Name: Muhammad Zaki Akram.

Class: BSCS 7th (A).

Subject: Information Security.
Submitted to: Sir. Tanveer Younas.
Assignment # 2:

Q#1:

Q#2:
Answer # 1:
Introduction:
The power of information technology is harnessed by the
smart grid to efficiently satisfy environmental criteria by easing the
integration of green technologies and intelligently supply electricity to
customers through two-way communication. The smart grid has a
number of advantages over the conventional grid, but it also has a
number of security issues. Communication has exposed the system to
several threats since it has been integrated into the electrical supply
with its inherent flaws. These issues have been covered in a number of
academic articles. The majority of them, nevertheless, categorized
assaults according to their secrecy, integrity, and availability and
eliminated those that jeopardized other security criteria, such
accountability. Additionally, existing security countermeasures
concentrate on thwarting certain assaults or safeguarding particular
components; however, there is no comprehensive strategy that
integrates these techniques to defend the entire system. This paper's
main goal is to offer a thorough survey of the pertinent literature. We
first go through the security prerequisites. Then, in order to identify any
potential weaknesses as well as their consequences, we thoroughly
study a number of significant cyber-attacks against the smart grid.
Additionally, we suggested a cyber-security policy as a way to deal with
breaches, defend against assaults, and implement suitable remedies.
Finally, we provide a few suggestions for further research.
Features:
The key advantages of the smart grid are predicted to be
improved environmental performance and increased system resilience.
The capacity of a particular entity to withstand unexpected occurrences
and bounce back rapidly afterward is known as resilience [1]. Grid
resilience is becoming an essential quality, especially in light of the
possible negative economic effects of power outages. By permitting
more distributed power supply, simplifying the integration of new
resources into the grid, and offering remedial capabilities when
breakdowns arise, the smart grid promises to offer flexibility and
dependability. Additionally, smart grid technologies are anticipated to
make it possible for electric cars to take the place of conventional
vehicles, lowering the amount of energy that consumers use and the
amount of energy that is lost within the grid.
Conceptual Model:
A smart grid is made up of seven logical domains, each of
which includes actors and applications, according to the national
institute of standard and technology (NIST) [2]. These domains include
bulk generating, transmission, distribution, customer, markets, service
provider, and operations. Applications, on the other hand, are tasks
carried out by one or more actors in each domain, whereas actors are
programmers, devices, and systems. Fig. 1 depicts the conceptual
model of a smart grid and the secure channel-based interaction of
players from various domains. The end user is the primary actor inside
the customer domain. Customers can be divided into three categories:
residential, commercial/building, and industrial. These actors could not
only utilize electricity but also produce it, store it, and control how it is
used. This domain interacts with the distribution domain via electrical
connections as well as the distribution, operation, service provider, and
market domains.
The operators and players in the electrical markets are considered
actors in the market arena. The supply and demand for electricity are
kept in check by this domain. The market domain interacts with energy
supply domains, such as the bulk generating domain and distributed
energy resources (DER) [2, 11], in order to balance output with
demand. Organizations that offer services to both electrical customers
and utilities fall under the service provider domain. These businesses
oversee the management of services including energy consumption,
client accounts, and billing. In order to provide smart services, such as
enabling client contact with the market and energy generation at
home, the service provider engages with the operation domain for
situational awareness and system control. Organizations that offer
services to both electrical customers and utilities fall under the service
provider domain. These businesses oversee the management of
services including energy consumption, client accounts, and billing. In
order to provide smart services, such as enabling client contact with the
market and energy generation at home, the service provider engages
with the operation domain for situational awareness and system
control. The managers of the flow of power are the actors in the
operations domain. This domain supports effective and ideal
transmission and distribution operations. Distribution management
systems (DMS) are used in distribution whereas energy management
systems (EMS) are used in transmission [2, 11]. Generators producing
electricity in large amounts are among the participants in the bulk
generating sector. The process of getting power to the final consumer
