Intrusion Detection Systems for AMI

  • Ehab Al-Shaer
  • Mohammad Ashiqur Rahman
Part of the Advances in Information Security book series (ADIS, volume 67)


Recent studies have shown that AMI is potential to immense number of threats [7, 14, 19, 24, 25], which can affect the deployment and growth of smart grids. These studies outline that although there are some secure communication protocols used in smart grids, many vulnerabilities and exploitations have been observed. Despite these facts, limited progress has been made so far in order to detect malicious behaviors in smart grids [3, 4, 10]. In Chap. 1, Fig. 1.3 presents a typical AMI network. Smart meters communicate with intelligent data collectors using various mediums. These collectors communicate with the headend system (and vice versa) using WAN. Unlike traditional networks, AMI has its own requirements which pose significant challenges for monitoring and intrusion detection.


Markov Chain Model Check Smart Grid Markov Chain Model Conditional Entropy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
  2. 2.
    C. Baier, J.P. Katoen, Principles of Model Checking (The MIT Press, Cambridge, 2008)Google Scholar
  3. 3.
    R. Berthier, W. Sanders, Specification-based intrusion detection for advanced metering infrastructures, in IEEE 17th Pacific Rim International Symposium on Dependable Computing (PRDC) (2011)Google Scholar
  4. 4.
    R. Berthier, W. Sanders, H. Khurana, Intrusion detection for advanced metering infrastructures: requirements and architectural directions, in First IEEE International Conference on Smart Grid Communications (Smart-GridComm) (2010)Google Scholar
  5. 5.
    D.C. Challener et al., Storing keys in a cryptology device, US Patent Application 10/051,495, 2002Google Scholar
  6. 6.
    Y. Chen et al., Learning Markov models for stationary system behaviors, in NASA Formal Methods. Lecture Notes in Computer Science (Springer, New York, 2012)Google Scholar
  7. 7.
    F.M. Cleveland, Cyber security issues for Advanced Metering Infrastructure (AMI), in IEEE Power and Energy Society General Meeting-Conversion and Delivery of Electrical Energy in the 21st Century (2008)Google Scholar
  8. 8.
    Duke Energy Smart Grid Laboratory (2015), Accessed 2015
  9. 9.
  10. 10.
    M.A. Faisal et al., Securing advanced metering infrastructure using intrusion detection system with data stream mining, in Proceedings of Pacific Asia Workshop on Intelligence and Security Informatics (PAISI) (2012)Google Scholar
  11. 11.
    P. Garcia-Teodoro et al., Anomaly-based network intrusion detection: techniques, systems and challenges, in Comput. Secur. 28(1–2), 18–28 (2009)Google Scholar
  12. 12.
    Y. Gu, A. McCullum, D. Towsley, Detecting anomalies in network traffic using maximum entropy estimation, in Proceedings of the ACM SIGCOMM Conference on Internet Measurement (IMC) (2005)Google Scholar
  13. 13.
    HPROF: A Heap/CPU Profiling Tool (2015), Accessed 2015
  14. 14.
    Idaho National Laboratory (INL), NSTB Assessments summary report: common industrial control system cyber security weaknesses, May 2010Google Scholar
  15. 15.
    J. Jung et al., Fast portscan detection using sequential hypothesis testing, in Proceedings of the IEEE Symposium on Security and Privacy (2004)Google Scholar
  16. 16.
    M. Kwiatkowska, D. Parker, Advances in probabilistic model checking, in Proceedings 2011 Marktoberdorf Summer School: Tools for Analysis and Verification of Software Safety and Security (2012)Google Scholar
  17. 17.
    D. Mashima, A.A. Cárdenas, Evaluating electricity theft detectors in smart grid networks, in Research in Attacks, Intrusions, and Defenses (2012)Google Scholar
  18. 18.
    S. McLaughlin, D. Podkuiko, P. McDaniel, Energy theft in the advanced metering infrastructure, in Critical Information Infrastructures Security (2010)Google Scholar
  19. 19.
    S. McLaughlin et al., Multi-vendor penetration testing in the advanced metering infrastructure, in Proceedings of the 26th Annual Computer Security Applications Conference, (ACSAC) (2010)Google Scholar
  20. 20.
    M. Merhav, M. Gutman, J. Ziv, On the estimation of the order of a Markov chain and universal data compression, in IEEE Transactions on Information Theory (1989)Google Scholar
  21. 21.
    NISTIR 7628: Guidelines for Smart Grid Cyber Security, Smart grid inter-operability panel- cyber security working group (2010),
  22. 22.
    Probabilistic Symbolic Model Checker, PRISM (2015), Accessed 2015
  23. 23.
    Smart Meter - ARM (2015), Accessed 2015
  24. 24.
    The White House, Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization and Protection, September 22, 2015.
  25. 25.
    U.S. Government Accountability Office (GAO), Information security: TVA needs to address weaknesses in control systems and networks (2008)Google Scholar
  26. 26.
    Yices: An SMT Solver (2015), Accessed 2015
  27. 27.
    Y. Zhang et al., Distributed intrusion detection system in a multi-layer network architecture of smart grids. IEEE Trans. Smart Grid 2 (4), 796–808 (2011)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Ehab Al-Shaer
    • 1
  • Mohammad Ashiqur Rahman
    • 2
  1. 1.Department of Software and Information SystemsUniversity of North Carolina, CharlotteCharlotteUSA
  2. 2.Department of Computer ScienceTennessee Tech UniversityCookevilleUSA

Personalised recommendations