Evaluating Intrusion Detection Systems in Power Grids: A Practical Framework

This master’s thesis deals with the evaluation of intrusion detection systems (IDSs) in power grids, which represent an essential part of the critical infrastructure. Due to the development towards decentralized architectures and advanced interconnectivity, these systems have become vulnerable to attacks. Additionally, their special requirements do not allow for classical security mechanisms, for which IDS are favorable alternatives. Although research continuously proposes new work in this field, in which new systems are designed and implemented, there is little focus on evaluating them. Since the evaluation processes in this area are limited in their conceptualization, the respective results are difficult to interpret and compare.

To address these challenges, this thesis describes our contributions to this research field, as we develop a methodology for the evaluation of IDS, which emphasizes the accuracy and realism of the scenarios. We divide the evaluation process into several aspects, which in conjunction establish a set of guidelines for meaningful evaluation results. In order to be able to apply this methodology consistently in practice, we develop a framework that automatically carries out the practical part of evaluations and thus produces reproducible results. We then apply the methodology and practical framework for our own evaluations and use it to evaluate StationGuard and Suricata, allowing us to draw precise conclusions and comparisons between the two systems.

Here, you can learn more about this project: Master Thesis