The core concept of the smart grid is the realization of two-way communications between smart devices. The integration of complex and heterogeneous networks as well as their devices into the smart grid must be done not only in an efficient but also a secure manner. Nonetheless, with all its dependency upon device operations and communications, the smart grid is highly vulnerable to any security risk stemming from devices. Especially, the use of compromised devices can wreak havoc on the smart grid’s critical functionalities and can cause catastrophic consequences to the integrity of the smart grid data and/or users’ privacy.
In this work, we propose a configurable system-level framework that is capable of monitoring and identifying compromised devices which are performing unauthorized operations inside the smart grid architecture. Specifically, the proposed framework utilizes system and function call tracing techniques and statistical analysis to monitor compromised devices’ behavior.