TY - GEN
T1 - Explainable Autonomic Cybersecurity System for Smart Power Grid
AU - Zhang, Chengjun
AU - Shao, Wenda
AU - Wang, Xianglong
AU - Cao, Yinzhi
AU - Alhamadah, Ahmed Hussain J.
AU - Lin, Yu Zheng
AU - Satam, Pratik
AU - Watkins, Lanier
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - The proliferation of high-speed networks in modern power systems has increased the interaction between internet and physical infrastructures, making them vulnerable to cyber-attacks. In response to this challenge, this paper offers a comprehensive power system simulation process and introduces the notion of explainable autonomic cybersecurity (eACS) for smart power grids. This approach leverages the existing framework in the area of autonomic cybersecurity, but with a specific focus on model explainability. Our testbed emulates a smart grid, incorporating data from power system components, a control center, and a substation. We implement a 2-level self-aware autonomic system with micro-intrusion detection systems (IDS) monitoring the control system, substation, and physical aspects of the smart grid separately. These micro-IDS feed their findings into an aggregator that identifies the threat type and provides an active response to mitigate it. The active countermeasure component automatically generates dedicated firewall rules based on the model's explainer, accompanied by a detailed diagnostic report to aid security analysts. Our results demonstrate that this approach effectively detects and reports a wide range of attacks, aiding in their mitigation.
AB - The proliferation of high-speed networks in modern power systems has increased the interaction between internet and physical infrastructures, making them vulnerable to cyber-attacks. In response to this challenge, this paper offers a comprehensive power system simulation process and introduces the notion of explainable autonomic cybersecurity (eACS) for smart power grids. This approach leverages the existing framework in the area of autonomic cybersecurity, but with a specific focus on model explainability. Our testbed emulates a smart grid, incorporating data from power system components, a control center, and a substation. We implement a 2-level self-aware autonomic system with micro-intrusion detection systems (IDS) monitoring the control system, substation, and physical aspects of the smart grid separately. These micro-IDS feed their findings into an aggregator that identifies the threat type and provides an active response to mitigate it. The active countermeasure component automatically generates dedicated firewall rules based on the model's explainer, accompanied by a detailed diagnostic report to aid security analysts. Our results demonstrate that this approach effectively detects and reports a wide range of attacks, aiding in their mitigation.
KW - Cybersecurity
KW - Industrial Control
KW - Intrusion Detection
KW - Network Security
KW - Power Grids
KW - Power System
KW - Smart Grid
UR - http://www.scopus.com/inward/record.url?scp=85210556269&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85210556269&partnerID=8YFLogxK
U2 - 10.1109/CNS62487.2024.10735649
DO - 10.1109/CNS62487.2024.10735649
M3 - Conference contribution
AN - SCOPUS:85210556269
T3 - 2024 IEEE Conference on Communications and Network Security, CNS 2024
BT - 2024 IEEE Conference on Communications and Network Security, CNS 2024
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2024 IEEE Conference on Communications and Network Security, CNS 2024
Y2 - 30 September 2024 through 3 October 2024
ER -