On the practicality of detecting anomalies with encrypted traffic in AMI

Download PDF
Open Webpage

Robin Berthier, David I. Urbina, Alvaro A. Cárdenas, Michael Guerrero, Ulrich Herberg, Jorjeta G. Jetcheva, Daisuke Mashima, Jun Ho Huh, Rakesh B. Bobba

Published: 01 Jan 2014, Last Modified: 14 Aug 2024SmartGridComm 2014EveryoneRevisionsBibTeXCC BY-SA 4.0
Abstract: Encryption is a key ingredient in the preservation of the confidentiality of network communications but can also be at odds with the mission of Intrusion Detection Systems (IDSes) to monitor traffic. This affects Advanced Metering Infrastructures (AMIs) too where the scale of the network and the sensitivity of communication make deploying IDSes along with encryption solutions mandatory. In this paper, we study four different approaches for reconciling the twin goals of confidentiality and monitoring by investigating their practical use on a set of real-world packet-level traces collected at an operational AMI network.