SPEAR SIEM: A Security Information and Event Management system for the Smart Grid,Computer Networks

当前位置： X-MOL 学术 › Comput. Netw. › 论文详情

Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)

SPEAR SIEM: A Security Information and Event Management system for the Smart Grid
Computer Networks ( IF 4.4 ) Pub Date : 2021-04-05 , DOI: 10.1016/j.comnet.2021.108008
Panagiotis Radoglou-Grammatikis , Panagiotis Sarigiannidis , Eider Iturbe , Erkuden Rios , Saturnino Martinez , Antonios Sarigiannidis , Georgios Eftathopoulos , Ioannis Spyridis , Achilleas Sesis , Nikolaos Vakakis , Dimitrios Tzovaras , Emmanouil Kafetzakis , Ioannis Giannoulakis , Michalis Tzifas , Alkiviadis Giannakoulias , Michail Angelopoulos , Francisco Ramos

The technological leap of smart technologies has brought the conventional electrical grid in a new digital era called Smart Grid (SG), providing multiple benefits, such as two-way communication, pervasive control and self-healing. However, this new reality generates significant cybersecurity risks due to the heterogeneous and insecure nature of SG. In particular, SG relies on legacy communication protocols that have not been implemented having cybersecurity in mind. Moreover, the advent of the Internet of Things (IoT) creates severe cybersecurity challenges. The Security Information and Event Management (SIEM) systems constitute an emerging technology in the cybersecurity area, having the capability to detect, normalise and correlate a vast amount of security events. They can orchestrate the entire security of a smart ecosystem, such as SG. Nevertheless, the current SIEM systems do not take into account the unique SG peculiarities and characteristics like the legacy communication protocols. In this paper, we present the Secure and PrivatE smArt gRid (SPEAR) SIEM, which focuses on SG. The main contribution of our work is the design and implementation of a SIEM system capable of detecting, normalising and correlating cyberattacks and anomalies against a plethora of SG application-layer protocols. It is noteworthy that the detection performance of the SPEAR SIEM is demonstrated with real data originating from four real SG use case (a) hydropower plant, (b) substation, (c) power plant and (d) smart home.

中文翻译：

SPEAR SIEM：智能电网的安全信息和事件管理系统

智能技术的技术飞跃将传统电网带入了称为智能电网（SG）的新数字时代，提供了双向通信，普及控制和自我修复等多项优势。但是，由于SG的异构性和不安全性，这种新现实产生了重大的网络安全风险。特别是，SG依赖于尚未实现的传统通信协议，并且考虑到了网络安全性。此外，物联网（IoT）的出现带来了严峻的网络安全挑战。安全信息和事件管理（SIEM）系统构成了网络安全领域的新兴技术，具有检测，规范化和关联大量安全事件的能力。他们可以协调SG等智能生态系统的整体安全性。但是，当前的SIEM系统并未考虑到SG的独特功能和特性（如传统通信协议）。在本文中，我们介绍了以SG为重点的安全和私有SMART gRid（SPEAR）SIEM。我们工作的主要贡献是SIEM系统的设计和实现，该系统能够针对大量SG应用层协议检测，规范化和关联网络攻击和异常。值得注意的是，SPEAR SIEM的检测性能已通过来自四个真实SG用例（a）水力发电厂，（b）变电站，（c）电厂和（d）智能家居的真实数据进行了演示。我们介绍了以SG为重点的安全私有云（SPEAR）SIEM。我们工作的主要贡献是SIEM系统的设计和实现，该系统能够针对大量SG应用层协议检测，规范化和关联网络攻击和异常。值得注意的是，SPEAR SIEM的检测性能已通过来自四个真实SG用例（a）水力发电厂，（b）变电站，（c）电厂和（d）智能家居的真实数据进行了演示。我们介绍了以SG为重点的安全私有云（SPEAR）SIEM。我们工作的主要贡献是SIEM系统的设计和实现，该系统能够针对大量SG应用层协议检测，规范化和关联网络攻击和异常。值得注意的是，SPEAR SIEM的检测性能已通过来自四个真实SG用例（a）水力发电厂，（b）变电站，（c）电厂和（d）智能家居的真实数据进行了演示。

更新日期：2021-04-13

点击分享查看原文

点击收藏

阅读更多本刊最新论文本刊介绍/投稿指南11