Abstract
Advanced information technologies have transformed into high-level services for more efficient use of energy resources through the fusion with the energy infrastructure. As a part of these technologies, the energy cloud is a technology that maximizes the efficiency of energy resources through the organic connection between the entities that produce and consume the energy. However, the disruption or destruction of energy cloud systems through cyberattacks can lead to incidents such as massive blackouts, which can lead to national disasters. Furthermore, since the technique and severity of modern cyberattacks continue to improve, the energy cloud environment must be designed to resist cyberattacks. However, since the energy cloud environment has different characteristics from general infrastructures such as the smart grid and the Advanced Metering Infrastructure (AMI), it requires security technology specialized to its environment. This paper proposes a cyber threat intelligence framework to improve the energy cloud environment’s security. Cyber Threat Intelligence (CTI) is a technology to actively respond to advanced cyber threats by collecting and analyzing various threat indicators and generating contextual knowledge about the cyber threats. The framework proposed in this paper analyzes threat indicators that can be collected in the advanced metering infrastructure and proposes a cyber threat intelligence generation technique targeting the energy cloud. This paper also proposes a method that can quickly apply a security model to a large-scale energy cloud infrastructure through a mechanism for sharing and spreading cyber threat intelligence between the AMI layer and the cloud layer. Our framework provides a way to effectively apply the proposed technologies through the CTI architecture, including the local AMI layer, the station layer, and the cloud layer. Furthermore, we show that the proposed framework can effectively respond to cyber threats by showing a 0.822 macro-F1 score and a 0.843 micro-F1 score for cyberattack detection in an environment that simulates a model of an attacker and an energy cloud environment.
Highlights
The development of Information Technologies (ITs) has emerged in various paradigms such as Artificial Intelligence (AI), blockchain, and the Internet of Things (IoT), and the smart energy environment represented by the smart grid is one of them
Due to the constraints of the configured environment, there were no significant differences in local threat detection accuracy level according to the number of processes
The collected data are used as a dataset for a deep learning-based threat detection technique in the middle station layer, and the detection result is fused with Indicators of Compromises (IoCs) data to create a security policy specialized for the local environment
Summary
The development of Information Technologies (ITs) has emerged in various paradigms such as Artificial Intelligence (AI), blockchain, and the Internet of Things (IoT), and the smart energy environment represented by the smart grid is one of them. Representation and creation of energy cloud-specific CTI data: The proposed framework identifies and collects IoC data specialized for the AMI layer’s energy cloud environment Through this process, data can be selected to suit the characteristics of the AMI layer in which various devices are included, and this forms the basis of practical security functions for responding to cyberattacks targeting AMIs. The station layer’s CTI server generates a CTI suitable for the lower AMI network using the threat-related data provided from the cloud layer to counter targeted and advanced threats. This hierarchical CTI structure copes with both cyberattacks that attack a wide area and those that attack a specific target.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
