IDEAS home Printed from https://ideas.repec.org/a/gam/jeners/v13y2020i19p5176-d423861.html
   My bibliography  Save this article

Detection of DoS Attacks Using ARFIMA Modeling of GOOSE Communication in IEC 61850 Substations

Author

Listed:
  • Ghada Elbez

    (Institute of Automation and Applied Informatics (IAI), Karlsruhe Institute of Technology (KIT), Hermann-von-Helmholtz-Platz 1, 76344 Eggenstein-Leopoldshafen, Germany)

  • Hubert B. Keller

    (Institute of Automation and Applied Informatics (IAI), Karlsruhe Institute of Technology (KIT), Hermann-von-Helmholtz-Platz 1, 76344 Eggenstein-Leopoldshafen, Germany)

  • Atul Bohara

    (Information Trust Institute (ITI), University of Illinois at Urbana-Champaign (UIUC), 1206 W Clark St, Urbana, IL 61801, USA)

  • Klara Nahrstedt

    (Information Trust Institute (ITI), University of Illinois at Urbana-Champaign (UIUC), 1206 W Clark St, Urbana, IL 61801, USA)

  • Veit Hagenmeyer

    (Institute of Automation and Applied Informatics (IAI), Karlsruhe Institute of Technology (KIT), Hermann-von-Helmholtz-Platz 1, 76344 Eggenstein-Leopoldshafen, Germany)

Abstract

Integration of Information and Communication Technology (ICT) in modern smart grids (SGs) offers many advantages including the use of renewables and an effective way to protect, control and monitor the energy transmission and distribution. To reach an optimal operation of future energy systems, availability, integrity and confidentiality of data should be guaranteed. Research on the cyber-physical security of electrical substations based on IEC 61850 is still at an early stage. In the present work, we first model the network traffic data in electrical substations, then, we present a statistical Anomaly Detection (AD) method to detect Denial of Service (DoS) attacks against the Generic Object Oriented Substation Event (GOOSE) network communication. According to interpretations on the self-similarity and the Long-Range Dependency (LRD) of the data, an Auto-Regressive Fractionally Integrated Moving Average (ARFIMA) model was shown to describe well the GOOSE communication in the substation process network. Based on this ARFIMA-model and in view of cyber-physical security, an effective model-based AD method is developed and analyzed. Two variants of the statistical AD considering statistical hypothesis testing based on the Generalized Likelihood Ratio Test (GLRT) and the cumulative sum (CUSUM) are presented to detect flooding attacks that might affect the availability of the data. Our work presents a novel AD method, with two different variants, tailored to the specific features of the GOOSE traffic in IEC 61850 substations. The statistical AD is capable of detecting anomalies at unknown change times under the realistic assumption of unknown model parameters. The performance of both variants of the AD method is validated and assessed using data collected from a simulation case study. We perform several Monte-Carlo simulations under different noise variances. The detection delay is provided for each detector and it represents the number of discrete time samples after which an anomaly is detected. In fact, our statistical AD method with both variants (CUSUM and GLRT) has around half the false positive rate and a smaller detection delay when compared with two of the closest works found in the literature. Our AD approach based on the GLRT detector has the smallest false positive rate among all considered approaches. Whereas, our AD approach based on the CUSUM test has the lowest false negative rate thus the best detection rate. Depending on the requirements as well as the costs of false alarms or missed anomalies, both variants of our statistical detection method can be used and are further analyzed using composite detection metrics.

