OLAF: Operation-level traffic analyzer framework for Smart Grid

The current Smart Grid supervisory control and data acquisition (SCADA) systems are primarily protected at the perimeter level with firewalls at the boundary of the networks. However, besides the attacks coming from the external Internet, internal attacks are equally concerning. Therefore, systems need to be protected from internal attacks within the perimeter. In Smart Grid, the Field Devices (FDs) are resource-constrained devices that do not have the ability to provide security analysis and protection by themselves. And the commonly used industrial control system protocols offer little security guarantee. To guarantee security inside the system, analysis and inspection of both internal network traffic and device status need to be placed close to FDs to provide timely information to power grid operators. For that, we have designed a unique, extensible and efficient operation-level traffic analyzer framework named OLAF. The time overhead and performance evaluations of the analyzer confirm efficiency and accuracy under our simulated Smart Grid operational traffic.