Early Attack Detection for Securing GOOSE Network Traffic

Smart grid technology drives economic and social development but raises vulnerability to cyber threats due to digital substations' growing reliance. To counter these risks, recent updates to communication standards, including encryption and authentication processes, have been integrated into the infrastructure. Notably, adhering to the IEC 62351 standard governing the GOOSE protocol for substation communication faces practical challenges due to conflicting time requirements with traditional security procedures. In this paper, we present an innovative geometric approach for GOOSE message authentication and encryption. Utilizing vector coordinate shifts, our method excels in efficiency and speed of implementation, ensuring compliance with the protocol's stringent time constraints. Importantly, unlike other approaches in the literature, our technique has the potential to be easily applicable and effective for a wide range of infrastructures without requiring the use or addition of specific hardware components or changes to the GOOSE message format, while guaranteeing high performances and computational simplicity. The paper is complemented by a simulation campaign on a digital substation model, assessing the approach's performance and its efficacy in countering cyber threats.

show abstract

Detecção On-line e Antecipada de Ataques à Rede usando Matrix Profile

Abreu,

Abelém

2024

Anais Do XLII Simpósio Brasileiro De Redes De Computadores E Sistemas Distribuídos (SBRC 2024)

View full text Add to dashboard Cite

Na era digital, a crescente sofisticação e variedade de ameaças cibernéticas destacam a importância de fortalecer a cibersegurança para proteger as redes atuais. Este estudo propõe uma abordagem para a detecção antecipada de ataques, utilizando a técnica Matrix Profile (MP) para analisar de forma online fluxos de dados de rede como séries temporais. Este método concentra-se na identificação de anomalias na rede como indicadores de ataques de rede, abordando as limitações dos sistemas de Aprendizado de Máquina existentes que dependem predominantemente de treinamento offline e têm dificuldades em reconhecer padrões de ataques novos ou não treinados. Nossa proposta foi avaliada em diversos cenários de ataque, demonstrando métricas de desempenho superiores quando comparado com métodos tradicionais como CUSUM, EWMA e ARIMA.

show abstract

Early Attack Detection for Securing GOOSE Network Traffic

Cited by 3 publications

References 43 publications

Comprehensive Analysis and Future Outlook of Planning and Operation Approaches for Multicarrier Energy Systems Under the Integrated Local Energy Community Concept

Comprehensive Analysis and Future Outlook of Planning and Operation Approaches for Multicarrier Energy Systems Under the Integrated Local Energy Community Concept

A Geometrical Approach to Enhance Security Against Cyber Attacks in Digital Substations

Detecção On-line e Antecipada de Ataques à Rede usando Matrix Profile

Contact Info

Product

Resources

About