Detection of DoS Attacks Using ARFIMA Modeling of GOOSE Communication in IEC 61850 Substations

Elbez, Ghada; Keller, Hubert B.; Bohara, Atul; Nahrstedt, Klara; Hagenmeyer, Veit

doi:10.3390/en13195176

Cited by 9 publications

(10 citation statements)

References 40 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To thoroughly describe the characteristics of the GOOSE network traffic, an ARFIMA model is presented in [7]. The ARFIMA model is a generalization of the integer order in an autoregressive integral moving average (ARIMA) model.…”

Section: B Modeling Of the Goose Network Trafficmentioning

confidence: 99%

“…Analysis of the GOOSE network traffic using relevant invariants of the communication network presented in [33] shows presence of Long-Range Dependency (LRD) characteristics [7] that can modeled using a state-space representation of an ARFIMA model as presented in Section II-B. In the present section, estimation of the parameter vector of the considered model is tackled.…”

Section: Estimation Of the Considered Modelmentioning

confidence: 99%

“…1) Analysis and modeling of the network traffic: Analysis of the characteristics of the network traffic in IEC 61850 substations show presence of Long-Range Dependency (LRD) properties that can be described by an ARFIMA model [7] to represent the network x est [k]. An ARFIMA model is an extension of the autoregressive fractionally integrated moving average (ARIMA) model that allows use of non-integer values of the differencing parameter d. More details can be found in the pioneer works of [37] and [38].…”

Section: B Description Of Eda4gnetmentioning

confidence: 99%

“…Denial of Service (DoS) attacks resulting from GOOSE poisoning attacks are a considerable threat to the availability of the data [7]. To counter it, use of Intrusion Detection System (IDS) is suggested in the IEC 62351 standard where different recommendations to enhance the security of smart grids including electrical substations, are presented.…”

Section: Introductionmentioning

confidence: 99%

“…Third, to the best of our knowledge, none of the existing work proposes an early anomaly detection approach of GOOSE attacks in IEC 61850 substations. In fact, the model in [7] corresponds to an accurate representation of the network in IEC 61850. However it cannot provide an early detection of advanced DoS attacks since j-step ahead predictions cannot be computed from the proposed model.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Early Attack Detection for Securing GOOSE Network Traffic

Elbez

Nahrstedt

Hagenmeyer

2024

IEEE Trans. Smart Grid

Self Cite

View full text Add to dashboard Cite

The requirements for the security of the network communication in critical infrastructures have been more focused on the availability of the data rather than the integrity and the confidentiality. The availability of communication in IEC 61850 substations can be hindered by Generic Object Oriented Substation Event (GOOSE) poisoning attacks that might result in threats such as Denial of Service (DoS) or flooding attacks. In order to accurately detect similar attacks, a novel method for the Early Detection of Attacks for GOOSE Network Traffic (EDA4GNeT) is developed in the present work. The EDA4GNeT method considers the dynamic behavior of network traffic in electrical substations. A mathematical modeling of GOOSE network traffic is adopted for the anomaly detection based on statistical hypothesis testing. The developed mathematical model of the communication traffic can also support the management of the network architecture in IEC 61850 substations based on appropriate performance studies. To test the novel anomaly detection method and compare the obtained results with related works found in the literature, a simulation of a DoS attack against a 66/11 kV substation with several experiments is used as a case study.

show abstract

Section: B Modeling Of the Goose Network Trafficmentioning

confidence: 99%

Section: Estimation Of the Considered Modelmentioning

confidence: 99%

Section: B Description Of Eda4gnetmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Early Attack Detection for Securing GOOSE Network Traffic

Elbez

Nahrstedt

Hagenmeyer

2024

IEEE Trans. Smart Grid

Self Cite

View full text Add to dashboard Cite

show abstract

Anomaly and intrusion detection systems for smart grids

Abasıkeleş-Turgut,

Daş

2025

Cyber Security Solutions for Protecting and Building the Future Smart Grid

View full text Add to dashboard Cite

Smart Substation Communications and Cybersecurity: A Comprehensive Survey

Gaspar

Cruz

Lam

et al. 2023

IEEE Commun. Surv. Tutorials

View full text Add to dashboard Cite

Electrical grids generate, transport, distribute and deliver electrical power to consumers through a complex Critical Infrastructure which progressively shifted from an air-gaped to a connected architecture. Specifically, Smart Substations are important parts of Smart Grids, providing switching, transforming, monitoring, metering and protection functions to offer a safe, efficient and reliable distribution of electrical power to consumers. The evolution of electrical power grids was closely followed by the digitization of all its parts and improvements in communication and computing infrastructures, leading to an evolution towards digital smart substations with improved connectivity. However, connected smart substations are exposed to cyber threats which can result in blackouts and faults which may propagate in a chain reaction and damage electrical appliances connected across the electrical grid. This work organizes and offers a comprehensive review of architectural, communications and cybersecurity standards for smart substations, complemented by a threat landscape analysis and the presentation of a Defense-in-Depth strategy blueprint. Furthermore, this work examines several defense mechanisms documented in the literature, existing datasets, testbeds and evaluation methodologies, identifying the most relevant open issues which may guide and inspire future research work.

show abstract

Detection of DoS Attacks Using ARFIMA Modeling of GOOSE Communication in IEC 61850 Substations

Cited by 9 publications

References 40 publications

Early Attack Detection for Securing GOOSE Network Traffic

Early Attack Detection for Securing GOOSE Network Traffic

Anomaly and intrusion detection systems for smart grids

Smart Substation Communications and Cybersecurity: A Comprehensive Survey

Contact Info

Product

Resources

About