begins with energy generating. Resources including oil, moving water,
coal, nuclear fission, and solar radiation are used to produce energy.
The market domain, transmission domain, and operations domain can
all be reached through an interface that connects the bulk generation
domain to the transmission domain electrically [2, 11]. Through a
number of substations, electrical power generated in the transmission
domain is transported across great distances from the generating
domain to the distribution domain. Electricity may be produced and
stored in this area. A SCADA system, which consists of a communication
network, control devices, and monitoring devices, is used to monitor
and manage the transmission network [2, 11]. Electricity distributors
both to and from the end consumer are included in the distribution
domain. Different electrical distribution systems feature radial, looping,
or mesh topologies. This domain could support energy creation and
storage in addition to delivery. This domain is linked to the client
domain, the transmission domain, and the consumption metering
points [2, 11].
 Grid’s Systems:
The advanced metering infrastructure (AMI) [12],
automation substation [13], demand response [13], supervisory control
and data acquisition (SCADA), electrical vehicle (EV) [14], and home
energy management (HEM) [13] are just a few of the distributed and
heterogeneous applications that make up the smart grid. Three crucial
and exposed smart grid applications—AMI, SCADA, and automation
substation—will be covered in this part [1, 8, 12, 13, 15, 16, 17]. Details
on the other applications were covered in [12, 13]. Energy, water, and
gas use data are gathered, measured, and analyzed via advanced
metering infrastructure (AMI). It enables two-way communication
between the utility and the user. Smart meters, AMI headend, and the
communication network make up its three constituent parts [18]. Smart
meters are digital meters with microprocessors and local memory. They
are in charge of both real-time data transmission to the AMI headend
on the utility side as well as the initial monitoring and collection of
home appliance power use. The meter data management system
(MDMS) is what makes up an AMI headend, which is an AMI server
[12]. Several communication protocols, including Z-wave and Zigbee,
are used to specify the communication between smart meters,
household appliances, and the AMI headend [18]. A system called
supervisory control and data acquisition (SCADA) measures, monitors,
and regulates the electrical power grid. It is frequently applied to
expansive areas. The remote terminal unit (RTU), master terminal unit
(MTU), and human-machine interface (HMI) make up this system [19].
A RTU is a device made up of three parts: a data acquisition
component, an execution component for MTU instructions, and a
communication component. The MTU is the apparatus in charge of
managing the RTU. A visual user interface for the SCADA system
operator is the HMI [19]. IEC 61850 and DNP3 are two examples of the
industrial protocols on which the communication inside SCADA systems
is built [20].
Grid’s Network Protocols:
Different communication protocols are needed in the smart
grid for distributed and diverse applications. The smart grid network
design and the protocol utilized inside each network are shown in Fig.
2. Appliances in the house employ the ZigBee and Z-wave protocols in
the home area network (HAN) [18]. Devices are often linked to the
neighborhood area network (NAN) via IEEE 802.11, IEEE 802.15.4, or
IEEE 802.16 protocols [18]. Several industrial protocols are utilized in
wide-area networks (WAN) and supervisory control and data
acquisition (SCADA) applications, including distributed networking
protocol 3.0 (DNP3) and modicon communication bus (ModBus) [20].
IEC 61850 is the standard protocol for substation automation [7].
Modbus and DNP3 are two commonly used yet weak smart grid
protocols [22–25] that will be covered in this section. [12, 14, 22] go
into great detail about Bluetooth, Z-Wave, Zigbee, 6LoWPAN, WiMAX,
IEC 61850 protocol, and power line communication. The Modicon
Communication Bus (ModBus), a seven-layer OSI model protocol, was
created in 1979 to allow process controllers to interact with computers
in real-time. Modbus is available in three different flavors: ASCII, RTU,
and TCP. Hexadecimal coding is used in the first one to encode
communications. Despite being sluggish, it is perfect for telephone and
radio conversations. The messages in the second one are encoded in
binary and sent over RS232. In the third, IP addresses are used by the
masters and slaves to communicate [23]. One master, referred to as a
remote terminal unit (RTU) or master terminal unit (MTU), and many
slave devices, including as sensors, drivers, and PLCs, exchange
instructions via the master-slave protocol ModBus in a SCADA system
[23]. On the one hand, Modbus is used extensively in industrial
architecture because to its relative simplicity in allowing the
transmission of raw data without the need for identification,
encryption, or an excessive amount of overhead [26]. On the other
hand, these characteristics make it weak and simple to abuse [23, 25].

