skip to main content


Title: GLASS: A Graph Learning Approach for Software Defined Network Based Smart Grid DDoS Security
In recent years, smart grid communications (SGC) has evolved to use new technologies not only for data delivery but also for enhanced smart grid (SG) security and reliability. Software Defined Networks (SDN) has proved to be a reliable and efficient architecture for handling diverse communication systems due to their ability to divide responsibilities of the network using control plane and data plane. This paper presents a graph learning approach for detecting and identifying Distributed Denial of Service (DDoS) attacks in SDN-SGC systems (GLASS). GLASS is a two phase framework that (1) detects if SDN-SGC is under DDoS attack using supervised graph deep learning and then (2) identifies the compromised entities using unsupervised learning methods. Network performance statistics are used for modeling SDN-SGC graphs, which train Graph Convolutional Neural Networks (GCN) to extract latent representations caused by DDoS attacks. Finally, spectral clustering is used to identify compromised entities. The experimental results, obtained by analysis of an IEEE 118-bus system, show the average throughput for compromised entities is able to maintain 84% of normal traffic level with GLASS, compared to achieving only 4% of normal throughput caused by DDoS attacks on compromised entities without the GLASS framework.  more » « less
Award ID(s):
1809739
NSF-PAR ID:
10294281
Author(s) / Creator(s):
; ;
Date Published:
Journal Name:
IEEE ICC 2021 - IEEE International Conference on Communications
Page Range / eLocation ID:
1 to 6
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. Communication networks in power systems are a major part of the smart grid paradigm. It enables and facilitates the automation of power grid operation as well as self-healing in contingencies. Such dependencies on communication networks, though, create a roam for cyber-threats. An adversary can launch an attack on the communication network, which in turn reflects on power grid operation. Attacks could be in the form of false data injection into system measurements, flooding the communication channels with unnecessary data, or intercepting messages. Using machine learning-based processing on data gathered from communication networks and the power grid is a promising solution for detecting cyber threats. In this paper, a co-simulation of cyber-security for cross-layer strategy is presented. The advantage of such a framework is the augmentation of valuable data that enhances the detection as well as identification of anomalies in the operation of the power grid. The framework is implemented on the IEEE 118-bus system. The system is constructed in Mininet to simulate a communication network and obtain data for analysis. A distributed three controller software-defined networking (SDN) framework is proposed that utilizes the Open Network Operating System (ONOS) cluster. According to the findings of our suggested architecture, it outperforms a single SDN controller framework by a factor of more than ten times the throughput. This provides for a higher flow of data throughout the network while decreasing congestion caused by a single controller’s processing restrictions. Furthermore, our CECD-AS approach outperforms state-of-the-art physics and machine learning-based techniques in terms of attack classification. The performance of the framework is investigated under various types of communication attacks. 
    more » « less
  2. The Internet of Things (IoT) is a network of sensors that helps collect data 24/7 without human intervention. However, the network may suffer from problems such as the low battery, heterogeneity, and connectivity issues due to the lack of standards. Even though these problems can cause several performance hiccups, security issues need immediate attention because hackers access vital personal and financial information and then misuse it. These security issues can allow hackers to hijack IoT devices and then use them to establish a Botnet to launch a Distributed Denial of Service (DDoS) attack. Blockchain technology can provide security to IoT devices by providing secure authentication using public keys. Similarly, Smart Contracts (SCs) can improve the performance of the IoT–blockchain network through automation. However, surveyed work shows that the blockchain and SCs do not provide foolproof security; sometimes, attackers defeat these security mechanisms and initiate DDoS attacks. Thus, developers and security software engineers must be aware of different techniques to detect DDoS attacks. In this survey paper, we highlight different techniques to detect DDoS attacks. The novelty of our work is to classify the DDoS detection techniques according to blockchain technology. As a result, researchers can enhance their systems by using blockchain-based support for detecting threats. In addition, we provide general information about the studied systems and their workings. However, we cannot neglect the recent surveys. To that end, we compare the state-of-the-art DDoS surveys based on their data collection techniques and the discussed DDoS attacks on the IoT subsystems. The study of different IoT subsystems tells us that DDoS attacks also impact other computing systems, such as SCs, networking devices, and power grids. Hence, our work briefly describes DDoS attacks and their impacts on the above subsystems and IoT. For instance, due to DDoS attacks, the targeted computing systems suffer delays which cause tremendous financial and utility losses to the subscribers. Hence, we discuss the impacts of DDoS attacks in the context of associated systems. Finally, we discuss Machine-Learning algorithms, performance metrics, and the underlying technology of IoT systems so that the readers can grasp the detection techniques and the attack vectors. Moreover, associated systems such as Software-Defined Networking (SDN) and Field-Programmable Gate Arrays (FPGA) are a source of good security enhancement for IoT Networks. Thus, we include a detailed discussion of future development encompassing all major IoT subsystems. 
