Wenyu Ren
  • HOME
  • EDUCATION
  • RESEARCH
    • Online, Context-aware, Intelligent Anomaly Detection and Analysis for SCADA Systems
    • Intelligent Synchrophasor Data Real-Time Compression
    • Applied Resiliency for More Trustworthy Grid Operation (ARMORE)
    • Secure and Scalable Data Collection Protocol in Smart Grid
    • Optimal Data Replication in RSU Aided Vehicles Networks
    • Limits of Predictability and Patterns of Vehicular Mobility
    • Optimal Vehicle Number and Coding Decision in Vehicular DTNs
    • Multi-Armed Bandit Problem
    • Green Data Center
  • PUBLICATION
  • ABOUT ME
  • CV

Online, Context-aware, Intelligent Anomaly Detection and Analysis for SCADA Systems

Advisor: Prof. Klara Nahrstedt
MONET Group in UIUC
June 2017–May 2019
Brief Introduction
The objective of this project is to develop an online, context-aware, intelligent framework for anomaly detection, anomalous data analysis, causal reasoning, consequence indication and response suggestion for SCADA networks. The designed framework monitors the network traffic in SCADA networks, detects anomalous events in real time, and provides context-aware information for those anomalies to guide reasoning and consequences of anomalous events, which lead to operational resilience and recovery.
Our Contribution
  • This project contains two sub-projects. In the first sub-project, we develop a novel edge-based multi-level anomaly detection framework for SCADA networks named EDMAND. EDMAND monitors three levels of network traffic data and applies appropriate anomaly detection methods based on the distinct characteristics of data. Alerts are generated, aggregated, prioritized before sent back to control centers. A prototype of the framework is built to evaluate the detection ability and time overhead of it.
  • The objective for the second project is to develop a framework to analyze the generated alerts by EDMAND. We proposed a causal-polytree-based anomaly reasoning framework for SCADA networks, named CAPTAR. CAPTAR takes the meta-alerts from our previous anomaly detection framework EDMAND, correlates the them using a naive Bayes classifier, and matches them to predefined causal polytrees. Utilizing Bayesian inference on the causal polytrees, CAPTAR can produces a high-level view of the security state of the protected SCADA network.
Powered by Create your own unique website with customizable templates.