FIELD: physics, computer engineering.
SUBSTANCE: invention relates to the detection and identification of undesirable events in intelligent utility grid systems. A method of characterising malicious activity in an intelligent utility grid system, the method executable by a computer having at least one processor and at least one storage device, the method comprising steps of receiving, by the said at least one processor, information-technology (IT) data including IT-related activity from the intelligent grid system; receiving, by the said at least one processor, non-IT data including location-specific event data from a plurality of electronic sources, grid analogue measurements comprising phasor measurements and a list of targets with corresponding geographic locations; pre-processing, by the said at least one processor, the non-IT data including a sub-step of: disregarding the non-IT data failing to meet a predetermined level of relevance to one of a plurality of risk-related events; applying, by the said at least one processor, a plurality of rules to the pre-processed non-IT data, wherein the said application step comprises sub-steps of: associating an undesirable event with the IT-related activity; determining the probability that the undesirable event is indicative of malicious activity, wherein the determination sub-step comprises comparing a predetermined criteria to the non-IT data for generating one of a plurality of different probability levels in the form of a sum of: a product of the probability of occurrence of a deliberate malicious attack and the probability of existence of a vulnerability exploitable by the deliberate malicious attack; and a product of the probability of occurrence of an unexpected failure and the probability of existence of a vulnerability associated with the unexpected failure, wherein the said deliberate malicious attack and the said unexpected failure comprise mutually independent events; and applying, to the undesirable event by the said at least one processor, a risk characterisation based on the said probability level and IT-related activity.
EFFECT: efficient detection of malicious activity in an intelligent utility grid system.
23 cl, 49 dwg, 6 tbl
| Title | Year | Author | Number |
|---|---|---|---|
| UTILITY GRID COMMAND FILTER SYSTEM | 2011 |
|
RU2554540C2 |
| SYSTEM AND METHOD FOR CONTROL OF ELECTRIC POWER SYSTEM | 2009 |
|
RU2518178C2 |
| CONTROLLING POWER OUTAGE AND FAULTY STATE OF ELECTRICAL POWER SYSTEM | 2009 |
|
RU2525859C2 |
| INTELLIGENT NETWORK | 2011 |
|
RU2546320C2 |
| INTELLIGENT SYSTEM KERNEL | 2011 |
|
RU2541911C2 |
| DISTRIBUTED INTELLIGENCE OF ELECTRIC VEHICLE | 2013 |
|
RU2633407C2 |
| ANALYSING COMMUNICATION CHARACTERISTICS OF INTELLIGENT ELECTRONIC DEVICE (IED) | 2010 |
|
RU2440685C1 |
| CONTROL OF THE PRESENCE OF THE AGENT FOR SELF-RESTORING | 2014 |
|
RU2667598C1 |
| PROTECTION METHOD OF VEHICLE CONTROL SYSTEMS AGAINST INTRUSIONS | 2019 |
|
RU2737229C1 |
| METHODS AND SYSTEM TO DETECT FAILURE OF UTILITY NETWORK | 2007 |
|
RU2456725C2 |