Another popular communication protocol for critical infrastructure,

notably in the electrical sector, is distributed network protocol version
3.0 (DNP3) [24]. It began as a serial protocol in 1990 to control
communication between slaves stations known as "outstations" and
"Master stations" [26]. DNP3 was utilized in electrical stations to link
master stations, such RTUs, with outstations, like intelligent electrical
devices (IEDs) [23]. DNP3 was upgraded in 1998 to support IP networks
by encapsulating TCP or UDP messages. Data transmission is
dependable and effective with DNP3 since it supports a number of
standardized data formats and time-stamped (time-synchronized) data
[26]. DNP3 initially lacked any security mechanisms, such as encryption
or authentication, however the secure version of DNP3 rectified this
issue.
Answer#2:
SECURITY REQUIREMENTS OF SMART GRID
The National Institute of Standards and Technology (NIST) has defined
three criteria required to maintain security of information in the smart
grid and keep it protected, specifically confidentiality, integrity, and
availability [10]. According to [27], accountability is another important
security criterion. The description of each criterion is given below.
A. Confidentiality:
In general, confidentiality preserves authorized restrictions
on information access and disclosure. In other words, the
confidentiality criterion requires protecting both personal privacy
and proprietary information from being accessed or disclosed by
unauthorized entities, individuals, or processes. Once an
unauthorized disclosure of information occurs, confidentiality is
lost. For instance, information such as control of a meter,
metering usage, and billing information that is sent between a
customer and various entities must be confidential and protected;
otherwise the customer’s information could be manipulated,
modified, or used for other malicious purposes [10].
B. Availability:
Availability is defined as ensuring timely and reliable access
to and use of information. It is considered the most important
security criterion in smart grid because the loss of availability
means disruption of access to information in a smart grid [10]. For
example, loss of availability can disturb the operation of the
control system by blocking the information’s flow through the
 network, and therefore denying the network’s availability to
control the system’s operators.
C. Integrity:
Integrity in smart grid means protecting against improper
modification or destruction of the information. A loss of integrity
is an unauthorized alteration, modification, or destruction of data
in undetected manner [10]. For example, power injection is a
malicious attack launched by an adversary who intelligently
modifies the measurements and relays them from the power
injection meters and power flow to the state estimator. Both
nonrepudiation and authenticity of information are required to
maintain the integrity. Nonrepudiation means that individuals,
entity or organization, are unable to perform a particular action
and then deny it later; authenticity is the fact that data is
originated from a legitimate source.
D. Accountability:
Accountability means ensuring tractability of the system and
that every action performed by a person, device, or even a public
authority is recordable so that no one can deny his/her action.
This recordable information can be presented as an evidence
within a court of law in order to determine the attacker [28]. An
example of an accountability problem would be the monthly
electricity bills of customers. Generally smart meters could
determine the cost of electricity in real-time or day-to-day.
However, if these meters are under attack this information is no
longer reliable because they have been Fig. 2. Illustration of smart
grid network architecture 5 altered. As a result, the customer will
have two different electric bills, one from the smart meter and
the other from the utility [27].
SECURITY PROBLEMS AND COUNTERMEASURES IN SMART GRID
A. Smart grid attacks:
In general and as shown in Fig. 3, there are four steps used
by malicious hackers to attack and get control over a system,
namely reconnaissance, scanning, exploitation, and maintain
access [9]. During the first step, reconnaissance, the attacker
gathers and collects information about its target. In the second
step, scanning, the attacker tries to identify the system’s
vulnerabilities. These activities aim to identify the opened ports
and to discover the service running on each port along with its
weaknesses. During the exploitation step, he/she tries to
compromise and get a full control of the target. Once the
attacker has an administrative access on the target, he/she
proceeds to the final step which is, maintaining the access. This
step is achieved by installing a stealthy and undetectable
program; thus he/she can get back easily to the target system
later.
In smart grid, the same steps are followed by attackers to
