BLITHE: Behavior Rule Based Insider Threat Detection for Smart Grid
DOWNLOAD PROJECT SYNOPSIS
A behavior rule-based methodology is proposed for insider threat (BLITHE) detection of data monitor devices in smart grid, where the continuity and accuracy of operations are of vital importance. Based on the dc power flow model and state estimation model, three behavior rules are extracted to depict the behavior norms of each device, such that a device (trustee) that is being monitored on its behavior can be easily checked on the deviation from the behavior specification. Specifically, a rule-weight and compliance-distance-based grading strategy is designed, which greatly improves the effectiveness of the traditional grading strategy for evaluation of trustees. The statistical property, i.e., the mathematical expectation of compliance degree of each trustee, is particularly analyzed from both theoretical and practical perspectives, which achieves satisfactory tradeoff between detection accuracy and false alarms to detect more sophisticated and hidden attackers.