Securing Smart Grids and Buildings Infrastructures and Services


The development of Smart Grids is strongly linked to the utilization of technology that has the capability of enhancing system performance, reduce costs, and introduce new services by interconnecting (e.g. ZigBee, Wi-Fi, DNP3, BACNET) with internet (IoT). The problem arises when the system is directly exposed to attacks. Our goal is to build an effective intrusion detection system that can proactively detect anomalous actions generated by malicious devices from inside or outside networks.

Fig. 1 -- Project overview

To automate any software module or resource, we add two software modules: Observer and Controller,
* The Observer is used for sensing and analyzing the current state of managed system and predict its behavior.
* The controller executes recommended actions to keep the managed system operating normally (self-manage).

Fig. 2 -- Solution approach


We deploy anomaly detection approach to the building network by training the IDS with dataflow which is dynamically captured from Smart laboratory testbed through BACnet Protocol Observer module. The powerful rules acquired from the offline data mining procedure are capable to work with an extremely low false positive rate.

Fig. 3 -- BACnet approach


Since security was not one of the goals in designing DNP3, attackers can easily succeed in penetrating the DNP3 over TCP/IP cWe show the effectiveness of the rules in detecting abnormal packets through both offline and online testing. The false positive and false negative rates are both very low. We also propose a classification mechanism for our detection technique.

Fig. 4 -- DNP3 approach


Our approach is summarized as the following:
1. Create a Smart Grid testbed that contains intelligent electronic devices (IEDs) and renewable energy source (wind turbine);
2. Monitor the traffic in real time networks in real time., and decode the packets into different layers and build the normal behavior space.
3. Apply few attacks (e.g. Flooding, DoS, replay, malicious injection) to feed our normal space with some abnormality.
4. Integrate the data mining tool (weka) into with the smart grid testbed to analyze the behavior of the devices. As a result, we will have rules that determine the normal behavior of our system. Consequently, we will be able to detect any attack that launched by undesirable intruder

Fig. 5 -- ZigBee approach



Jesus Horacip Pacheco Ramirez

Bilal Albaalbaki

Jin Bai

Zhiwen Pan

Youssif Al-Nashif



1. B. Al Baalbaki; Y. Al-Nashif; S. Hariri; D. Kelly, "Autonomic Critical Infrastructure Protection (ACIP) system," Computer Systems and Applications (AICCSA), 2013 ACS International Conference on , pp.1,4, 27-30 May 2013





Phone Number: (520) 621-9915 Room 251, ECE Dept. 1230 E. Speedway Tucson, AZ 85721-0104
ACL - © Copyright 2007, Webmaster: Youssif Al-Nashif
All Rights Reserved