Abstract
The introduction of the cyber-physical system (CPS) into power systems has created a variety of communication requirements and functions that existing legacy systems do not support. To this end, the IEEE 1815.1 standard defines the mapping between existing distributed network protocol networks and IEC 61850 networks that reflect new requirements. However, advanced CPS cyberattacks have been reported, and in order to address cyberattacks, security research on new power systems that use network devices and heterogeneous communication is necessary. In this study, we propose an intrusion detection system for an IEEE 1815.1-based power system using CPS. We 1) analyze an IEEE 1815.1-based power system network and propose a suitable application method for an intrusion detection system, 2) suggest a bidirectional recurrent neural network-based anomaly detection system for an IEEE 1815.1-based network, and 3) demonstrate the verification of the proposed technique using various power system-specific attack data, including real power system using CPS network traffic, CPS malware behavior (CMB), false data injection (FDI), and disabling reassembly (DR) attacks. Proposed technique successfully detected five types of CMB attacks, three types of FDI and DR attacks.
Highlights
The Distributed network protocol (DNP3) [1] is the de facto communication protocol used at the distribution and transmission level and it is widely used in the North American and Asian power systems
In our prior work [14], we proposed an anomaly detection model that learned header-based whitelist and payload through one-class support vector machine (OCSVM) and verified it using testbed data
By verifying the validity of the data transmitted through the network using the BRNN model via each associated payload field, the proposed technique was found to satisfy the functional considerations of the supervisory control and data acquisition (SCADA) system
Summary
The Distributed network protocol (DNP3) [1] is the de facto communication protocol used at the distribution and transmission level and it is widely used in the North American and Asian power systems. With the introduction of the cyber-physical system (CPS), various power systems are connected, resulting in communication functions and requirements that the existing DNP3 systems cannot support. The ‘‘IEC 61850-Communication networks and systems for power utility automation [2]’’ standard is the standard for communication networks and systems in substations. Since 2007, IEC 61850 has expanded to communications networks and systems for power utility. IEC 61850 defines a systematic data structure and communication functions, considering the interoperability and requirements of various interconnected systems for power systems using CPS. For the power system using CPS, the existing DNP3 system adopts the IEC 61850 system; the standard for mapping DNP3 and IEC 61850 for this is IEEE 1815.1 [3]
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
