Abstract
An SA (Substation Automation) system based on IEC 61850 is an intelligent substation; it has been receiving considerable attention as a core component of a smart grid. The explosive increase of threats to cyber security has been expanded to critical national infrastructures including the power grid. Substation Automation has also become a main target of cyber-attacks. Currently, various countermeasures such as firewalls, IDS (Intrusion Detection System)s, and anti-virus solutions have been developed, but to date, these have not sufficiently reflected the inherent features of Substation Automation based on IEC 61850. This study suggests a method of anomaly detection for MMS (Manufacturing Message Specification) and GOOSE (Generic Object Oriented Substation Events) packets, the main communication protocols of IEC 61850 Substation Automation. 3-Phase preprocessing, EM (Expect Maximization), and one-class SVM (Support Vector Machine) techniques are applied. The effectiveness of the suggested method is evaluated through experiments.
Similar content being viewed by others
References
Barbosa RRR, Pras A (2010) Intrusion detection in SCADA networks. Mechanisms for autonomous management of networks and services. Springer, Berlin
Barbosa RRR, Sadre R, Pras A (2012) Towards periodicity based anomaly detection in SCADA networks. Emerging Technologies & Factory Automation (ETFA), 2012 I.E. 17th Conference on. IEEE
Breunig MM et al (2000) LOF: identifying density-based local outliers. ACM Sigmod Rec 29(2), ACM
Cheung S, Dutertre B, Fong M, Lindqvist U, Skinner K, Valdes A (2007) Using model-based intrusion detection for SCADA networks. SCADA Security Scientific Symposium
Dempster AP, Laird NM, Rubin DB (1977) Maximum likelihood from incomplete data via the EM algorithm. J R Stat Soc Ser B Methodol 39:1–38
Dussel P, Gehl C, Laskov P, Buber J-U, Stormann C, Kastner J (2010) Cyber-critical infrastructure protection using real-time payload-based anomaly detection. Critical Information Infrastructures Security
Garitano I, Uribeetxeberria R, Zurutuza U (2010) A review of SCADA anomaly detection systems. Intelligent and Soft Computing
Kirrmann H (2012) Introduction to the IEC 61850 electrical utility communication standard. ABB
Markey EJ, Waxman HA (2013) Electric grid vulnerability: industry responses reveal security gaps.
Mcafee. Application control. http://www.mcafee.com/us/products/application-control.aspx
Pleijsier E (2013) Towards anomaly detection in SCADA networks using connection patterns
Premaratne U, Samarabandu J, Sidhu T, Beresh B, Tan J-C (2008) Evidence theory based decision fusion for masquerade detection in IEC 61850 automated substations. Information and Automation for Sustainability, 2008. ICIAFS 2008. 4th International Conference on. IEEE
Schölkopf B et al (2001) Estimating the support of a high-dimensional distribution. Neural Comput 13.7:1443–1471
Shon T, Moon J (2007) A hybrid machine learning approach to network anomaly detection. Information Sciences
Ten C-W, Hong J, Liu C-C (2011) Anomaly detection for cybersecurity of the substations. IEEE Transactions on Smart Grid
Torfino. Torfino Modbus TCP enforcer. http://www.tofinosecurity.com/products/Tofino-Modbus-TCP-Enforcer-LSM
US-CERT, Vulnerability note VU#468798
US-CERT, Vulnerability note VU#372878
Valdes A, Cheung S (2009) Communication pattern anomaly detection in process control systems. Technologies for Homeland Security, 2009. HST‘09. IEEE Conference on. IEEE
Valdes A, Cheung S (2009) Intrusion monitoring in process control systems. System sciences, 2009. HICSS’09. 42nd Hawaii International Conference on. IEEE
Yang D, Usynin A, Hines JW (2006) Anomaly-based intrusion detection for SCADA systems. 5th Intl. Topical Meeting on Nuclear Plant Instrumentation, Control and Human Machine Interface Technologies (NPIC&HMIT 05)
Zhu B, Sastry S (2010) SCADA-specific intrusion detection/prevention systems: a survey and taxonomy. Proceedings of the 1st Workshop on Secure Control Systems
Acknowledgements
This work was supported by the Power Generation & Electricity Delivery Core Technology Program of the Korea Institute of Energy Technology Evaluation and Planning(KETEP) granted financial resource from the Ministry of Trade, Industry & Energy, Republic of Korea (No. 20131020402090).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Yoo, H., Shon, T. Novel Approach for Detecting Network Anomalies for Substation Automation based on IEC 61850. Multimed Tools Appl 74, 303–318 (2015). https://doi.org/10.1007/s11042-014-1870-0
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-014-1870-0