| Title | Identification of Attack-based Digital Forensic Evidences for WAMPAC Systems |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Iqbal, A., Mahmood, F., Shalaginov, A., Ekstedt, M. |
| Conference Name | 2018 IEEE International Conference on Big Data (Big Data) |
| Date Published | dec |
| Keywords | attack-based digital forensic evidences, attribution, authentication, composability, cyber-attack, digital forensics, evidence, Forensic Artifacts, forensic investigations, hardware-in-the loop simulation, Hardware-in-the-Loop, Human Behavior, human-in-the-loop security center paradigm, knowledge base, knowledge based systems, Metrics, Monitoring, phasor measurement units, PMUs, power system analysis computing, power system forensics, Protection and Control systems, pubcrawl, Smart grids, smart power grids, substation, Substations, WAMPAC systems, wide area monitoring, Wide Area Monitoring Protection and Control |
| Abstract | Power systems domain has generally been very conservative in terms of conducting digital forensic investigations, especially so since the advent of smart grids. This lack of research due to a multitude of challenges has resulted in absence of knowledge base and resources to facilitate such an investigation. Digitalization in the form of smart grids is upon us but in case of cyber-attacks, attribution to such attacks is challenging and difficult if not impossible. In this research, we have identified digital forensic artifacts resulting from a cyber-attack on Wide Area Monitoring, Protection and Control (WAMPAC) systems, which will help an investigator attribute an attack using the identified evidences. The research also shows the usage of sandboxing for digital forensics along with hardware-in-the-loop (HIL) setup. This is first of its kind effort to identify and acquire all the digital forensic evidences for WAMPAC systems which will ultimately help in building a body of knowledge and taxonomy for power system forensics. |
| DOI | 10.1109/BigData.2018.8622550 |
| Citation Key | iqbal_identification_2018 |
Identification of Attack-based Digital Forensic Evidences for WAMPAC Systems