Real-time detection of insider attacks on substation automation systems using short length orthogonal wavelet filters and OPAL-RT

IF 5 2区 工程技术 Q1 ENGINEERING, ELECTRICAL & ELECTRONIC
M. Oinonen, W.G. Morsi
{"title":"Real-time detection of insider attacks on substation automation systems using short length orthogonal wavelet filters and OPAL-RT","authors":"M. Oinonen,&nbsp;W.G. Morsi","doi":"10.1016/j.ijepes.2024.110311","DOIUrl":null,"url":null,"abstract":"<div><div>Substation Automation Systems (SASs) integrate communication networks with physical equipment and are vulnerable to cyberattacks. A subset of these attacks, namely Insider attacks, are launched from knowledgeable insiders and therefore they are typically difficult to detect. This paper presents a new method for detecting and classifying Insider cyberattacks as well as power disturbances on SASs using short-length orthogonal wavelet filters in real-time using an OPAL-Real-Time (OPAL-RT) simulator. An Intrusion Detection System (IDS) is proposed in which custom-designed wavelet filters of short length are developed to better extract both the network and physical data of the SASs into time–frequency spectrograms. The advantage of using the short length filters is to provide fast detection of these time-sensitive Insider attacks and disturbances in real-time, which is a key requirement for mitigation to be possible. The generated spectrograms are fed to a Convolutional Neural Network (CNN) that automates the classification process. An experimental dataset is developed from real-time testing using OPAL-RT that implements several types of cyberattacks including Insider attacks and other popular attacks such as Denial-of-Service and False Data Injection as well as challenging attacks such as Replay and Message Suppression attacks. The results of experimentally testing the proposed method in real-time using OPAL-RT demonstrate that the use of the short-length custom-designed orthogonal wavelet filters achieves a detection accuracy of 97.37 % compared to other methods as well as a low runtime of 33.786 ms.</div></div>","PeriodicalId":50326,"journal":{"name":"International Journal of Electrical Power & Energy Systems","volume":"162 ","pages":"Article 110311"},"PeriodicalIF":5.0000,"publicationDate":"2024-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Electrical Power & Energy Systems","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0142061524005349","RegionNum":2,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}
引用次数: 0

Abstract

Substation Automation Systems (SASs) integrate communication networks with physical equipment and are vulnerable to cyberattacks. A subset of these attacks, namely Insider attacks, are launched from knowledgeable insiders and therefore they are typically difficult to detect. This paper presents a new method for detecting and classifying Insider cyberattacks as well as power disturbances on SASs using short-length orthogonal wavelet filters in real-time using an OPAL-Real-Time (OPAL-RT) simulator. An Intrusion Detection System (IDS) is proposed in which custom-designed wavelet filters of short length are developed to better extract both the network and physical data of the SASs into time–frequency spectrograms. The advantage of using the short length filters is to provide fast detection of these time-sensitive Insider attacks and disturbances in real-time, which is a key requirement for mitigation to be possible. The generated spectrograms are fed to a Convolutional Neural Network (CNN) that automates the classification process. An experimental dataset is developed from real-time testing using OPAL-RT that implements several types of cyberattacks including Insider attacks and other popular attacks such as Denial-of-Service and False Data Injection as well as challenging attacks such as Replay and Message Suppression attacks. The results of experimentally testing the proposed method in real-time using OPAL-RT demonstrate that the use of the short-length custom-designed orthogonal wavelet filters achieves a detection accuracy of 97.37 % compared to other methods as well as a low runtime of 33.786 ms.
利用短长正交小波滤波器和 OPAL-RT 实时检测变电站自动化系统的内部攻击
变电站自动化系统 (SAS) 将通信网络与物理设备集成在一起,很容易受到网络攻击。这些攻击的一个子集,即内部攻击,是由见多识广的内部人员发起的,因此通常很难被检测到。本文提出了一种新方法,利用 OPAL-Real-Time (OPAL-RT) 模拟器,使用短长正交小波滤波器实时检测 SAS 上的内部网络攻击和电力干扰,并对其进行分类。我们提出了一种入侵检测系统 (IDS),其中开发了定制设计的短小波滤波器,以更好地将 SAS 的网络和物理数据提取到时频谱图中。使用短小波滤波器的好处是可以实时快速地检测到这些对时间敏感的内幕攻击和干扰,而这正是采取缓解措施的关键要求。生成的频谱图被送入卷积神经网络(CNN),从而自动完成分类过程。利用 OPAL-RT 实时测试开发了一个实验数据集,该数据集实现了多种类型的网络攻击,包括内部攻击和其他流行攻击(如拒绝服务和虚假数据注入),以及具有挑战性的攻击(如重播和信息抑制攻击)。使用 OPAL-RT 对所提出的方法进行实时实验测试的结果表明,与其他方法相比,使用定制设计的短长正交小波滤波器可实现 97.37 % 的检测准确率,并且运行时间仅为 33.786 毫秒。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
International Journal of Electrical Power & Energy Systems
International Journal of Electrical Power & Energy Systems 工程技术-工程:电子与电气
CiteScore
12.10
自引率
17.30%
发文量
1022
审稿时长
51 days
期刊介绍: The journal covers theoretical developments in electrical power and energy systems and their applications. The coverage embraces: generation and network planning; reliability; long and short term operation; expert systems; neural networks; object oriented systems; system control centres; database and information systems; stock and parameter estimation; system security and adequacy; network theory, modelling and computation; small and large system dynamics; dynamic model identification; on-line control including load and switching control; protection; distribution systems; energy economics; impact of non-conventional systems; and man-machine interfaces. As well as original research papers, the journal publishes short contributions, book reviews and conference reports. All papers are peer-reviewed by at least two referees.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信