Abstract
The smart grid (SG) offers potential benefits for utilities, electric generators, and customers alike. However, the prevalence of cyber-attacks targeting the SG emphasizes its dark side. In particular, distributed denial-of-service (DDoS) attacks can affect the communication of different devices, interrupting the SG’s operation. This could have profound implications for the power system, including area blackouts. The problem is that few operational technology tools provide reflective DDoS protection. Furthermore, such tools often fail to classify the types of attacks that have occurred. Defensive capabilities are necessary to identify the footprints of attacks in a timely manner, as they occur, and to make these systems sustainable for delivery of the services as expected. To meet this need for defensive capabilities, we developed a situational awareness tool to detect system compromise by monitoring the indicators of compromise (IOCs) of amplification DDoS attacks. We achieved this aim by finding IOCs and exploring attack footprints to understand the nature of such attacks and their cyber behavior. Finally, an evaluation of our approach against a real dataset of DDoS attack instances indicated that our tool can distinguish and detect different types of amplification DDoS attacks.
Highlights
We considered three indicators of compromise (IOCs) to analyze while detecting distributed denial-of-service (DDoS) attacks:
In reflection-based DDoS attacks, the identity of the attacker remains hidden by utilizing a legitimate third-party component to perform an attack that overwhelms the target
Attacks based on the transmission control protocol (TCP) include a simple service discovery protocol (SSDP), while attacks based on the user datagram protocol (UDP) include the network time protocol (NTP) and the trivial file transfer protocol (TFTP)
Summary
Critical infrastructure systems—such as power systems—are being linked to other enterprise systems. These range from the desire to gather real-time business analytics, optimizing operations and increasing efficiency, to the necessity for remotely updating and maintaining systems to minimize the effort and time required, as well as the number of difficult-to-access locations. As experts continue to build increasingly complicated and massive linked systems, the scale of connection and complexity of such systems will only expand—resulting in an increase in the scale and impact of attacks. The incidence of cyber-attacks on the smart grid (SG) has increased in recent years, and these attacks have in certain cases resulted in outages and the theft of personal information [1].
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
