Optimal Auditing on Smart-Grid Networks

As the existing power grid becomes increasingly complex, the deployment of Smart Grids–which can significantly improve the stability and efficiency of power infrastructure has seen increasing interest. However, with new technology comes new security concerns. Recent work has shown that fabricating valid but malicious messages on a Smart Grid’s SCADA network can cause widespread power outages. Moreover, the large scale, complexity, and tight constraints of these networks makes deploying in-line detection systems insufficient. A common approach is to instead conduct whole-network audits by temporarily duplicating & forwarding all network traffic to a server dedicated to detecting malicious content. This is usually done by taking advantage of port-mirroring to duplicate the packets received with minimal overhead. However, the operation of these audits sees a number of challenges. For instance, each router used to collect traffic demands physical set-up — thus there is a real cost to needlessly high coverage. In this work, we consider the problem of efficiently finding the minimal set of routers in the SCADA network to use for auditing traffic. This efficiency is critical for enabling timely auditing. Similar versions of this problem have seen study. However, they suffer either from a severe mismatch w.r.t. the problem domain, or from serious scalability concerns. This motivates us to devise a novel (2+𝜃)(ln ∣𝑉 ∣+1) approximation algorithm for this problem with a 2-approximation for the special case of tree networks. We experimentally evaluate our solution and compare it to an optimal IP formulation, finding that it performs near-optimally on small networks and significantly outperforms heuristics in all cases.

Download paper here