compromise the security’s criteria [1]. During each step, they
use different techniques to compromise a particular system in
the grid. Thus, attacks can be classified based on these steps.
Fig. 4 illustrates the types of attacks during each step. As one
can see, numerous types of attacks can happen during the
exploitation step. The malicious activities and attacks during
each step described below.
1) Reconnaissance:
The social engineering and traffic analysis
assaults are part of the reconnaissance phase.
Instead than relying on technical abilities, social
engineering (SE) emphasizes interpersonal
communication and social engagement. To gain the
trust of a genuine user and get credentials and
personal information, such as passwords or PIN
numbers to log on to a specific system, an attacker
employs communication and persuasion. For
 instance, two well-known SE approaches are
phishing [29] and password pilfering assault [30]. In
order to identify the hosts and devices connected to
the network, along with their IP addresses, the
traffic analysis attack listens to the traffic and
analyses it. The confidentiality of the information is
mostly compromised by social engineering and
traffic analysis.
2) Scanning
The following phase is a scanning assault, which
is used to find every host and device that is
currently online on the network. IP addresses, ports,
services, and vulnerabilities are the four categories
of scanning [9].
An attacker often begins by scanning the IP
addresses of all the hosts connected to the network
to determine each host's IP address. He or she then
probes further by scanning the ports to ascertain
which port is open. Every host that has been found
on the network is subjected to this scan. After that,
the attacker does a service scan to determine which
system or service is operating behind each opened
port. For instance, a hacker may assume that a
system is a substation automation control or
messaging system if port 102 is found to be open on
that system. A phasor measurement unit (PMU) is
the target system if port 4713 is open [1]. The third
phase, a vulnerability scan, seeks to find the flaws
 and vulnerabilities associated with each service on
the target computer so that they may later be
exploited. Two industrial protocols susceptible to
scanning attacks include Modbus and DNP3. As
Modbus/TCP was created more for communication
than for security, it might be vulnerable to an attack
known as Modbus network scanning [31]. To
acquire information about all network-connected
devices, a benign message is sent to each one as
part of this assault [31]. A SCADA Modbus network
scanner called Modscan is made to find open
Modbus/TCP ports and identify device slave IDs and
IP addresses [25]. An approach to scan the DNP3
protocol and identify hosts, especially the slaves,
their DNP3 addresses, and their matching masters,
has been proposed by Nicolas R. et al. [24]. As one
can see, the smart grid's secrecy is the major target
of these assaults.
3) Exploitation:
Malicious actions are included in the third stage,
exploitation, in an effort to take control of the smart
grid component by taking advantage of its
vulnerabilities. These actions include the use of
Trojan horses, worms, and denial-of-service (DOS)
assaults, man-in-the-middle (MITM) attacks,
jamming channels, popping HMIs, integrity
breaches, and privacy violations. A virus is a
software used in the smart grid to infect a particular
device or system [1, 32]. A worm is an autonomous
computer programme. It spreads over the network,
copies itself, and infects other hardware and
software [1, 32]. A Trojan horse is a software that
pretends to work on the target system in a genuine
way. But in the background, dangerous malware is
running. This kind of malware is used by an attacker
to instal a virus or worm onto the target machine [1,
32]. The first worm to attack supervisory control and
data acquisition (SCADA) systems, Stuxnet, was
discovered in June 2010 by Roel Schouwenberg, a
senior research scientist at Kaspersky Lab [8].
CONCLUSION
A smart grid is a system made up of dispersed and heterogeneous components
that can readily incorporate renewable technologies while intelligently delivering
power. However, there are a lot of security flaws in this important technology. In
this article, we give a thorough review of the cyber-security of smart grids and
look in-depth at the primary cyber-attacks that pose a danger to their network
protocols, applications, and infrastructure. Additionally, we suggest a plan made
up of a number of tools and methods that are intended to address potential
component weaknesses, uncover criminal activity, improve network
communication security, and safeguard consumer privacy.

REFERENCE
[1] E. D. Knapp and R. Samani, Applied cyber security and the smart grid: implementing security controls
into the modern power infrastructure. Amsterdam: Elsevier, Syngress, 2013.

