Adquisición de tráfico de red en demostrador de subestación eléctrica

Pablo Baltuille Puente; Jose Miguel Santos Puente; Daniel Pérez López; Serafín Alonso Castro; Juan José Fuertes Martínez; Manuel Domínguez González

doi:10.17979/ja-cea.2025.46.12126

Autores/as

Pablo Baltuille Puente Universidad de León https://orcid.org/0009-0009-9400-6764
Jose Miguel Santos Puente Universidad de León https://orcid.org/0009-0000-9578-1732
Daniel Pérez López Universidad de León https://orcid.org/0000-0002-2173-3364
Serafín Alonso Castro Universidad de León https://orcid.org/0000-0003-3467-4938
Juan José Fuertes Martínez Universidad de León https://orcid.org/0000-0001-9023-0341
Manuel Domínguez González Universidad de León https://orcid.org/0000-0002-3921-1599

DOI:

https://doi.org/10.17979/ja-cea.2025.46.12126

Palabras clave:

Subestaciones eléctricas, Ciberseguridad, Detección de anomalías, IEC61850, IEC60870

Resumen

En este artículo se presenta una metodología orientada a la adquisición de conjuntos de datos de tráfico de red, tanto normal como anómalo, en sistemas de automatización y control de subestaciones eléctricas digitales. El enfoque se centra en los protocolos comúnmente utilizados en estas plataformas --IEC61850 GOOSE y SV, PTP, IEC60870-5-104 y SNTP-- y se desarrolla en un entorno controlado con dispositivos representativos, como un controlador de bahía, relés de protección, sistema SCADA, etc. Sobre esta infraestructura se ejecuta un conjunto de experiencias planificadas que reproducen el funcionamiento normal de una subestación y se introducen ataques específicos para analizar su impacto. Finalmente, los datos recopilados se analizan mediante la extracción y selección de características y se organizan en flujos de datos útiles para el posterior entrenamiento de modelos.

Referencias

Adepu, S., Kandasamy, N. K., Mathur, A., 2019. Epic: An electric power testbed for research and training in cyber physical systems security. In: Computer Security: ESORICS 2018 International Workshops, CyberICPS 2018 and SECPRE 2018, Barcelona, Spain, September 6–7, 2018, Revised Selected Papers 2. Springer, pp. 37–52.

Aftab, M. A., Hussain, S. S., Ali, I., Ustun, T. S., 2020. Iec 61850 based substation automation system: A survey. International Journal of Electrical Power & Energy Systems 120, 106008.

Akbarzadeh, A., Erdodi, L., Houmb, S. H., Soltvedt, T. G., Muggerud, H. K., 2023. Attacking iec 61850 substations by targeting the ptp protocol. Electronics 12 (12). URL: https://www.mdpi.com/2079-9292/12/12/2596 DOI: 10.3390/electronics12122596

Alghamdi, W., Schukat, M., 2020a. Cyber attacks on precision time protocol networks—a case study. Electronics 9 (9). URL: https://www.mdpi.com/2079-9292/9/9/1398 DOI: 10.3390/electronics9091398

Alghamdi, W., Schukat, M., 2020b. Practical implementation of apts on ptp time synchronisation networks. In: 2020 31st Irish Signals and Systems Conference (ISSC). pp. 1–5. DOI: 10.1109/ISSC49989.2020.9180157

Arifin, M. A. S., Stiawan, D., Susanto, Rejito, J., Idris, M. Y., Budiarto, R., 2021. Denial of service attacks detection on scada network iec 60870- 5-104 using machine learning. In: 2021 8th International Conference on Electrical Engineering, Computer Science and Informatics (EECSI). pp. 228–232. DOI: 10.23919/EECSI53397.2021.9624255

Baltuille, P., Mor´an, A., Alonso, S., Prada, M. A., Fuertes, J. J., Domínguez, M., 2024. Design of a testbed for network traffic analysis in iec 61850-based traction substations. Jornadas de Automática 45. URL: https://doi.org/10.17979/ja-cea.2024.45.10920 DOI: 10.17979/ja-cea.2024.45.10920

Conti, M., Donadel, D., Turrin, F., 2021. A survey on industrial control system testbeds and datasets for security research. IEEE Communications Surveys & Tutorials 23 (4), 2248–2294.

