Comparison of approaches for intrusion detection in substations using the IEC 60870-5-104 protocol

被引：4

作者：

Egger M. ^{[1
]}

Eibl G. ^{[2
]}

Engel D. ^{[2
]}

机构：

[1] Austrian Power Grid AG, IZD-Tower, Wagramer Str. 19, Vienna

[2] Salzburg University of Applied Sciences, Center for Secure Energy Informatics, Urstein Süd 1, Puch/Salzburg

来源：

Egger, Michael (michael.egger@apg.at) | 1600年 / Springer Nature卷 / 03期

关键词：

IEC; 60870-5-104; Intrusion detection; SCADA;

D O I：

10.1186/s42162-020-00118-4

中图分类号：

学科分类号：

摘要：

Electrical networks of transmission system operators are mostly built up as isolated networks without access to the Internet. With the increasing popularity of smart grids, securing the communication network has become more important to avoid cyber-attacks that could result in possible power outages. For misuse detection, signature-based approaches are already in use and special rules for a wide range of protocols have been developed. However, one big disadvantage of signature-based intrusion detection is that zero-day exploits cannot be detected. Machine-learning-based anomaly detection methods have the potential to achieve that. In this paper, various such methods for intrusion detection in substations, which use the asynchronous communication protocol International Electrotechnical Commission (IEC) 60870-5-104, are tested and compared. The evaluation of the proposed methods is performed by applying them to a data set which includes normal operation traffic and four different attacks. While the results of supervised and semi-supervised machine learning approaches are rather encouraging, the unsupervised and signature-based methods suffer from general bad performance and had difficulties to detect some attacks. © 2020, The Author(s).

引用

共 25 条

[1] Ang C.K.G., Utomo N.P., Cyber security in the energy world, 2017 Asian Conference on Energy, Power and Transportation Electrification (ACEPT), (2017)
[2] Berthier R., Sanders W.H., Khurana H., Intrusion detection for advanced metering infrastructures: Requirements and architectural directions, 2010 First IEEE International Conference on Smart Grid Communications, (2010)
[3] Butt U.J., Abbod M., Lors A., Jahankhani H., Jamal A., Kumar A., Ransomware threat and its impact on SCADA, 2019 IEEE 12th International Conference on Global Security, Safety and Sustainability (ICGS3), (2019)
[4] Win32/industroyer a new threat for industrial control systems. Techreport, ESET, (2017)
[5] Mar-17-352-01 hatman - safety system targeted malware (Update b). techreport, U.S, Department of Homeland Security, (2019)
[6] Czechowski R., Wicher P., Wiecha B., Cyber security in communication of SCADA systems using IEC 61850, 2015 Modern Electric Power Systems (MEPS), (2015)
[7] Falliere N., Murchu L.O., Chien E., (2011)
[8] Feng C., Li T., Chana D., Multi-level Anomaly Detection in Industrial Control Systems via Package Signatures and LSTM Networks, 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 261-272, (2017)
[9] Hoeve M., Detecting intrusions in encrypted control traffic, Proceedings of the First ACM Workshop on Smart Energy Grid Security - SEGS 2013, (2013)
[10] Telecontrol equipment and systems - Part 5-104: Transmission protocols - Network access for IEC 60870-5-101 using standard transport profiles. IEC 60870-5-104:2006, (2006)

← 1 2 3 →