Abstract
The Generic Object-Oriented Substation Events (GOOSE) protocol has been proposed to exchange critical events between intelligent electronic devices (i.e., protection relays) in real-time and address the interoperability issue within smart grid digital substations according to the IEC61850 standard. However, these digital substations are threatened by cyber-attacks due to GOOSE protocol vulnerabilities. This paper proposes a rule-based Network Intrusion Detection System (NIDS) to detect a wide range of cyber-attacks that target the specific protocol in power system protection applications. The proposed NIDS is based on the analysis of the normal behavior of the protocol, contrasted to attacker behavior aiming to affect the normal operation of an energy system by exploiting intrinsic vulnerabilities of the protocol. A set of time interval rules are derived to detect such cyber-attacks based on the time domain, while a sliding window mechanism is applied to handle the network jitter effect. The main advantages of the proposed solution are the robustness to network faults (i.e., network delays and packet loss) and the low attack detection time, which is less than 5 % of the strict time delivery requirement of GOOSE messages.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
