A new methodology for real-time detection of attacks in IEC 61850-based systems

详细信息    查看全文

• 作者：Lá ; zaro Eduardo da Silva^a ; ^b ; ^{lazaro@varginha.cefetmg.br}Author Vitae ; Denis Vinicius Coury^b ; ^{coury@sc.usp.br}Author Vitae
• 关键词：Anomaly detection ; Cyber security of substations ; Real time ; IEC-61850 ; IEC-62351 ; GOOSE messages
• 刊名：Electric Power Systems Research
• 出版年：2017
• 出版时间：February 2017
• 年：2017
• 卷：143
• 期：Complete
• 页码：825-833
• 全文大小：1667 K
• 卷排序：143

文摘

This paper presents a new methodology to detect spoofing attacks concerning Generic Object Oriented Substation Event (GOOSE) messages in IEC 61850 communication systems. The methodology is based on anomaly detection, in which GOOSE messages are characterized by observing the correct operation of the power system and any variation of the normal behavior is classified as an intrusion. To validate this methodology, a pulse generation logic was configured to communicate among Intelligent Electronic Devices (IEDs), which were prone to replication attacks and tampering messages. The results show that the IEDs are vulnerable to such attacks, and that the Intrusion Detection Systems (IDS) of corporate networks are not able to deal with specific attacks in IEC 61850. Considering this, real time tools are needed to analyze GOOSE messages in order to identify intrusion. The software proposed in this paper was very efficient in detecting replication and falsification messages.