{"title":"IEC61850自动化变电站入侵检测的可能性决策树","authors":"U. Premaratne, C. Ling, J. Samarabandu, T. Sidhu","doi":"10.1109/ICIINFS.2009.5429863","DOIUrl":null,"url":null,"abstract":"This paper details the use of possibilistic decision trees for a lightweight Intrusion Detection System (IDS) to be used in Intelligent Electronic Devices (IEDs) of IEC61850 automated electric substations. Traffic data is captured by performing simulated attacks on IEDs. Data is obtained for two types of genuine user activity and two types of common malicious attacks on IEDs. The genuine user activity includes, casual browsing of IED data and downloading of IED data while a Ping flood Denial of Service (DoS) and password crack attack are performed for malicious attacks. Classification is done using possibilistic decision trees for the logarithmic histogram of the time difference between the arrival of two consecutive packets. The main contribution of this paper is the use of non-specificity for obtaining a continuous valued possibilistic decision tree and its cut points. It also includes the use of mean distance metrics to obtain the possibility distribution for the real attack data.","PeriodicalId":117199,"journal":{"name":"2009 International Conference on Industrial and Information Systems (ICIIS)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"Possibilistic decision trees for Intrusion Detection in IEC61850 automated substations\",\"authors\":\"U. Premaratne, C. Ling, J. Samarabandu, T. Sidhu\",\"doi\":\"10.1109/ICIINFS.2009.5429863\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper details the use of possibilistic decision trees for a lightweight Intrusion Detection System (IDS) to be used in Intelligent Electronic Devices (IEDs) of IEC61850 automated electric substations. Traffic data is captured by performing simulated attacks on IEDs. Data is obtained for two types of genuine user activity and two types of common malicious attacks on IEDs. The genuine user activity includes, casual browsing of IED data and downloading of IED data while a Ping flood Denial of Service (DoS) and password crack attack are performed for malicious attacks. Classification is done using possibilistic decision trees for the logarithmic histogram of the time difference between the arrival of two consecutive packets. The main contribution of this paper is the use of non-specificity for obtaining a continuous valued possibilistic decision tree and its cut points. It also includes the use of mean distance metrics to obtain the possibility distribution for the real attack data.\",\"PeriodicalId\":117199,\"journal\":{\"name\":\"2009 International Conference on Industrial and Information Systems (ICIIS)\",\"volume\":\"6 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 International Conference on Industrial and Information Systems (ICIIS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICIINFS.2009.5429863\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 International Conference on Industrial and Information Systems (ICIIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICIINFS.2009.5429863","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Possibilistic decision trees for Intrusion Detection in IEC61850 automated substations
This paper details the use of possibilistic decision trees for a lightweight Intrusion Detection System (IDS) to be used in Intelligent Electronic Devices (IEDs) of IEC61850 automated electric substations. Traffic data is captured by performing simulated attacks on IEDs. Data is obtained for two types of genuine user activity and two types of common malicious attacks on IEDs. The genuine user activity includes, casual browsing of IED data and downloading of IED data while a Ping flood Denial of Service (DoS) and password crack attack are performed for malicious attacks. Classification is done using possibilistic decision trees for the logarithmic histogram of the time difference between the arrival of two consecutive packets. The main contribution of this paper is the use of non-specificity for obtaining a continuous valued possibilistic decision tree and its cut points. It also includes the use of mean distance metrics to obtain the possibility distribution for the real attack data.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
