Big Data against Smart Grid Threats

 

D. Pliatsios, P. Sarigiannidis, K. Psannis, S. K. Goudos, V. Vitsas, I. Moscholios, “Big Data against Security Threats: The SPEAR Intrusion Detection System”, in The 3rd World Symposium on Communication Engineering (WSCE 2020), Thessaloniki, Greece, 2020, pp. 12-17. [Online] Available: https://zenodo.org/record/4575980


Smart Grid is a new power grid paradigm that aims to intelligently coordinate the behaviours of all entities involved in energy generation, distribution, and consumption. Smart Grid consists of multiple smart devices that have limited processing capabilities. As a result, conventional attack detection and mitigation mechanisms cannot efficiently protect large-scale deployments.

Our latest work entitled "Big Data against Security Threats: The SPEAR Intrusion Detection System" presented the Intrusion Detection System that is being developed in the context of the SPEAR project. The work was presented at the 3rd World Symposium on Communication Engineering (WSCE 2020) and won the best presentation award.

Introducing a Novel Security Information and Event Management Tool

  • SPEAR introduces an additional defence level in Security Information and Event Management (SIEM) tools
  • The SPEAR SIEM tool consists of four main components
    • Data Acquisition Parsing and Storage
    • Big Data Analytics
    • Message Bus
    • Visual-based Intrusion Detection System
  • Big Data analytics and visualization techniques will timely detect cyberattacks

A Complete Smart Grid Security Solution

SPEAR constitutes a complete security solution, tailored to the security requirements of the Smart Grid. The integrated Big Data analytics are capable of monitoring large-scale deployments of smart devices. Additionally, intuitive visualization techniques can provide real-time information about the smart grid status, as well as detailed alerts in cases of cyberattacks. From the market perspective, the SPEAR solution offers security automation, accelerates time-to-protection, and facilitates security operations.

Case Study: Wind Power Plant

  • The wind power plant features some unique characteristics according to the European Program for Critical Infrastructure Protection
  • The SPEAR SIEM tool is installed in the plant’s control centre
  • The NCP instances are deployed in the power plant’s Programmable Logic Controllers (PLCs)
  • The network traffic is collected by the NCP Instances and forwarded to the SPEAR SIEM tool for further analysis