    more » « less
  3. A centralized Software-defined Network (SDN) controller, due to its nature, faces many issues such as a single point of failure, computational complexity growth, different types of attacks, reliability challenges and scalability concerns. One of the most common fifth generation cyber-attacks is the Distributed Denial of Service (DDoS) attack. Having a single SDN controller can lead to a plethora of issues with respect to latency, computational complexity in the control plane, reachability, and scalability as the network scale increases. To address these issues, state-of-the-art approaches have investigated multiple SDN controllers in the network. The placement of these multiple controllers has drawn more attention in recent studies. In our previous work, we evaluated an Entropy-based technique and a machine learning-based Support Vector Machine (SVM) to detect DDoS using a single SDN controller. In this paper, we extend our previous work to further decrease the impact of the DDoS attacks on the SDN controller. Our new technique called Hierarchical Classic Controllers (HCC) uses SVM and Entropy methods to detect abnormal traffic which can lead to network failures caused by overwhelming a single controller. Determining the number of controllers and their best placement are major contributions in our new method. Our results show that the combination of the above three methods (HCC with SVM and Entropy), in the case of a network with 3 controllers provides greater accuracy and improves the DDoS attack detection rate to 86.12% compared to 79.03% and 81.33% using Entropy-based HCC and SVM-based HCC, respectively. 
    more » « less
  4. Distributed denial of service (DDoS) attacks have been prevalent on the Internet for decades. Albeit various defenses, they keep growing in size, frequency, and duration. The new network paradigm, Software-defined networking (SDN), is also vulnerable to DDoS attacks. SDN uses logically centralized control, bringing the advantages in maintaining a global network view and simplifying programmability. When attacks happen, the control path between the switches and their associated controllers may become congested due to their limited capacity. However, the data plane visibility of SDN provides new opportunities to defend against DDoS attacks in the cloud computing environment. To this end, we conduct measurements to evaluate the throughput of the software control agents on some of the hardware switches when they are under attacks. Then, we design a new mechanism, calledScotch, to enable the network to scale up its capability and handle the DDoS attack traffic. In our design, the congestion works as an indicator to trigger the mitigation mechanism.Scotchelastically scales up the control plane capacity by using an Open vSwitch-based overlay.Scotchtakes advantage of both the high control plane capacity of a large number of vSwitches and the high data plane capacity of commodity physical switches to increase the SDN network scalability and resiliency under abnormal (e.g., DDoS attacks) traffic surges. We have implemented a prototype and experimentally evaluatedScotch. Our experiments in the small-scale lab environment and large-scale GENI testbed demonstrate thatScotchcan elastically scale up the control channel bandwidth upon attacks.

     
    more » « less
  5. Falsified data from compromised Phasor Measurement Units (PMUs) in a smart grid induce Energy Management Systems (EMS) to have an inaccurate estimation of the state of the grid, disrupting various operations of the power grid. Moreover, the PMUs deployed at the distribution layer of a smart grid show dynamic fluctuations in their data streams, which make it extremely challenging to design effective learning frameworks for anomaly based attack detection. In this paper, we propose a noise resilient learning framework for anomaly based attack detection specifically for distribution layer PMU infrastructure, that show real time indicators of data falsifications attacks while offsetting the effect of false alarms caused by the noise. Specifically, we propose a feature extraction framework that uses some Pythagorean Means of the active power from a cluster of PMUs, reducing multi-dimensional nature of the PMU data streams via quick big data summarization. We also propose a robust and noise resilient methodology for learning thresholds based on generalized robust estimation theory of our invariant feature. We experimentally validate our approach and demonstrate improved reliability performance using two completely different datasets collected from real distribution level PMU infrastructures. 
    more » « less