| With the development of technology,the automation and intelligent degree of power system are continuously improved.The security of smart power grid as the infrastructure of the country is becoming more and more important.As the core of smart grid,intelligent substation faces serious security challenges.The security of Smart Substation is largely determined by its network communication protocol IEC 61850.The IEC 61850 standard uses three different protocols to provide communication services.Among them,GOOSE message transmission control signal and critical state information of IED(Intelligent Electronic Device),such as: tripping,remote control,remote signal acquisition,telemetry acquisition,etc.GOOSE attacks,once successful,will damage IEDs of substations,then lead to huge economic losses.It even allows attackers subsequently to control the behavior of substations,causing blackouts and other serious consequences.Because of the high real-time requirements of GOOSE protocol,it is difficult to use identity authentication or encryption technology to improve the security of network.At present,the GOOSE protocol for transmitting critical signals in the process layer network of intelligent substation lack security protection measures.In view of this situation,this paper proposes two intrusion detection methods for GOOSE protocol in the process layer network of intelligent substation.These methods are feature based intrusion detection methods and behavior based intrusion detection methods.The feature based intrusion detection methods determines the state of GOOSE message in normal condition,and then generates detection rules and detection model through protocol analysis.Intrusion detection system can detect the message in the intelligent substation network by using those detection rules and detection model.The method can detect the process layer message of the Smart Substation in real time,effectively detect the copied and fake GOOSE packets,and will not appear false positives.The behavior based intrusion detection methods different from the existing proposed approaches,considering there is few attack traffic in intelligent substation network so far,one class classifier is used to model the normal behaviors.Compared to the existing approaches,it can usually detect much more complex attacks.To specify the proposed system,when giving a GOOSE message,we first convert it into a feature vector with a specific approach.Considering only normal GOOSE messages are given,One Class Classifier with Extreme Learning Machine(OC-ELM)is used to model the information embedded in the normal training set.Extensive experiments demonstrate the efficiency and effectiveness of the proposed intrusion detection system. |
PDF Full Text Request