[2] N. Framework, “Roadmap for Smart Grid Interoperability Standards, Release 2.0 (2012),” NIST Special
Publication, vol. 1108.

[3] D. B. Rawat and C. Bajracharya, “Cyber security for smart grid systems: Status, challenges and
perspectives,” in SoutheastCon 2015, pp. 1–6.

[4] S. Shapsough, F. Qatan, R. Aburukba, F. Aloul, and A. Al Ali, “Smart grid cyber security: Challenges
and solutions,” in International Conference on Smart Grid and Clean Energy Technologies (ICSGCE),
2015, pp. 170–175.

[5] X. Liang, K. Gao, X. Zheng, and T. Zhao, “A Study on Cyber Security of Smart Grid on Public Networks,”
in IEEE Green Technologies Conference, 2013, pp. 301–308.

[6] M. Essaaidi and others, “An overview of smart grid cyber-security state of the art study,” in 3rd
International Renewable and Sustainable Energy Conference (IRSEC), 2015, pp. 1–7.

[7] W. Wang and Z. Lu, “Cyber security in the Smart Grid: Survey and challenges,” Computer Networks,
vol. 57, no. 5, pp. 1344–1371, 2013.

[8] D. Kushner, “The real story of stuxnet,” IEEE Spectrum, vol. 50, no. 3, pp. 48–53, Mar. 2013.

[9] P. Engebretson, The basics of hacking and penetration testing: ethical hacking and penetration
testing made easy. Elsevier, 2013.

[10] S. G. I. Panel, “Guidelines for smart grid cyber security: Vol. 1, smart grid cyber security strategy,
architecture, and high-level requirements, and Vol. 2, privacy and the smart grid, National Institute of
Standards and Technology (NIST),” Interagency Rep, vol. 7628, 2010.
[11] W. Wang, Y. Xu, and M. Khanna, “A survey on the communication architectures in smart grid,”
Computer Networks, vol. 55, no. 15, pp. 3604–3629, 2011.

[12] A. Usman and S. H. Shami, “Evolution of communication technologies for smart grid applications,”
Renewable and Sustainable Energy Reviews, vol. 19, pp. 191–199, 2013.

[13] V. C. Gungor et al., “A survey on smart grid potential applications and communication
requirements,” IEEE Transactions on Industrial Informatics, vol. 9, no. 1, pp. 28–42, 2013.

[14] A. Mahmood, N. Javaid, and S. Razzaq, “A review of wireless communications for smart grid,”
Renewable and Sustainable Energy Reviews, vol. 41, pp. 248–260, Jan. 2015.

[15] P. Yi, T. Zhu, Q. Zhang, Y. Wu, and J. Li, “A denial of service attack in advanced metering
infrastructure network,” in IEEE International Conference on Communications (ICC), 2014, pp. 1029–
1034.

[16] K. Gai, M. Qiu, Z. Ming, H. Zhao, and L. Qiu, “Spoofing-Jamming Attack Strategy Using Optimal
Power Distributions in Wireless Smart Grid Networks,” IEEE Transactions on Smart Grid, pp. 1–1, 2017.

[17] P. Maynard, K. McLaughlin, and B. Haberler, “Towards Understanding Man-In-The-Middle Attacks

on IEC 60870-5-104 SCADA Networks,” 13 in Proceedings of the 2nd International Symposium on ICS \&
SCADA Cyber Security Research 2014, pp. 30–42.

[18] M. A. Faisal, Z. Aung, J. R. Williams, and A. Sanchez, “Data-streambased intrusion detection system
for advanced metering infrastructure in smart grid: A feasibility study,” IEEE Systems Journal, vol. 9, no.
1, pp. 31–44, 2015.

[19] D. Choi, S. Lee, D. Won, and S. Kim, “Efficient secure group communications for SCADA,” IEEE
Transactions on power delivery, vol. 25, no. 2, pp. 714–722, 2010.

[20] R. Radvanovsky and J. Brodsky, Handbook of SCADA/control systems security. CRC Press, 2013.

