+1 Recommend
1 collections
      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      Neural Net-Based Anomaly Detection System in Substation Networks



      6th International Symposium for ICS & SCADA Cyber Security Research 2019 (ICS-CSR)

      Cyber Security Research

      10th-12th September 2019

      Substation, Electric Power Systems, Anomaly Detection, IEC 60870-5-104, IEC 61850, Neural Network



            Important components of the electric energy distribution systems are primary and secondary substations. Due to the incorporation of legacy communication infrastructure in these systems, they often have inherent cyber-security vulnerabilities. Further, traditional intrusion defence strategies for IT systems are often not applicable. In order to improve cyber-security in substation networks, this paper presents a neural net-based monitoring system. Further, to evaluate the applicability of the system, all experiments were conducted on a real test bed, which represents the substation domain as close as possible to reality. The proposed monitoring system covers several tasks. First, relevant network packets are acquired from network traffic and analysed. Based on these packets statistical features are extracted. Then, classes are defined, and a normal behaviour model of the network is trained by the neural net. New network traffic is compared to the model, in order to determine the nature of the traffic and identify potential anomalies. Finally, the monitoring system is evaluated by conducting several supervised and unsupervised network attacks against the test bed.


            Author and article information

            September 2019
            September 2019
            : 41-48
            [0001]Limes Security

            Hagenberg, Austria

            [0002]University of Applied Sciences

            St. Pölten

            Institute of IT Security Research

            St. Pölten, Austria

            © Philipp Kreimel et al. Published by BCS Learning and Development Ltd. 6th International Symposium for ICS & SCADA Cyber Security Research 2019

            This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

            6th International Symposium for ICS & SCADA Cyber Security Research 2019
            Athens, Greece
            10th-12th September 2019
            Electronic Workshops in Computing (eWiC)
            Cyber Security Research
            Product Information: 1477-9358BCS Learning & Development
            Self URI (journal page): https://ewic.bcs.org/
            Electronic Workshops in Computing


            1. 2010 Intrusion detection in scada networks IFIP International Conference on Autonomous Infrastructure, Management and Security 163 166 Springer

            2. 2007 Using model-based intrusion detection for scada networks Proceedings of the SCADA security scientific symposium 46 1 12 Citeseer

            3. 2009 Cyber-critical infrastructure protection using real-time payload-based anomaly detection International Workshop on Critical Information Infrastructures Security 85 97 Springer

            4. 2005 Security for industrial communication systems Proceedings of the IEEE 93 6 1152 1177

            5. 2013 Model-based intrustion detection for the smart grid (minds) Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop 27 ACM

            6. 2012 Cyber-physical security in a substation 2012 IEEE Power and Energy Society General Meeting 1 1 IEEE

            7. IEC 2006 Telecontrol equipment and systems-part 5-104: Transmission protocols-network access for iec 60870-5-101 using standard transport profiles vol. IEC 60870 5

            8. IEC 2013 Communication networks and systems for power utility automation IEC 61850 1

            9. IEEE 2010 July Ieee standard for electric power systems communications – distributed network protocol (dnp3) IEEE Std 1815-2010 1 775

            10. 2019 Behavior analysis and anomaly detection for a digital substation on cyber-physical system Electronics 8 3 326

            11. 2000 Concerns about intrusions into remotely accessible substation controllers and scada systems Proceedings of the Twenty-Seventh Annual Western Protective Relay Conference 160 Citeseer

            12. 2008 Evidence theory based decision fusion for masquerade detection in iec61850 automated substations 2008 4th International Conference on Information and Automation for Sustainability 194 199 IEEE

            13. 2010 Security analysis and auditing of iec61850-based automated substations IEEE Transactions on Power Delivery 25 4 2346 2355

            14. 2014 A review of security attacks on iec61850 substation automation system network Proceedings of the 6th International Conference on Information Technology and Multimedia 5 10 IEEE

            15. 2011 Detecting cyber intrusions in scada networks using multi-agent collaboration 2011 16th International conference on intelligent system applications to power systems 1 7 IEEE

            16. 2011 Anomaly detection for cybersecurity of the substations IEEE Transactions on Smart Grid 2 4 865 873

            17. US-CERT 2019 May ICS-CERT Control Systems Advisories and Reports https://ics-cert.us-cert.gov

            18. 2019 May Pcap4J - A Java library for capturing, crafting, and sending packets https://www.pcap4j.org/

            19. 2006 Anomaly-based intrusion detection for scada systems 5th intl. topical meeting on nuclear plant instrumentation, control and human machine interface technologies (npic&hmit 05) 12 16

            20. 2013 Intrusion detection system for iec 60870-5-104 based scada networks 2013 IEEE power & energy society general meeting 1 5 IEEE

            21. 2013 Rule-based intrusion detection system for scada networks Renewable Power Generation Conference (RPG 2013)

            22. 2014 Stateful intrusion detection for iec 60870-5-104 scada security 2014 IEEE PES General Meeting—Conference & Exposition 1 5 IEEE

            23. 2015 Jan Novel approach for detecting network anomalies for substation automation based on iec 61850 Multimedia Tools and Applications 74 1 303 318

            24. 2019 A security scheme for intelligent substation communications considering real-time performance Journal of Modern Power Systems and Clean Energy 1 14


            Comment on this article