Elgargouri, A., Elmusrati, M., 2017. Analysis of cyber-attacks on iec 61850 networks. In: 2017 IEEE 11th International Conference on Application of Information and Communication Technologies (AICT). pp. 1–4. DOI: 10.1109/ICAICT.2017.8686894

Gaspar, J., Cruz, T., Lam, C.-T., Sim˜oes, P., 2023. Smart substation communications and cybersecurity: A comprehensive survey. IEEE communications surveys & tutorials 25 (4), 2456–2493. DOI: 10.1109/COMST.2023.3305468

Hussain, S. M. S., Aftab, M. A., Farooq, S. M., Ali, I., Ustun, T. S., Konstantinou, C., 2023. An effective security scheme for attacks on sample value messages in iec 61850 automated substations. IEEE Open Access Journal of Power and Energy 10, 304–315. DOI: 10.1109/OAJPE.2023.3255790

Kush, N. S., Ahmed, E., Branagan, M., Foo, E., 2014. Poisoned goose: Exploiting the goose protocol. In: Proceedings of the Twelfth Australasian Information Security Conference (AISC 2014)[Conferences in Research and Practice in Information Technology, Volume 149]. Australian Computer Society, pp. 17–22.

Mahlous, A. R., 2024. Quantitative risk analysis of network time protocol (ntp) spoofing attacks. IEEE Access 12, 164891–164910. DOI: 10.1109/ACCESS.2024.3493759

Malhotra, A., Cohen, I. E., Brakke, E., Goldberg, S., 2015. Attacking the network time protocol. Cryptology ePrint Archive, Paper 2015/1020. URL: https://eprint.iacr.org/2015/1020 DOI: 10.14722/ndss.2016.23090

Manzoor, F., Khattar, V., Liu, C.-C., Jin, M., 2024. Zero-day attack detection in digital substations using in-context learning. In: 2024 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm). IEEE, pp. 220–225.

Pärssinen, J., Raussi, P., Noponen, S., Opas, M., Salonen, J., 2022. The digital forensics of cyber-attacks at electrical power grid substation. In: 2022 10th International Symposium on Digital Forensics and Security (ISDFS). pp. 1–6. DOI: 10.1109/ISDFS55398.2022.9800831

Radoglou-Grammatikis, P., Sarigiannidis, P., Giannoulakis, I., Kafetzakis, E., Panaousis, E., 2019. Attacking iec-60870-5-104 scada systems. In: 2019 IEEEWorld Congress on Services (SERVICES). Vol. 2642-939X. pp. 41–46. DOI: 10.1109/SERVICES.2019.00022

Roomi, M. M., Hussain, S. M. S., Mashima, D., Chang, E.-C., Ustun, T. S., 2023. Analysis of false data injection attacks against automated control for parallel generators in iec 61850-based smart grid systems. IEEE Systems Journal 17 (3), 4603–4614. DOI: 10.1109/JSYST.2023.3236951

Rudman, L., Irwin, B., 2015. Characterization and analysis of ntp amplification based ddos attacks. In: 2015 Information Security for South Africa (ISSA). pp. 1–5. DOI: 10.1109/ISSA.2015.7335069

Sassani, B. A., Abarro, C., Pitton, I., Young, C., Mehdipour, F., 2016. Analysis of ntp drdos attacks’ performance effects and mitigation techniques. In: 2016 14th Annual Conference on Privacy, Security and Trust (PST). pp. 421–427. DOI: 10.1109/PST.2016.7906966

Tasmi, Stiawan, D., Suprapto, B. Y., Setiawan, H., Arifin, M. A. S., 2024. Introduction to goose data communication attack traffic pattern in iec 61850. In: 2024 11th International Conference on Electrical Engineering, Computer Science and Informatics (EECSI). pp. 256–261. DOI: 10.1109/EECSI63442.2024.10776142

Teryak, H., Albaseer, A., Abdallah, M., Al-Kuwari, S., Qaraqe, M., 2023. Double-edged defense: Thwarting cyber attacks and adversarial machine learning in iec 60870-5-104 smart grids. IEEE Open Journal of the Industrial Electronics Society 4, 629–642. DOI: 10.1109/OJIES.2023.3336234

Ullmann, M., V¨ogeler, M., 2009. Delay attacks — implication on ntp and ptp time synchronization. In: 2009 International Symposium on Precision Clock Synchronization for Measurement, Control and Communication. pp. 1–6. DOI: 10.1109/ISPCS.2009.5340224

Zemanek, S., Hacker, I., Wolsing, K., Wagner, E., Henze, M., Serror, M., 2022. Powerduck: A goose data set of cyberattacks in substations. In: Proceedings of the 15th Workshop on Cyber Security Experimentation and Test. pp. 49–53.

Adquisición de tráfico de red en demostrador de subestación eléctrica

Autores/as

DOI:

Palabras clave:

Resumen

Referencias

Descargas

Publicado

Número

Sección

Licencia

Enviar un artículo

Últimas publicaciones

Idioma