2023)
    Sen, Ömer
    ;
    Bleser, N.
    ;
    Henze, Martin
    ;
    Ulbig, Andreas
    The integration of information and communication technology in distribution grids presents opportunities for active grid operation management, but also increases the need for security against power outages and cyberattacks. This paper examines the impact of cyberattacks on smart grids by replicating the power grid in a secure laboratory environment as a cyber-physical digital twin. A simulation is used to study communication infrastructures for secure operation of smart grids. The cyber-physical digital twin approach combines communication network emulation and power grid simulation in a common modular environment, and is demonstrated through laboratory tests and attack replications.
  • Publication
    On specification-based cyber-attack detection in smart grids
    ( 2022)
    Sen, Ömer
    ;
    Velde, Dennis van der
    ;
    Lühman, Maik
    ;
    Sprünken, Florian
    ;
    Hacker, Immanuel
    ;
    Ulbig, Andreas
    ;
    Andres, Michael
    ;
    Henze, Martin
    The transformation of power grids into intelligent cyber-physical systems brings numerous benefits, but also significantly increases the surface for cyber-attacks, demanding appropriate countermeasures. However, the development, validation, and testing of data-driven countermeasures against cyber-attacks, such as machine learning-based detection approaches, lack important data from real-world cyber incidents. Unlike attack data from real-world cyber incidents, infrastructure knowledge and standards are accessible through expert and domain knowledge. Our proposed approach uses domain knowledge to define the behavior of a smart grid under non-attack conditions and detect attack patterns and anomalies. Using a graph-based specification formalism, we combine cross-domain knowledge that enables the generation of whitelisting rules not only for statically defined protocol fields but also for communication flows and technical operation boundaries. Finally, we evaluate our specification-based intrusion detection system against various attack scenarios and assess detection quality and performance. In particular, we investigate a data manipulation attack in a future-orientated use case of an IEC 60870-based SCADA system that controls distributed energy resources in the distribution grid. Our approach can detect severe data manipulation attacks with high accuracy in a timely and reliable manner.
  • Publication
    Investigating Man-in-the-Middle-based False Data Injection in a Smart Grid Laboratory Environment
    ( 2021)
    Sen, Ömer
    ;
    Veldc, Dennis van der
    ;
    Linnartz, Philipp
    ;
    Hacker, Immanuel
    ;
    Henze, Martin
    ;
    Andres, Michael
    ;
    Ulbig, Andreas
    With the increasing use of information and communication technology in electrical power grids, the security of energy supply is increasingly threatened by cyber-attacks. Traditional cyber-security measures, such as firewalls or intrusion detection/prevention systems, can be used as mitigation and prevention measures, but their effective use requires a deep understanding of the potential threat landscape and complex attack processes in energy information systems. Given the complexity and lack of detailed knowledge of coordinated, timed attacks in smart grid applications, we need information and insight into realistic attack scenarios in an appropriate and practical setting. In this paper, we present a man-in-the-middle-based attack scenario that intercepts process communication between control systems and field devices, employs false data injection techniques, and performs data corruption such as sending false commands to field devices. We demonstrate the applicability of the presented attack scenario in a physical smart grid laboratory environment and analyze the generated data under normal and attack conditions to extract domain-specific knowledge for detection mechanisms.