论文信息 - An Efficient Behavior-based Intrusion Detection System Using OC-ELM for Intelligent Substation in Smart Grid

An Efficient Behavior-based Intrusion Detection System Using OC-ELM for Intelligent Substation in Smart Grid

Generic Object Oriented Substation Events (GOOSE), as an essential component of IEC 61850 communication standard, plays an important role in intelligent substation. Any abnormal change of GOOSE field values could cause substation automatic system failures, incorrect switching, or physical damages in the field devices, which will result in probably catastrophic losses. To mitigate the risks caused by vulnerabilities of GOOSE protocol, a behavior-based intrusion detection system is proposed. Different from the existing proposed approaches, considering there is no attack traffic in intelligent substation network so far, one class classifier is used to model the normal behaviors. Compared to the existing approaches, it can usually detect much more complex attacks. To specify the proposed system, when giving a GOOSE message, we first convert it into a feature vector with a specific approach. Considering only normal GOOSE messages are given, One Class classifier with Extreme Learning Machine (OC-ELM) is used to model the information embedded in the normal training set. Extensive experiments demonstrate the efficiency and effectiveness of the proposed intrusion detection system.

Yu Fu | Jian-Wei Tian | Wan-Peng Yin | Yin-Qiao Xiong

[1] Chi-Ho Tsang,et al. Multi-agent intrusion detection system in industrial network using ant colony clustering approach and unsupervised feature extraction , 2005, 2005 IEEE International Conference on Industrial Technology.

[2] Jun Miao,et al. One-Class Classification with Extreme Learning Machine , 2015 .

[3] N. R. Goodman. Statistical analysis based on a certain multivariate complex Gaussian distribution , 1963 .

[4] Chen-Ching Liu,et al. Integrated Anomaly Detection for cyber security of the substations , 2014 .

[5] Richard O. Duda,et al. Pattern classification and scene analysis , 1974, A Wiley-Interscience publication.

[6] Paul Geladi,et al. Principal Component Analysis , 1987, Comprehensive Chemometrics.

[7] Timothy X. Brown,et al. Exploiting the GOOSE protocol: A practical attack on cyber-infrastructure , 2012, 2012 IEEE Globecom Workshops.

[8] Huy Kang Kim,et al. A behavior-based intrusion detection technique for smart grid infrastructure , 2015, 2015 IEEE Eindhoven PowerTech.

[9] Ejaz Ahmed,et al. Poisoned GOOSE: Exploiting the GOOSE Protocol , 2014, AISC.

[10] Aruna Tiwari,et al. On the construction of extreme learning machine for online and offline one-class classification - An expanded toolbox , 2017, Neurocomputing.