scispace - formally typeset
Search or ask a question
Author

Christopher Beasley

Bio: Christopher Beasley is an academic researcher from Clemson University. The author has contributed to research in topics: Electric power system & Smart grid. The author has an hindex of 4, co-authored 4 publications receiving 131 citations.

Papers
More filters
Journal ArticleDOI
TL;DR: Two DGAs that use hidden Markov models (HMMs) and probabilistic context-free grammars (PCFGs) are proposed, respectively, to identify malicious domain names generated by DGAs.
Abstract: Botnets are groups of compromised computers that botmasters (botherders) use to launch attacks over the Internet. To avoid detection, botnets use DNS fast flux to change the mapping between IP addresses and domain names periodically. Domain generation algorithms (DGAs) are employed to generate a large number of domain names. Detection techniques have been proposed to identify malicious domain names generated by DGAs. Three metrics, Kullback–Leibler (KL) distance, Edit distance (ED), and Jaccard index (JI), are used to detect botnet domains with up to 100% detection rate and 2.5% false-positive rate. In this paper, we propose two DGAs that use hidden Markov models (HMMs) and probabilistic context-free grammars (PCFGs), respectively. Experiment results show that DGA detection metrics (KL, JI, and ED) and detection systems (BotDigger and Pleiades) have difficulty detecting domain names generated using the proposed approaches. Game theory is used to optimize strategies for both botmasters and security personnel. Results show that, to optimize DGA detection, security personnel should use the ED detection technique with probability 0.78 and JI detection with probability 0.22, and botmasters should choose the HMM-based DGA with probability 0.67 and PCFG-based DGA with probability 0.33.

63 citations

Proceedings ArticleDOI
01 Oct 2014
TL;DR: In this paper, security vulnerabilities found in literature, that are relevant to PMUs, are discussed and mapped to four general attack classes, in order to expose gaps where further research needs to be conducted on PMU networks.
Abstract: Smart grid technologies such as synchrophasors using Phasor Measurement Units (PMUs), make real-time monitoring, control and data analysis of the electric power grid possible. The PMU network measures voltage and current phasors across the electrical power grid, and sends ‘reports’ to control centers. Synchrophasor technology enables reliable and efficient power system operation; but may make the system vulnerable to cyber-attacks. In this paper, security vulnerabilities found in literature, that are relevant to PMUs, are discussed and mapped to four general attack classes. Known network security vulnerabilities are addressed in hopes of exposing gaps where further research needs to be conducted on PMU networks.

54 citations

Proceedings ArticleDOI
11 Mar 2014
TL;DR: In this article, security vulnerabilities associated with a synchrophasor network in a benchmark IEEE 68 bus (New England/New York) power system model are examined and recommended testing and verification methods are also presented.
Abstract: The addition of synchrophasors such as phasor measurement units (PMUs) to the existing power grid will enhance real-time monitoring and analysis of the grid. The PMU collects bus voltage, line current, and frequency measurements and uses the communication network to send the measurements to the respective substation(s)/control center(s). Since this approach relies on network infrastructure, possible cyber security vulnerabilities have to be addressed to ensure that is stable, secure, and reliable. In this paper, security vulnerabilities associated with a synchrophasor network in a benchmark IEEE 68 bus (New England/New York) power system model are examined. Currently known feasible attacks are demonstrated. Recommended testing and verification methods are also presented.

42 citations

01 Jan 2014
TL;DR: This document details vulnerability testing performed on a network implemented with a real-time grid simulator, the Real Time Digital Simulator (RTDS), with SEL PMU devices monitoring several bases, and found the system was susceptible to Address Resolution Protocol (ARP) poisoning.
Abstract: Smart grid technologies such as synchrophasor devices (Phasor Measurement Units (PMUs)), make real-time monitoring, control, and analysis of the electric power grid possible. PMUs measure voltage and current phasors across the electrical power grid, add a GPS time stamps to measurements, and sends reports to the Phasor Data Concentrators (PDCs) in the control centers. Reports are used to make decisions about the condition and state of the power grid. Since this approach relies on Internet Protocol (IP) network infrastructure, possible cybersecurity vulnerabilities have to be addressed to ensure that it is stable, secure, and reliable. In literature, attacks that are relevant to PMUs, are discussed. The system modeled is the benchmark IEEE 68 bus (New England/New York) power system. This document details vulnerability testing performed on a network implemented with a real-time grid simulator, the Real Time Digital Simulator (RTDS), with SEL PMU devices monitoring several bases. The first set of security vulnerabilities were found when running traffic analysis of the network. In using this approach it was found that the system was susceptible to Address Resolution Protocol (ARP) poisoning. This allowed the switch to be tricked so that all network traffic was rerouted through the attack computer. This technique allowed for packet analysis, man-in-the-middle, and denial of service (DOS) attacks. Side channel analysis was used to distinguish PMU traffic across the virtual

