Comparison of approaches for intrusion detection in substations using the IEC 60870-5-104 protocol

Egger Michael; Eibl Günther; Engel Dominik

首页> 外文期刊>Energy Informatics >Comparison of approaches for intrusion detection in substations using the IEC 60870-5-104 protocol

【24h】

Comparison of approaches for intrusion detection in substations using the IEC 60870-5-104 protocol

机译：使用IEC 60870-5-104协议的变电站入侵检测方法的比较

获取原文

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

Electrical networks of transmission system operators are mostly built up as isolated networks without access to the Internet. With the increasing popularity of smart grids, securing the communication network has become more important to avoid cyber-attacks that could result in possible power outages. For misuse detection, signature-based approaches are already in use and special rules for a wide range of protocols have been developed. However, one big disadvantage of signature-based intrusion detection is that zero-day exploits cannot be detected. Machine-learning-based anomaly detection methods have the potential to achieve that. In this paper, various such methods for intrusion detection in substations, which use the asynchronous communication protocol International Electrotechnical Commission (IEC) 60870-5-104, are tested and compared. The evaluation of the proposed methods is performed by applying them to a data set which includes normal operation traffic and four different attacks. While the results of supervised and semi-supervised machine learning approaches are rather encouraging, the unsupervised and signature-based methods suffer from general bad performance and had difficulties to detect some attacks.

机译：传输系统运算符的电气网络主要建立为孤立的网络，无需访问互联网。随着智能电网的普及，确保通信网络变得更加重要，以避免可能导致可能的停电的网络攻击。为了误用检测，已经使用了基于签名的方法，并且已经开发了各种协议的特殊规则。然而，基于签名的入侵检测的一个巨大缺点是无法检测到零日的漏洞。基于机器学习的异常检测方法有可能实现这一目标。在本文中，测试并比较了使用异步通信协议国际电工委员会（IEC）60870-5-104的变电站中的各种这种入侵检测方法。通过将它们应用于包括正常操作流量和四种不同攻击的数据集来执行所提出的方法的评估。虽然监督和半监督机器学习方法的结果相当令人鼓舞，但无监督和基于签名的方法遭受一般不良性能，并且难以检测到一些攻击。

著录项

来源
《Energy Informatics》 |2020年第1期|共17页
作者
Egger Michael; Eibl Günther; Engel Dominik;
展开▼
作者单位

展开▼
收录信息
原文格式 PDF
正文语种
中图分类计算技术、计算机技术;
关键词
Intrusion detectionIEC 60870-5-104SCADA;

机译：入侵检测60870-5-104SCASA;

相似文献

外文文献
中文文献
专利

1. A Simulation Environment for Intrusion Detection System in IEC 61850 Based Substation Automation System [J] . YooJin Kwon, Seongho Ju, Yonghun Lim 计算机技术与应用：英文 . 2013,第007期

机译：基于IEC 61850的变电站自动化系统中入侵检测系统的仿真环境
2. An Intrusion Detection System for IEC61850 Automated Substations [J] . Premaratne U. K., Samarabandu J., Sidhu T. S., Power Delivery, IEEE Transactions on . 2010,第4期

机译：IEC61850自动化变电站的入侵检测系统
3. Assessing the cyber-security of the IEC 60870-5-104 protocol in SCADA system [J] . Qais Saif Qassim, Norziana Jamil, Muhammad Reza Zaba, International Journal of Critical Infrastructures . 2020,第2期

机译：评估SCADA系统IEC 60870-5-104协议的网络安全性
4. Stateful intrusion detection for IEC 60870-5-104 SCADA security [C] . Yang, Y., McLaughlin, K., Sezer, S., IEEE PES General Meeting, Conference & Exposition . 2014

机译：有状态入侵检测，用于IEC 60870-5-104 SCADA安全
5. Data Flow Control and Performance Evaluation of IEC 61850 Substation Automation System [D] . Dong, Fangfang. 2018

机译：IEC 61850变电站自动化系统的数据流控制和性能评估
6. A Protocol Layer Trust-Based Intrusion Detection Scheme for Wireless Sensor Networks [O] . Jian Wang, Shuai Jiang, Abraham O. Fapojuwo 2017

机译：无线传感器网络基于协议层信任的入侵检测方案
7. Stateful Intrusion Detection for IEC 60870-5-104 SCADA Security [O] . Yang, Y., McLaughlin, K., Sezer, S., 2014

机译：用于IEC 60870-5-104 SCADA安全性的状态入侵检测

Comparison of approaches for intrusion detection in substations using the IEC 60870-5-104 protocol

摘要

著录项

相似文献

相关主题

期刊订阅