Mehrdad Kazemtabrizi | KTH Royal Institute of Technology (original) (raw)

Uploads

Papers by Mehrdad Kazemtabrizi

The evolution of traditional electric grids toward “smarter” grids involves the deployment of nov... more The evolution of traditional electric grids toward “smarter” grids involves the deployment of novel wide-area and/or local communication infrastructure to facilitate new applications, such as advanced protection and control (P&C), Energy Management Systems (EMS), Microgrid Control Systems (MGCS), Wide-Area Protection, Monitoring and Control System (WAMPACS), and distributed control. These communicationbased applications, however, introduce new risks due to their increased dependency on communication infrastructure, which is susceptible to cyber threats [1]. In addition, the participation of prosumers (producers/consumers) at the distribution level may also expose the grid to cyber vulnerabilities. This is since prosumers will likely be interconnected to the main grid through a shared communication infrastructure, causing more potential cyber risk. Thus, it is important to study the grid along with its communication systems as a whole Cyber-Physical System (CPS) to evaluate potential...

Supervisory control and data acquisition (SCADA) systems that run our critical infrastructure are... more Supervisory control and data acquisition (SCADA) systems that run our critical infrastructure are increasingly run with Internet-based protocols and devices for remote monitoring. The embedded nature of the components involved, and the legacy aspects makes adding new security mechanisms in an efficient manner far from trivial. In this paper we study an anomaly detection based approach that enables detecting zero-day malicious threats and benign malconfigurations and mishaps. The approach builds on an existing platform (Bro) that lends itself to modular addition of new protocol parsers and event handling mechanisms. As an example we have shown an application of the technique to the IEC-60870-5-104 protocol and tested the anomaly detector with mixed results. The detection accuracy and false positive rate, as well as real-time response was adequate for 3 of our 4 created attacks. We also discovered some additional work that needs to be done to an existing protocol parser to extend its ...

The evolution of traditional electric grids toward “smarter” grids involves the deployment of nov... more The evolution of traditional electric grids toward “smarter” grids involves the deployment of novel wide-area and/or local communication infrastructure to facilitate new applications, such as advanced protection and control (P&C), Energy Management Systems (EMS), Microgrid Control Systems (MGCS), Wide-Area Protection, Monitoring and Control System (WAMPACS), and distributed control. These communicationbased applications, however, introduce new risks due to their increased dependency on communication infrastructure, which is susceptible to cyber threats [1]. In addition, the participation of prosumers (producers/consumers) at the distribution level may also expose the grid to cyber vulnerabilities. This is since prosumers will likely be interconnected to the main grid through a shared communication infrastructure, causing more potential cyber risk. Thus, it is important to study the grid along with its communication systems as a whole Cyber-Physical System (CPS) to evaluate potential...

Supervisory control and data acquisition (SCADA) systems that run our critical infrastructure are... more Supervisory control and data acquisition (SCADA) systems that run our critical infrastructure are increasingly run with Internet-based protocols and devices for remote monitoring. The embedded nature of the components involved, and the legacy aspects makes adding new security mechanisms in an efficient manner far from trivial. In this paper we study an anomaly detection based approach that enables detecting zero-day malicious threats and benign malconfigurations and mishaps. The approach builds on an existing platform (Bro) that lends itself to modular addition of new protocol parsers and event handling mechanisms. As an example we have shown an application of the technique to the IEC-60870-5-104 protocol and tested the anomaly detector with mixed results. The detection accuracy and false positive rate, as well as real-time response was adequate for 3 of our 4 created attacks. We also discovered some additional work that needs to be done to an existing protocol parser to extend its ...

Log In