[21] D. Wei, Y. Lu, M. Jafari, P. M. Skare, and K. Rohde, “Protecting smart grid automation systems
against cyberattacks,” IEEE Transactions on Smart Grid, vol. 2, no. 4, pp. 782–795, 2011.

[22] V. C. Gungor et al., “Smart Grid Technologies: Communication Technologies and Standards,” IEEE
Transactions on Industrial Informatics, vol. 7, no. 4, pp. 529–539, Nov. 2011.

[23] R. Al-Dalky, O. Abduljaleel, K. Salah, H. Otrok, and M. Al-Qutayri, “A Modbus traffic generator for
evaluating the security of SCADA systems,” in 9th International Symposium on Communication Systems,
Networks Digital Sign (CSNDSP), 2014, pp. 809–814.

[24] N. R. Rodofile, K. Radke, and E. Foo, “DNP3 Network Scanning and Reconnaissance for Critical
Infrastructure,” in Proceedings of the Australasian Computer Science Week Multiconference, New York,
NY, USA, 2016, pp. 39:1–39:10.

[25] M. Bristow, “ModScan: a SCADA Modbus network scanner,” in DefCon-16 Conf., Las Vegas, NV,
2008.
[26] E. D. Knapp and J. T. Langill, Industrial Network Security: Securing critical infrastructure networks for
smart grid, SCADA, and other Industrial Control Systems. Syngress, 2014.

[27] J. Liu, Y. Xiao, and J. Gao, “Achieving accountability in smart grid,” IEEE Systems Journal, vol. 8, no.
2, pp. 493–508, 2014.

[28] J. Liu, Y. Xiao, S. Li, W. Liang, and C. P. Chen, “Cyber security and privacy issues in smart grids,” IEEE
Communications Surveys & Tutorials, vol. 14, no. 4, pp. 981–997, 2012.

[29] H. Holm, W. R. Flores, and G. Ericsson, “Cyber security for a Smart Grid-What about phishing?,” in
IEEE PES ISGT Europe, 2013, pp. 1–5.

[30] Y. Yang, T. Littler, S. Sezer, K. McLaughlin, and H. F. Wang, “Impact of cyber-security issues on Smart
Grid,” in 2nd IEEE PES International Conference and Exhibition on Innovative Smart Grid Technologies
(ISGT Europe), 2011, pp. 1–7.

[31] F. Aloul, A. R. Al-Ali, R. Al-Dalky, M. Al-Mardini, and W. El-Hajj, “Smart grid security: Threats,
vulnerabilities and solutions,” International Journal of Smart Grid and Clean Energy, vol. 1, no. 1, pp. 1–
6, 2012.
[32] E. Cole, Network security bible, vol. 768. John Wiley & Sons, 2011.

[33] F. M. Cleveland, “Cyber security issues for Advanced Metering Infrasttructure (AMI),” in Power and
Energy Society General MeetingConversion and Delivery of Electrical Energy in the 21st Century, 2008,
pp. 1–5.

[34] A. Sargolzaei, K. Yen, and M. Abdelghani, “Delayed inputs attack on load frequency control in smart
grid,” in ISGT, 2014, pp. 1–5.

[35] Z. Zhang, S. Gong, A. D. Dimitrovski, and H. Li, “Time Synchronization Attack in Smart Grid: Impact
and Analysis,” IEEE Transactions on Smart Grid, vol. 4, no. 1, pp. 87–98, Mar. 2013.

[36] I. Darwish, O. Igbe, O. Celebi, T. Saadawi, and J. Soryal, “Smart Grid DNP3 Vulnerability Analysis and
Experimentation,” in IEEE 2nd International Conference on Cyber Security and Cloud Computing
(CSCloud), 2015, pp. 141–147.

[37] B. Alohali, K. Kifayat, Q. Shi, and W. Hurst, “Replay Attack Impact on Advanced Metering
Infrastructure (AMI),” in Smart Grid Inspired Future Technologies, vol. 175, Springer International
Publishing, 2017, pp. 52–59.

