Multidimensional Intrusion Detection System for IEC 61850-Based SCADA Networks

Yi Yang; Hai Qing Xu; Lei Gao; Yu Bo Yuan; Kieran McLaughlin; Sakir Sezer

doi:10.1109/TPWRD.2016.2603339

Multidimensional Intrusion Detection System for IEC 61850-Based SCADA Networks

Yi Yang
, Hai Qing Xu
, Lei Gao
, Yu Bo Yuan
, Kieran McLaughlin
, Sakir Sezer

Research output: Contribution to journal › Article › peer-review

149 Scopus citations

Abstract

Emerging cybersecurity vulnerabilities in supervisory control and data acquisition (SCADA) systems are becoming urgent engineering issues for modern substations. This paper proposes a novel intrusion detection system (IDS) tailored for cybersecurity of IEC 61850 based substations. The proposed IDS integrates physical knowledge, protocol specifications, and logical behaviors to provide a comprehensive and effective solution that is able to mitigate various cyberattacks. The proposed approach comprises access control detection, protocol whitelisting, model-based detection, and multiparameter-based detection. This SCADA-specific IDS is implemented and validated using a comprehensive and realistic cyber-physical test-bed and data from a real 500 kV smart substation.

Original language	English
Pages (from-to)	1068-1078
Number of pages	11
Journal	IEEE Transactions on Power Delivery
Volume	32
Issue number	2
DOIs	https://doi.org/10.1109/TPWRD.2016.2603339
State	Published - Apr 2017
Externally published	Yes

Keywords

IEC 61850
SCADA
Smart substation
cybersecurity
intrusion detection

Access to Document

10.1109/TPWRD.2016.2603339

Cite this

@article{39419c32e50547d381fff29d71189ed0,

title = "Multidimensional Intrusion Detection System for IEC 61850-Based SCADA Networks",

abstract = "Emerging cybersecurity vulnerabilities in supervisory control and data acquisition (SCADA) systems are becoming urgent engineering issues for modern substations. This paper proposes a novel intrusion detection system (IDS) tailored for cybersecurity of IEC 61850 based substations. The proposed IDS integrates physical knowledge, protocol specifications, and logical behaviors to provide a comprehensive and effective solution that is able to mitigate various cyberattacks. The proposed approach comprises access control detection, protocol whitelisting, model-based detection, and multiparameter-based detection. This SCADA-specific IDS is implemented and validated using a comprehensive and realistic cyber-physical test-bed and data from a real 500 kV smart substation.",

keywords = "IEC 61850, SCADA, Smart substation, cybersecurity, intrusion detection",

author = "Yi Yang and Xu, \{Hai Qing\} and Lei Gao and Yuan, \{Yu Bo\} and Kieran McLaughlin and Sakir Sezer",

note = "Publisher Copyright: {\textcopyright} 1986-2012 IEEE.",

year = "2017",

month = apr,

doi = "10.1109/TPWRD.2016.2603339",

language = "英语",

volume = "32",

pages = "1068--1078",

journal = "IEEE Transactions on Power Delivery",

issn = "0885-8977",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "2",

}

TY - JOUR

T1 - Multidimensional Intrusion Detection System for IEC 61850-Based SCADA Networks

AU - Yang, Yi

AU - Xu, Hai Qing

AU - Gao, Lei

AU - Yuan, Yu Bo

AU - McLaughlin, Kieran

AU - Sezer, Sakir

PY - 2017/4

Y1 - 2017/4

N2 - Emerging cybersecurity vulnerabilities in supervisory control and data acquisition (SCADA) systems are becoming urgent engineering issues for modern substations. This paper proposes a novel intrusion detection system (IDS) tailored for cybersecurity of IEC 61850 based substations. The proposed IDS integrates physical knowledge, protocol specifications, and logical behaviors to provide a comprehensive and effective solution that is able to mitigate various cyberattacks. The proposed approach comprises access control detection, protocol whitelisting, model-based detection, and multiparameter-based detection. This SCADA-specific IDS is implemented and validated using a comprehensive and realistic cyber-physical test-bed and data from a real 500 kV smart substation.

AB - Emerging cybersecurity vulnerabilities in supervisory control and data acquisition (SCADA) systems are becoming urgent engineering issues for modern substations. This paper proposes a novel intrusion detection system (IDS) tailored for cybersecurity of IEC 61850 based substations. The proposed IDS integrates physical knowledge, protocol specifications, and logical behaviors to provide a comprehensive and effective solution that is able to mitigate various cyberattacks. The proposed approach comprises access control detection, protocol whitelisting, model-based detection, and multiparameter-based detection. This SCADA-specific IDS is implemented and validated using a comprehensive and realistic cyber-physical test-bed and data from a real 500 kV smart substation.

KW - IEC 61850

KW - SCADA

KW - Smart substation

KW - cybersecurity

KW - intrusion detection

UR - https://www.scopus.com/pages/publications/85027505336

U2 - 10.1109/TPWRD.2016.2603339

DO - 10.1109/TPWRD.2016.2603339

M3 - 文章

AN - SCOPUS:85027505336

SN - 0885-8977

VL - 32

SP - 1068

EP - 1078

JO - IEEE Transactions on Power Delivery

JF - IEEE Transactions on Power Delivery

IS - 2

ER -

Multidimensional Intrusion Detection System for IEC 61850-Based SCADA Networks

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this