Skip to content
Snippets Groups Projects
Select Git revision
  • main default protected
1 result
user avatar
Data update
Verena Menzel authored
f126c38e
History
user avatar f126c38e
History
Name Last commit Last update
demkit_adaptions
ids
.gitignore
README.md
README.md

Interfacing process-aware Intrusion Detection for distributed energy sources with DEMKit

Sustainable energy requires robust communication infrastructure for optimized distribution, with SCADA systems managing decentralized grids. However, integrating smart systems into legacy infrastructure introduces cybersecurity risks like false data injection and man-in-the-middle attacks.
This study advances a process-aware Intrusion Detection System (IDS) that leverages SCADA topology and real-time sensor data for improved attack detection. Expanding on prior work in medium-to-low-voltage grids, we adapt the IDS to multi-energy systems using the Decentralized Energy Management ToolKit (DEMKit).

For more details we refer to:

Verena Menzel, Paul S. Dirksen, and Anne Remke. Interfacing process-aware Intrusion Detection for distributed energy sources with DEMKit. TBA, 2025. Manuscript in preparation

Funding

This research is conducted within the NWO project ISoLATE (CS.016).

Directory overview

ids/implementation: core IDS implementation

ids/ids_dev_setup: functionality to start the distributed IDS in multiple threads on a developer machine

To start the IDS, call the following in this repository (after you started the data replay, see below):

python development_setup_demkit.py

ids/replay-csv: replay functionality including manipulated DEMKit Scenario data

To start the replay of CSV data, call the following in this repository:

python replayDEMKit.py

demkit_adaptions: Adaptions made to DEMKit for logging of the demostreet scenario; more information see below.

Implemented requirements

Requirement Name Description Scope
S1 In every household the power fed in equals the power consumed. house-level/local
S2 Safety threshold regarding current is met at every meter. house-level/local
S3 State of charge never exceeds defined limit (e.g. 12000Wh). house-level/local
S4 Only power generating devices can feed power into the grid. house-level/local
S5 Battery dis-/charge rate does not exceed safe operational limit. house-level/local
S6 Only registered houses (or power generators) are feeding into the grid. neighbourhood level
S7 Operator defined threshold of current in neighborhood is met for all meters. neighbourhood level

Adaptations of DEMKit

To implement a compatible CSV logging system for the IDS input files, we made specific adaptations rather than forking the entire DEMKit repository. Below, we provide the modified files:

  • device.py: Adds a call to our custom logging function. Place this file in demkit/components/dev.
  • mdi.py: Implements the custom logging functionality, storing the necessary data as CSV files in the workspace folder. Place this file in demkit/components/util.
  • manualMDI.py: Generates different types of attack files based on the base files created during the simulation. Place this file in demkit/components/util.