Suggested Citation

  • Ghada Elbez & Hubert B. Keller & Atul Bohara & Klara Nahrstedt & Veit Hagenmeyer, 2020. "Detection of DoS Attacks Using ARFIMA Modeling of GOOSE Communication in IEC 61850 Substations," Energies, MDPI, vol. 13(19), pages 1-27, October.
    • Handle: RePEc:gam:jeners:v:13:y:2020:i:19:p:5176-:d:423861
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1996-1073/13/19/5176/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/1996-1073/13/19/5176/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. John Haslett & Adrian E. Raftery, 1989. "Space‐Time Modelling with Long‐Memory Dependence: Assessing Ireland's Wind Power Resource," Journal of the Royal Statistical Society Series C, Royal Statistical Society, vol. 38(1), pages 1-21, March.
    2. Benoit B. Mandelbrot, 1972. "Statistical Methodology for Nonperiodic Cycles: From the Covariance To R/S Analysis," NBER Chapters, in: Annals of Economic and Social Measurement, Volume 1, number 3, pages 259-290, National Bureau of Economic Research, Inc.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Taha Selim Ustun, 2022. "Cybersecurity in Smart Grids," Energies, MDPI, vol. 15(15), pages 1-3, July.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Francisco Gerardo Benavides-Bravo & Dulce Martinez-Peon & Ángela Gabriela Benavides-Ríos & Otoniel Walle-García & Roberto Soto-Villalobos & Mario A. Aguirre-López, 2021. "A Climate-Mathematical Clustering of Rainfall Stations in the Río Bravo-San Juan Basin (Mexico) by Using the Higuchi Fractal Dimension and the Hurst Exponent," Mathematics, MDPI, vol. 9(21), pages 1-11, October.
    2. Erhard Reschenhofer & Manveer K. Mangat, 2021. "Fast computation and practical use of amplitudes at non-Fourier frequencies," Computational Statistics, Springer, vol. 36(3), pages 1755-1773, September.
    3. Bariviera, Aurelio F. & Font-Ferrer, Alejandro & Sorrosal-Forradellas, M. Teresa & Rosso, Osvaldo A., 2019. "An information theory perspective on the informational efficiency of gold price," The North American Journal of Economics and Finance, Elsevier, vol. 50(C).
    4. Barkoulas, John T. & Baum, Christopher F., 1996. "Long-term dependence in stock returns," Economics Letters, Elsevier, vol. 53(3), pages 253-259, December.
    5. Gil-Alana, L.A., 2006. "Fractional integration in daily stock market indexes," Review of Financial Economics, Elsevier, vol. 15(1), pages 28-48.
    6. Yamamoto, Ryuichi, 2019. "Dynamic Predictor Selection And Order Splitting In A Limit Order Market," Macroeconomic Dynamics, Cambridge University Press, vol. 23(5), pages 1757-1792, July.
    7. Les Oxley & Chris Price & William Rea & Marco Reale, 2008. "A New Procedure to Test for H Self-Similarity," Working Papers in Economics 08/16, University of Canterbury, Department of Economics and Finance.
    8. Vasile Brătian & Ana-Maria Acu & Camelia Oprean-Stan & Emil Dinga & Gabriela-Mariana Ionescu, 2021. "Efficient or Fractal Market Hypothesis? A Stock Indexes Modelling Using Geometric Brownian Motion and Geometric Fractional Brownian Motion," Mathematics, MDPI, vol. 9(22), pages 1-20, November.
    9. Juan Benjamin Duarte Duarte & Leonardo Hernán Talero Sarmiento & Katherine Julieth Sierra Suárez, 2017. "Evaluación del efecto de la psicología del inversionista en un mercado bursátil artificial mediante su grado de eficiencia," Contaduría y Administración, Accounting and Management, vol. 62(4), pages 1345-1360, Octubre-D.
    10. Serletis, Apostolos & Rosenberg, Aryeh Adam, 2009. "Mean reversion in the US stock market," Chaos, Solitons & Fractals, Elsevier, vol. 40(4), pages 2007-2015.
    11. Renzo Pardo Figueroa & Gabriel Rodríguez, 2014. "Distinguishing between True and Spurious Long Memory in the Volatility of Stock Market Returns in Latin America," Documentos de Trabajo / Working Papers 2014-395, Departamento de Economía - Pontificia Universidad Católica del Perú.
    12. A. Gómez-Águila & J. E. Trinidad-Segovia & M. A. Sánchez-Granero, 2022. "Improvement in Hurst exponent estimation and its application to financial markets," Financial Innovation, Springer;Southwestern University of Finance and Economics, vol. 8(1), pages 1-21, December.
    13. Denis Conniffe & John E. Spencer, 2000. "Approximating the Distribution of the R/s Statistic," The Economic and Social Review, Economic and Social Studies, vol. 31(3), pages 237-248.
    14. Mulligan, Robert F., 2010. "A fractal comparison of real and Austrian business cycle models," Physica A: Statistical Mechanics and its Applications, Elsevier, vol. 389(11), pages 2244-2267.
    15. Aslan, Aylin & Sensoy, Ahmet, 2020. "Intraday efficiency-frequency nexus in the cryptocurrency markets," Finance Research Letters, Elsevier, vol. 35(C).
    16. Amanda S. Hering & Karen Kazor & William Kleiber, 2015. "A Markov-Switching Vector Autoregressive Stochastic Wind Generator for Multiple Spatial and Temporal Scales," Resources, MDPI, vol. 4(1), pages 1-23, February.
    17. Hela Mzoughi & Faysal Mansouri, 2013. "Computing risk measures for non-normal asset returns using Copula theory," The Empirical Econometrics and Quantitative Economics Letters, Faculty of Economics, Chiang Mai University, vol. 2(1), pages 59-70, March.
    18. Bariviera, Aurelio F. & Fabregat-Aibar, Laura & Sorrosal-Forradellas, Maria-Teresa, 2023. "Disentangling the impact of economic and health crises on financial markets," Research in International Business and Finance, Elsevier, vol. 65(C).
    19. Goddard, John & Onali, Enrico, 2012. "Self-affinity in financial asset returns," International Review of Financial Analysis, Elsevier, vol. 24(C), pages 1-11.
    20. Assaf, Ata, 2016. "MENA stock market volatility persistence: Evidence before and after the financial crisis of 2008," Research in International Business and Finance, Elsevier, vol. 36(C), pages 222-240.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jeners:v:13:y:2020:i:19:p:5176-:d:423861. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.