A comparison of different intrusion detection approaches in an advanced metering infrastructure network using ADVISE

Abstract

Utilities responsible for Advanced Metering Infrastructure (AMI) networks must be able to defend themselves from a variety of potential attacks so they may achieve the goals of delivering power to consumers and maintaining the integrity of their equipment and data. Intrusion detection systems (IDSes) can play an important part in the defense of such networks. Utilities should carefully consider the strengths and weaknesses of different IDS deployment strategies to choose the most cost-effective solution. Models of adversary behavior in the presence of different IDS deployments can help with making this decision as we demonstrate through a case study that uses a model created in the ADversary VIew Security Evaluation (ADVISE) formalism (which calculates metrics used to compare different IDSes). We show how these metrics give valuable insight into the selection of the appropriate IDS architecture for an AMI network.