ERENO: A Framework for Generating Realistic IEC–61850 Intrusion Detection Datasets for Smart Grids

IF 4.7 2区化学 Q2 MATERIALS SCIENCE, MULTIDISCIPLINARY ACS Applied Polymer Materials Pub Date : 2024-07-01 DOI:10.1109/TDSC.2023.3336857

Silvio E. Quincozes, Célio Albuquerque, Diego G. Passos, Daniel Mossé

{"title":"ERENO: A Framework for Generating Realistic IEC–61850 Intrusion Detection Datasets for Smart Grids","authors":"Silvio E. Quincozes, Célio Albuquerque, Diego G. Passos, Daniel Mossé","doi":"10.1109/TDSC.2023.3336857","DOIUrl":null,"url":null,"abstract":"Connected and digital electricity substations based on IEC–61850 standards enable novel applications. On the other hand, such connectivity also creates an extended attack surface. Therefore, Intrusion Detection Systems (IDSs) have become an essential component of safeguarding substations from malicious activities. However, in contrast to traditional information technology systems, there is a serious lack of realistic data for training, testing, and evaluating IDSs in smart grid scenarios. Many existing substation IDSs rely on datasets from other contexts or on proprietary datasets that do not allow reproducibility, validation, or performance comparison with competing algorithms. To address this issue, we propose the Efficacious Reproducer Engine for Network Operations (ERENO) synthetic traffic generation framework based on the IEC–61850 standard specifications. As an additional contribution, and as a proof-of-concept, we create and make available a suite of realistic IEC–61850 datasets that model 8 use cases, namely traffic for seven common attacks and one for normal network traffic. Based on those datasets, we further evaluate how enriched features combining raw data from the substation can significantly improve intrusion detection performance. Our results suggest that it can improve F1-Score up to 47.22% for masquerade attacks.","PeriodicalId":7,"journal":{"name":"ACS Applied Polymer Materials","volume":"65 8","pages":"3851-3865"},"PeriodicalIF":4.7000,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACS Applied Polymer Materials","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1109/TDSC.2023.3336857","RegionNum":2,"RegionCategory":"化学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"MATERIALS SCIENCE, MULTIDISCIPLINARY","Score":null,"Total":0}

引用次数: 3

Abstract

Connected and digital electricity substations based on IEC–61850 standards enable novel applications. On the other hand, such connectivity also creates an extended attack surface. Therefore, Intrusion Detection Systems (IDSs) have become an essential component of safeguarding substations from malicious activities. However, in contrast to traditional information technology systems, there is a serious lack of realistic data for training, testing, and evaluating IDSs in smart grid scenarios. Many existing substation IDSs rely on datasets from other contexts or on proprietary datasets that do not allow reproducibility, validation, or performance comparison with competing algorithms. To address this issue, we propose the Efficacious Reproducer Engine for Network Operations (ERENO) synthetic traffic generation framework based on the IEC–61850 standard specifications. As an additional contribution, and as a proof-of-concept, we create and make available a suite of realistic IEC–61850 datasets that model 8 use cases, namely traffic for seven common attacks and one for normal network traffic. Based on those datasets, we further evaluate how enriched features combining raw data from the substation can significantly improve intrusion detection performance. Our results suggest that it can improve F1-Score up to 47.22% for masquerade attacks.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

ERENO：为智能电网生成真实 IEC-61850 入侵检测数据集的框架

基于 IEC-61850 标准的互联和数字化变电站可实现新颖的应用。另一方面，这种连接性也扩大了攻击面。因此，入侵检测系统（IDS）已成为保护变电站免受恶意活动攻击的重要组成部分。然而，与传统的信息技术系统相比，智能电网场景中严重缺乏用于培训、测试和评估 IDS 的真实数据。许多现有的变电站 IDS 依赖于其他环境下的数据集或专有数据集，这些数据集无法与竞争算法进行再现、验证或性能比较。为解决这一问题，我们提出了基于 IEC-61850 标准规范的网络运行有效再现引擎（ERENO）合成流量生成框架。作为额外的贡献和概念验证，我们创建并提供了一套真实的 IEC-61850 数据集，其中模拟了 8 种使用情况，即七种常见攻击的流量和一种正常网络流量。基于这些数据集，我们进一步评估了结合变电站原始数据的丰富特征如何显著提高入侵检测性能。结果表明，对于伪装攻击，F1-Score 最高可提高 47.22%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

ACS Applied Polymer Materials Multiple-

CiteScore

7.20

自引率

6.00%

发文量

810

期刊介绍： ACS Applied Polymer Materials is an interdisciplinary journal publishing original research covering all aspects of engineering, chemistry, physics, and biology relevant to applications of polymers. The journal is devoted to reports of new and original experimental and theoretical research of an applied nature that integrates fundamental knowledge in the areas of materials, engineering, physics, bioscience, polymer science and chemistry into important polymer applications. The journal is specifically interested in work that addresses relationships among structure, processing, morphology, chemistry, properties, and function as well as work that provide insights into mechanisms critical to the performance of the polymer for applications.

期刊最新文献

Issue Publication Information Issue Editorial Masthead Thermally Responsive Multi-Spiral-Shaped Liquid Crystal Elastic Artificial Muscle Stress-Driven Nanostructural Evolution and Its Impact on Hydrogen Diffusion in PE and PA6 Dipole Interactions as a Driving Force in Applied Polyelectrolyte Materials