9 citations


Cited by
More filters
Journal ArticleDOI
TL;DR: An assessment of the role, impact and challenges of IoT in transforming EPESs is provided and several opportunities for growth and development are offered.
Abstract: A transformation is underway in electric power and energy systems (EPESs) to provide clean distributed energy for sustainable global economic growth. Internet of Things (IoT) is at the forefront of this transformation imparting capabilities, such as real-time monitoring, situational awareness and intelligence, control, and cyber security to transform the existing EPES into intelligent cyber-enabled EPES, which is more efficient, secure, reliable, resilient, and sustainable. Additionally, digitizing the electric power ecosystem using IoT improves asset visibility, optimal management of distributed generation, eliminates energy wastage, and create savings. IoT has a significant impact on EPESs and offers several opportunities for growth and development. There are several challenges with the deployment of IoT for EPESs. Viable solutions need to be developed to overcome these challenges to ensure continued growth of IoT for EPESs. The advancements in computational intelligence capabilities can evolve an intelligent IoT system by emulating biological nervous systems with cognitive computation, streaming and distributed analytics including at the edge and device levels. This review paper provides an assessment of the role, impact and challenges of IoT in transforming EPESs.

437 citations

Journal ArticleDOI
TL;DR: A survey of recent security advances in smart grid, by a data driven approach around the security vulnerabilities and solutions within the entire lifecycle of smart grid data, which are systematically decomposed into four sequential stages.
Abstract: With the integration of advanced computing and communication technologies, smart grid is considered as the next-generation power system, which promises self healing, resilience, sustainability, and efficiency to the energy critical infrastructure. The smart grid innovation brings enormous challenges and initiatives across both industry and academia, in which the security issue emerges to be a critical concern. In this paper, we present a survey of recent security advances in smart grid, by a data driven approach. Compared with existing related works, our survey is centered around the security vulnerabilities and solutions within the entire lifecycle of smart grid data, which are systematically decomposed into four sequential stages: 1) data generation; 2) data acquisition; 3) data storage; and 4) data processing. Moreover, we further review the security analytics in smart grid, which employs data analytics to ensure smart grid security. Finally, an effort to shed light on potential future research concludes this paper.

210 citations

Journal ArticleDOI
TL;DR: A general framework of malicious domain detection techniques using DNS data is described, which categorize existing approaches using several orthogonal viewpoints, namely (1) sources of DNS data and their enrichment, (2) data analysis methods, and (3) evaluation strategies and metrics.
Abstract: Malicious domains are one of the major resources required for adversaries to run attacks over the Internet. Due to the important role of the Domain Name System (DNS), extensive research has been conducted to identify malicious domains based on their unique behavior reflected in different phases of the life cycle of DNS queries and responses. Existing approaches differ significantly in terms of intuitions, data analysis methods as well as evaluation methodologies. This warrants a thorough systematization of the approaches and a careful review of the advantages and limitations of every group.In this article, we perform such an analysis. To achieve this goal, we present the necessary background knowledge on DNS and malicious activities leveraging DNS. We describe a general framework of malicious domain detection techniques using DNS data. Applying this framework, we categorize existing approaches using several orthogonal viewpoints, namely (1) sources of DNS data and their enrichment, (2) data analysis methods, and (3) evaluation strategies and metrics. In each aspect, we discuss the important challenges that the research community should address in order to fully realize the power of DNS data analysis to fight against attacks leveraging malicious domains.

120 citations

Proceedings ArticleDOI
23 Aug 2016
TL;DR: This paper presents a basic cyber attack model used by BlackEnergy for targeting industrial control systems and analyzes cyber threats of Black energy for synchrophasor based systems which are used for real-time control and monitoring functionalities in smart grid.
Abstract: The BlackEnergy malware targeting critical infrastructures has a long history. It evolved over time from a simple DDoS platform to a quite sophisticated plug-in based malware. The plug-in architecture has a persistent malware core with easily installable attack specific modules for DDoS, spamming, info-stealing, remote access, boot-sector formatting etc. BlackEnergy has been involved in several high profile cyber physical attacks including the recent Ukraine power grid attack in December 2015. This paper investigates the evolution of BlackEnergy and its cyber attack capabilities. It presents a basic cyber attack model used by BlackEnergy for targeting industrial control systems. In particular, the paper analyzes cyber threats of BlackEnergy for synchrophasor based systems which are used for real-time control and monitoring functionalities in smart grid. Several BlackEnergy based attack scenarios have been investigated by exploiting the vulnerabilities in two widely used synchrophasor communication standards: (i) IEEE C37.118 and (ii) IEC 61850-90-5. Further, the paper also investigates protection strategies for detection and prevention of BlackEnergy based cyber physical attacks.

107 citations

Journal ArticleDOI
TL;DR: A comprehensive review of quality and cybersecurity challenges for synchrophasors and identifies the interdependencies between them, and summarizes different methods used to evaluate the dependency and surveys how quality checking methods can be used to detect potential cyberattacks.
Abstract: Synchrophasor devices guarantee situation awareness for real-time monitoring and operational visibility of smart grid. With their widespread implementation, significant challenges have emerged, especially in communication, data quality and cybersecurity. The existing literature treats these challenges as separate problems, when in reality, they have a complex interplay. This paper conducts a comprehensive review of quality and cybersecurity challenges for synchrophasors, and identifies the interdependencies between them. It also summarizes different methods used to evaluate the dependency and surveys how quality checking methods can be used to detect potential cyberattacks. This paper serves as a starting point for researchers entering the fields of synchrophasor data analytics and security.

74 citations