Towards Ultra-Low Latency User-Plane Cyberattack Detection in SDN-based Smart Grids

30 May

Aristide Tanyi-Jong Akem, PhD Student at IMDEA Networks Institute, Madrid, Spain

In-house Presentation

Machine Learning (ML) models are widely used for cyberattack detection in Smart Grids (SG) based on Software-Defined Networks (SDN). However, these models either run in external servers or in-network, fully in the application or control plane or distributed between the control and user planes. In all three cases, the models do not run at line rate and incur hundreds of milliseconds of delay in attack detection. This paper explores how ML inference in programmable switches can enable accelerated attack detection and mitigation in SGs at line rate with a sub-microsecond delay. The proposed workflow brings the concept of user plane inference to SDN-based SGs and deploys a trained Decision Tree (DT) model into the switch pipeline for real-time inference on live traffic. The model is implemented in a testbed with production-grade Intel Tofino switches, where experiments are run with a DNP3 intrusion detection dataset. Results reveal how the model can distinguish multiple attacks against SGs with an accuracy of 99%, incurring a delay within 356 nanoseconds, while consuming a tiny portion of the available resources in the switch. This work has been accepted for presentation at the 2024 ACM SIGEnergy Workshop on Cybersecurity and Privacy of Energy Systems (EnergySP), co-located with the ACM International Conference on Future and Sustainable Energy Systems (E-Energy ’24), Singapore, 4-7 June 2024.

About Aristide Tanyi-Jong Akem

Akem is a PhD student in the Networks Data Science Group at IMDEA Networks Institute in Madrid, Spain. He is also a student in the Telematics Engineering program at Universidad Carlos III de Madrid. He has also been a visiting researcher at Orange Labs, in Paris, France, Ranplan Wireless, and the University of Cambridge in the United Kingdom. Akem’s research focuses on user-plane inference with machine learning in programmable networks.

This event will be conducted in English

  • Location: MR-A1 [Ramón] & MR-A2 [Cajal], IMDEA Networks Institute, Avda. del Mar Mediterráneo 22, 28918 Leganés – Madrid
  • Organization: IMDEA Networks Institute; NETCOM Research Group (Telematics Engineering Department, UC3M)
  • Time: 13:00
  • Add to Calendar: iCalendar Outlook Google