Novel Approach for Detecting Network Anomalies for Substation Automation based on IEC 61850
详细信息    查看全文
  • 作者:Hyunguk Yoo (1)
    Taeshik Shon (1)

    1. Ajou University     ; Suwon ; Gyeonggi-do ; Republic of Korea
  • 关键词:IEC 61850 ; Substation automation ; Smartgrid ; Anomaly detection ; Machine learning ; EM ; SVM
  • 刊名:Multimedia Tools and Applications
  • 出版年:2015
  • 出版时间:January 2015
  • 年:2015
  • 卷:74
  • 期:1
  • 页码:303-318
  • 全文大小:953 KB
  • 参考文献:1. Barbosa RRR, Pras A (2010) Intrusion detection in SCADA networks. Mechanisms for autonomous management of networks and services. Springer, Berlin
    2. Barbosa RRR, Sadre R, Pras A (2012) Towards periodicity based anomaly detection in SCADA networks. Emerging Technologies & Factory Automation (ETFA), 2012 I.E. 17th Conference on. IEEE
    3. Breunig MM et al (2000) LOF: identifying density-based local outliers. ACM Sigmod Rec 29(2), ACM
    4. Cheung S, Dutertre B, Fong M, Lindqvist U, Skinner K, Valdes A (2007) Using model-based intrusion detection for SCADA networks. SCADA Security Scientific Symposium
    5. Dempster AP, Laird NM, Rubin DB (1977) Maximum likelihood from incomplete data via the EM algorithm. J R Stat Soc Ser B Methodol 39:1鈥?8
    6. Dussel P, Gehl C, Laskov P, Buber J-U, Stormann C, Kastner J (2010) Cyber-critical infrastructure protection using real-time payload-based anomaly detection. Critical Information Infrastructures Security
    7. Garitano I, Uribeetxeberria R, Zurutuza U (2010) A review of SCADA anomaly detection systems. Intelligent and Soft Computing
    8. Kirrmann H (2012) Introduction to the IEC 61850 electrical utility communication standard. ABB
    9. Markey EJ, Waxman HA (2013) Electric grid vulnerability: industry responses reveal security gaps.
    10. Mcafee. Application control. http://www.mcafee.com/us/products/application-control.aspx
    11. Pleijsier E (2013) Towards anomaly detection in SCADA networks using connection patterns
    12. Premaratne U, Samarabandu J, Sidhu T, Beresh B, Tan J-C (2008) Evidence theory based decision fusion for masquerade detection in IEC 61850 automated substations. Information and Automation for Sustainability, 2008. ICIAFS 2008. 4th International Conference on. IEEE
    13. Sch枚lkopf B et al (2001) Estimating the support of a high-dimensional distribution. Neural Comput 13.7:1443鈥?471 CrossRef
    14. Shon T, Moon J (2007) A hybrid machine learning approach to network anomaly detection. Information Sciences
    15. Ten C-W, Hong J, Liu C-C (2011) Anomaly detection for cybersecurity of the substations. IEEE Transactions on Smart Grid
    16. Torfino. Torfino Modbus TCP enforcer. http://www.tofinosecurity.com/products/Tofino-Modbus-TCP-Enforcer-LSM
    17. US-CERT, Vulnerability note VU#468798
    18. US-CERT, Vulnerability note VU#372878
    19. Valdes A, Cheung S (2009) Communication pattern anomaly detection in process control systems. Technologies for Homeland Security, 2009. HST鈥?9. IEEE Conference on. IEEE
    20. Valdes A, Cheung S (2009) Intrusion monitoring in process control systems. System sciences, 2009. HICSS鈥?9. 42nd Hawaii International Conference on. IEEE
    21. Yang D, Usynin A, Hines JW (2006) Anomaly-based intrusion detection for SCADA systems. 5th Intl. Topical Meeting on Nuclear Plant Instrumentation, Control and Human Machine Interface Technologies (NPIC&HMIT 05)
    22. Zhu B, Sastry S (2010) SCADA-specific intrusion detection/prevention systems: a survey and taxonomy. Proceedings of the 1st Workshop on Secure Control Systems
  • 刊物类别:Computer Science
  • 刊物主题:Multimedia Information Systems
    Computer Communication Networks
    Data Structures, Cryptology and Information Theory
    Special Purpose and Application-Based Systems
  • 出版者:Springer Netherlands
  • ISSN:1573-7721
文摘
An SA (Substation Automation) system based on IEC 61850 is an intelligent substation; it has been receiving considerable attention as a core component of a smart grid. The explosive increase of threats to cyber security has been expanded to critical national infrastructures including the power grid. Substation Automation has also become a main target of cyber-attacks. Currently, various countermeasures such as firewalls, IDS (Intrusion Detection System)s, and anti-virus solutions have been developed, but to date, these have not sufficiently reflected the inherent features of Substation Automation based on IEC 61850. This study suggests a method of anomaly detection for MMS (Manufacturing Message Specification) and GOOSE (Generic Object Oriented Substation Events) packets, the main communication protocols of IEC 61850 Substation Automation. 3-Phase preprocessing, EM (Expect Maximization), and one-class SVM (Support Vector Machine) techniques are applied. The effectiveness of the suggested method is evaluated through experiments.

© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号

地址:北京市海淀区学院路29号 邮编:100083

电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700