Bloom Filter Based Intrusion Detection for Smart Grid



Journal Title

Journal ISSN

Volume Title



This thesis addresses the problem of local intrusion detection for SCADA (Supervisory Control and Data Acquisition) field devices in the smart grid. A methodology is proposed to detect anomalies in the communication patterns using a combination of n-gram analysis and Bloom Filter. The predictable and regular nature of the SCADA communication patterns is exploited to train the intrusion detection system. The protocol considered to test the proposed approach is MODBUS which is used for communication between a SCADA server and field devices in power system. The approach is tested for attacks like HMI compromise and Man-in-the-Middle.

Bloom Filter is chosen because of its strong space advantage over other data structures like hash tables, linked lists etc. for representing sets. The advantage comes from its probabilistic nature and compact array structure. The false positive rates are found to be minimal with careful choice of parameters for Bloom Filter design. Also the memory-efficient property of Bloom Filter makes it suitable for implementation in resource constrained SCADA components. It is also established that the knowledge of physical state of the power system i.e., normal, emergency or restorative state can help in improving the accuracy of the proposed approach.