[38] Z. Lu, W. Wang, and C. Wang, “From jammer to gambler: Modeling and detection of jamming
attacks against time-critical traffic,” in Proceedings IEEE INFOCOM, 2011, pp. 1871–1879.

[39] M. Qiu, W. Gao, M. Chen, J.-W. Niu, and L. Zhang, “Energy Efficient Security Algorithm for Power
Grid Wide Area Monitoring System,” IEEE Transactions on Smart Grid, vol. 2, no. 4, pp. 715–723, Dec.
2011.

[40] Y. Liu, P. Ning, and M. K. Reiter, “False data injection attacks against state estimation in electric
power grids,” ACM Transactions on Information and System Security (TISSEC), vol. 14, no. 1, p. 13, 2011.

[41] A. Anwar, A. N. Mahmood, and Z. Tari, “Identification of vulnerable node clusters against false data
injection attack in an AMI based Smart Grid,” Information Systems, vol. 53, pp. 201–212, Oct. 2015.

[42] Depeng Li, Zeyar Aung, J. Williams, and A. Sanchez, “P2DR: PrivacyPreserving Demand Response
system in smart grids,” in International Conference on Computing, Networking and Communications
(ICNC), 2014, pp. 41–47.

[43] Y. Zhang, L. Wang, and Y. Xiang, “Power System Reliability Analysis With Intrusion Tolerance in
SCADA Systems,” IEEE Transactions on Smart Grid, vol. 7, no. 2, pp. 669–683, Mar. 2016.

[44] İ. Özçelik and R. R. Brooks, “Cusum - entropy: an efficient method for DDoS attack detection,” in 4th
International Istanbul Smart Grid Congress and Fair (ICSG), 2016, pp. 1–5.

[45] D. B. Rawat and C. Bajracharya, “Detection of False Data Injection Attacks in Smart Grid
Communication Systems,” IEEE Signal Processing Letters, vol. 22, no. 10, pp. 1652–1656, Oct. 2015.
[46] Y. Zhang, L. Wang, W. Sun, R. C. Green II, and M. Alam, “Distributed intrusion detection system in a
multi-layer network architecture of smart grids,” IEEE Transactions on Smart Grid, vol. 2, no. 4, pp. 796–
808, 2011.

[47] Q. Li and G. Cao, “Multicast authentication in the smart grid with onetime signature,” IEEE
Transactions on Smart Grid, vol. 2, no. 4, pp. 686–696, 2011.

[48] M. Kammerstetter, L. Langer, F. Skopik, and W. Kastner, “Architecturedriven smart grid security
management,” in Proceedings of the 2nd ACM workshop on Information hiding and multimedia security,
2014, pp. 153–158.

[49] S. E. McLaughlin, D. Podkuiko, A. Delozier, S. Miadzvezhanka, and P. McDaniel, “Embedded

Firmware Diversity for Smart Electric Meters.,” in HotSec, 2010.

[50] Y. Kwon, H. K. Kim, Y. H. Lim, and J. I. Lim, “A behavior-based intrusion detection technique for
smart grid infrastructure,” in IEEE PowerTech, 2015, pp. 1–6.

[51] U. K. Premaratne, J. Samarabandu, T. S. Sidhu, R. Beresh, and J.-C. Tan, “An intrusion detection
system for IEC61850 automated substations,” IEEE Transactions on Power Delivery, vol. 25, no. 4, pp.
2376–2383, 2010.

[52] The KDD99 dataset available at : https://kdd.ics.uci.edu/databases/kddcup99/task.html

[53] M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A detailed analysis of the KDD CUP 99 data
set,” in IEEE Symposium on Computational Intelligence for Security and Defense Applications . (CISDA),
2009, pp. 1–6.

[54] M. Erol-Kantarci and H. T. Mouftah, “Smart grid forensic science: applications, challenges, and open
issues,” IEEE Communications Magazine, vol. 51, no. 1, pp. 68–74, 2013.

[55] A. P. Fournaris, P. Kitsos, and N. Sklavos, “Security and Cryptographic Engineering in Embedded
Systems,” in Embedded Computing Systems: Applications, Optimization, and Advanced Design, IGI
Global, 2013, pp. 420–438.