An Intrusion Detection System for IEC61850 Automated Substations

Author

Premaratne, Upeka Kanchana ; Samarabandu, Jagath ; Sidhu, Tarlochan S. ; Beresh, Robert ; Tan, Jian-Cheng

Author_Institution

Dept. of Electr. & Comput. Eng., Univ. of Western Ontario, London, ON, Canada

Volume

25

Issue

4

fYear

2010

Firstpage

2376

Lastpage

2383

Abstract

This paper proposes the use of an intrusion detection system (IDS) tailored to counter the threats to an IEC61850-automated substation based upon simulated attacks on intelligent electronic devices (IEDs). Intrusion detection (ID) is the process of detecting a malicious attacker. It is an effective and mature security mechanism. However, it is not harnessed when securing IEC61850-automated substations. The IDS of this paper is developed by using data collected by launching simulated attacks on IEDs and launching packet sniffing attacks using forged address resolution protocol (ARP) packets. The detection capability of the system is then tested by simulating attacks and through genuine user activity. A new method for evaluating the temporal risk of an intrusion for an electric substation based upon the statistical analysis of known attacks is also proposed.

Keywords

IEC standards; power engineering computing; power system security; protocols; security of data; substation automation; IEC 61850 automated substation; address resolution protocol packet; intelligent electronic device; intrusion detection system; malicious attacker; security mechanism; IEC standards; Information security; Intrusion detection; IEC61850; information security; intrusion detection; simulated attacks;

fLanguage

English

Journal_Title

Power Delivery, IEEE Transactions on

Publisher

ieee

ISSN

0885-8977

Type

jour

DOI

10.1109/TPWRD.2010.2050076

Filename

5570110