Evidence Theory based Decision Fusion for Masquerade Detection in IEC61850 Automated Substations

This paper details the use of decision fusion from the outputs of different types of classifiers used for analyzing network traffic to detect masquerading within an IEC61850 automated substation. Data on network traffic is collected under simulated scenarios of a genuine user casually browsing data and an attacker rapidly downloading restricted data. The logarithm of the time difference between two successive packets is calculated and the histogram of this is used for classification using support vector machines and nearest neighbor classifiers. Decision fusion of the outputs of the best classifiers is done using evidence theory and possibility theory in order to reduce the number of input data and increase the reliability.

[1]  S. Evans,et al.  Risk-based security engineering through the eyes of the adversary , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[2]  T.S. Sidhu,et al.  Control and automation of power system substation using IEC61850 communication , 2005, Proceedings of 2005 IEEE Conference on Control Applications, 2005. CCA 2005..

[3]  A. Karr,et al.  Computer Intrusion: Detecting Masquerades , 2001 .

[4]  Roy A. Maxion,et al.  Masquerade detection augmented with error analysis , 2004, IEEE Transactions on Reliability.

[5]  G.N. Ericsson,et al.  Management of information security for an electric power Utility-on security domains and use of ISO/IEC17799 standard , 2005, IEEE Transactions on Power Delivery.

[6]  L. Zadeh Fuzzy sets as a basis for a theory of possibility , 1999 .

[7]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[8]  Pierre Borne,et al.  Modeling of reliability with possibility theory , 1998, IEEE Trans. Syst. Man Cybern. Part A.

[9]  R.E. Mackiewicz,et al.  Overview of IEC 61850 and Benefits , 2006, 2005/2006 IEEE/PES Transmission and Distribution Conference and Exhibition.

[10]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .