Detection of cyber intrusions using network-based multicast messages for substation automation
| Title | Detection of cyber intrusions using network-based multicast messages for substation automation |
| Publication Type | Conference Paper |
| Year of Publication | 2014 |
| Authors | Junho Hong, Chen-Ching Liu, Govindarasu, M. |
| Conference Name | Innovative Smart Grid Technologies Conference (ISGT), 2014 IEEE PES |
| Date Published | Feb |
| Keywords | anomaly detection, computer security, cyber security of substations, cyber security testbed, denial-of-service attacks, Educational institutions, false negative ratio, FNR, generic object-oriented substation event, GOOSE, GOOSE and SV, IEC 61850, IEC standards, IEEE 39-bus system model, Intrusion detection, intrusion detection system, low-fault negative rate, misclassified abnormal packets, Network security, network-based cyber intrusion detection system, network-based multicast messages, NIDS, packet modification, power engineering computing, predefined security rules, replay, sampled value, SAS, security of data, simultaneous cyber attacks, specification-based algorithm, substation automation, substation automation systems, SV |
| Abstract | This paper proposes a new network-based cyber intrusion detection system (NIDS) using multicast messages in substation automation systems (SASs). The proposed network-based intrusion detection system monitors anomalies and malicious activities of multicast messages based on IEC 61850, e.g., Generic Object Oriented Substation Event (GOOSE) and Sampled Value (SV). NIDS detects anomalies and intrusions that violate predefined security rules using a specification-based algorithm. The performance test has been conducted for different cyber intrusion scenarios (e.g., packet modification, replay and denial-of-service attacks) using a cyber security testbed. The IEEE 39-bus system model has been used for testing of the proposed intrusion detection method for simultaneous cyber attacks. The false negative ratio (FNR) is the number of misclassified abnormal packets divided by the total number of abnormal packets. The results demonstrate that the proposed NIDS achieves a low fault negative rate. |
| DOI | 10.1109/ISGT.2014.6816375 |
| Citation Key | 6816375 |
- sampled value
- network security
- network-based cyber intrusion detection system
- network-based multicast messages
- NIDS
- packet modification
- power engineering computing
- predefined security rules
- replay
- misclassified abnormal packets
- SaS
- security of data
- simultaneous cyber attacks
- specification-based algorithm
- substation automation
- substation automation systems
- SV
- GOOSE
- computer security
- cyber security of substations
- cyber security testbed
- denial-of-service attacks
- Educational institutions
- false negative ratio
- FNR
- generic object-oriented substation event
- Anomaly Detection
- GOOSE and SV
- IEC 61850
- IEC standards
- IEEE 39-bus system model
- Intrusion Detection
- intrusion detection system
- low-fault negative rate