Event Stream Processing for Intrusion Detection in Zigbee Home Area Networks
The current electrical grid system is incapable of meeting the rising demand for reliable energy in the modern world. As a result, power companies have been investing resources into the Smart Grid, a network-like electrical system that uses wireless communications to relay data to and from the producer and consumer so that the distribution of energy is economical, reliable, and environmentally friendly. One prospective wireless technology for the Home Area Network (HAN) within the Smart Grid is the ZigBee wireless network, a low cost efficient technology, which operates on top of and expands the IEEE 802.15.4 link-layer protocol. However, the ZigBee communication protocol is vulnerable to attack because it is designed with efficiency rather than security in mind. Fortunately, ZigBee is compatible with many intrusion detection technologies. Event stream processing is a promising technology for monitoring and detecting security violations, however very little analysis using event stream processing has been done with the ZigBee wireless network. In this study, we apply event stream processing, using the Intelligent Event Processor opensource software, to two specific intrusion scenarios: flood attacks and backoff manipulation attacks. From these we can create static, domain dependant, rules for detecting these and similar attacks on the ZigBee network. These initial rules will allow for more sophisticated rules to be made using statistical probability to detect anomalies. This research project focuses on how ZigBee packet data can be used to identify meaningful events in a HAN so that these patterns can be refined into dynamic rules and algorithms.