Your browser does not support JavaScript!
http://iet.metastore.ingenta.com
1887

access icon openaccess FARIMA model-based communication traffic anomaly detection in intelligent electric power substations

The technological advances of intelligent electric substations have significantly improved the operational performance of power utilities by incorporating advanced monitoring and control functionalities. The data traffic patterns in substation communication network (SCN) need to be better understood to improve the SCN performance against different forms of cyber-attacks. To this end, this study presents a fractional auto-regressive integrated moving average (FARIMA)-based threshold model to characterise the SCN traffic flow based on the IEC 61850 protocol and carry out anomaly detection. The performance of the proposed anomaly detection solution is assessed and validated through numerical analysis under the condition of the cyber storm based on the collected SCN data traffic from a real 110 kV substation, and the numerical results clearly confirmed its effectiveness.

References

    1. 1)
      • 24. Sabatini, A.: ‘A statistical mechanical analysis of postural sway using non-Gaussian FARIMA stochastic models’, IEEE Trans. Biomed. Eng., 2000, 47, (9), pp. 12191227.
    2. 2)
      • 9. Yang, T., Zhao, R., Zhang, W., et al: ‘On the modelling and analysis of communication traffic in intelligent electric power substations’, IEEE Trans. Power Deliv., 2017, 32, (3), pp. 13291338.
    3. 3)
      • 16. US-CERT.: ‘Understanding denial-of-service attacks’, available at: https://www.us-cert.gov/ncas/tips/ST04-015, accessed March 2018.
    4. 4)
      • 15. Sung, A., Mukkamala, S.: ‘Identifying important features for intrusion detection using support vector machines and neural networks’. Symp. Applications and the Internet, Orlando, FL, USA, 2003, pp. 209216.
    5. 5)
      • 7. Zhu, L., Shi, D., Wang, P.: ‘IEC 61850-based information model and configuration description of communication network in substation automation’, IEEE Trans. Power Deliv., 2014, 29, (1), pp. 97107.
    6. 6)
      • 14. ‘Cyber-attack against Ukrainian critical infrastructure’, available at: https://ics-cert.us-cert.gov/alerts/IR-ALERT-H-16-056-01, accessed March 2018.
    7. 7)
      • 1. IEC Communications Networks and Systems in Substations, IEC 61850, 2005.
    8. 8)
      • 17. Hoque1, M., Mukit, M., Bikas, M.: ‘An implementation of intrusion detection system using genetic algorithm’, In Proc. Int. J. Netw. Sec. Appl. (IJNSA), 2012, 4, (2), pp. 109120.
    9. 9)
      • 2. Li, F., Qiao, W., Sun, H., et al: ‘Smart transmission grid: vision and framework’, IEEE Trans. Smart Grid, 2010, 1, (2), pp. 168177.
    10. 10)
      • 26. Akaike, H.: ‘A new look at the statistical model identification’, IEEE Trans. Autom. Control, 1974, 19, (6), pp. 716723.
    11. 11)
      • 23. Leland, W., Taqqu, M., Willinger, W., et al: ‘On the self-similar nature of Ethernet traffic’, IEEE/ACM Trans. Netw., 1994, 2, (1), pp. 115.
    12. 12)
      • 19. Assadhan, B., Zeb, K., Al-Muhtadi, J., et al: ‘Anomaly detection based on LRD behavior analysis of decomposed control and data planes network traffic using SOSS and FARIMA models’, IEEE. Access, 2017, 5, pp. 1350113519.
    13. 13)
      • 12. ISO-IEC 61850, Part 8–1: Specific Communication Service Mapping (SCSM) – Mappings to MMS (ISO 9506-1 and ISO 9506-2) and to ISO/IEC 8802-3, May 2004.
    14. 14)
      • 10. ISO-IEC 61850, Part 7–9, IEC 61850, 2005.
    15. 15)
      • 20. Ghazaleh, V., Farshad, A., Sadeqh, J.: ‘On the fractal self-similarity of laryngeal pathologies detection: The estimation of hurst parameter’. 5th Int. Conf. Information Technology and Applications in Biomedicine, Shenzhen, China, May 2008, pp. 383386.
    16. 16)
      • 8. Liu, X., Pang, J., Zhang, L., et al: ‘A high-reliability and determinacy architecture for smart substation process-level network based on cobweb topology’, IEEE Trans. Power Deliv., 2014, 29, (2), pp. 842850.
    17. 17)
      • 4. Kolbusz, J., Paszczynski, S., Wilamowski, B.M.: ‘Network traffic model for industrial environment’, IEEE Trans. Ind. Inf., 2006, 2, (4), pp. 213220.
    18. 18)
      • 13. Bulbul, R., Sapkota, P., Ten, C., et al: ‘Intrusion evaluation of communication network architectures for power substations’, IEEE Trans. Power Deliv., 2015, 30, (3), pp. 13721382.
    19. 19)
      • 18. Vaidya, B., Makrakis, D., Mouftah, H.: ‘Authentication and authorization mechanisms for substation automation in smart grid network’, IEEE Netw., 2013, 27, (1), pp. 511.
    20. 20)
      • 22. Decotignie, J.: ‘Ethernet-based real-time and industrial communications’, Proc. IEEE, 2005, 93, (6), pp. 11021117.
    21. 21)
      • 5. Zhang, Y., Cai, Z., Li, X., et al: ‘Analytical modelling of traffic flow in the substation communication network’, IEEE Trans. Power Deliv., 2015, 30, (5), pp. 21192127.
    22. 22)
      • 21. Wooldridge, J.: ‘Introductory econometrics a modern approach’ (South-Western College Publisher, Cincinnati, OH, USA, 2015).
    23. 23)
      • 11. Fan, C., Chen, X., Ma, Y., et al: ‘Research of configuration about substation based on IEC61850’, Power Syst. Prot. Control, 2007, 35, (8), pp. 4144.
    24. 24)
      • 6. Wang, J.: ‘A process level network traffic prediction algorithm based on ARIMA model in smart substation’. Proc. 14th IEEE Signal Processing, Communication and Computing (ICSPCC), Kunming, China, August 2013, pp. 15.
    25. 25)
      • 27. DARPA intrusion detection evaluation dataset, available at https://www.ll.mit.edu/r-d/datasets/1999-darpa-intrusion-detection-evaluation-data-set, accessed on July 2018.
    26. 26)
      • 3. Giustina, D., Rinaldi, S.: ‘Hybrid communication network for the smart grid: results from a field test experience’, IEEE Trans. Power Deliv., 2015, 30, (6), pp. 24922500.
    27. 27)
      • 25. Corradi, M., Garroppo, R.G., Giordano, S., et al: ‘Analysis of f-ARIMA processes in the modeling of broadband traffic in communications’. 12th IEEE Int. Conf. Communications Conf. Record on 2001, Helsinki, Finland, August 2001, Vol. 3, pp. 964968.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-cps.2018.5052
Loading

Related content

content/journals/10.1049/iet-cps.2018.5052
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
This is a required field
Please enter a valid email address