Adquisición de tráfico de red en demostrador de subestación eléctrica

Pablo Baltuille Puente; Jose Miguel Santos Puente; Daniel Pérez López; Serafín Alonso Castro; Juan José Fuertes Martínez; Manuel Domínguez González

doi:10.17979/ja-cea.2025.46.12126

Authors

Pablo Baltuille Puente Universidad de León https://orcid.org/0009-0009-9400-6764
Jose Miguel Santos Puente Universidad de León https://orcid.org/0009-0000-9578-1732
Daniel Pérez López Universidad de León https://orcid.org/0000-0002-2173-3364
Serafín Alonso Castro Universidad de León https://orcid.org/0000-0003-3467-4938
Juan José Fuertes Martínez Universidad de León https://orcid.org/0000-0001-9023-0341
Manuel Domínguez González Universidad de León https://orcid.org/0000-0002-3921-1599

DOI:

https://doi.org/10.17979/ja-cea.2025.46.12126

Keywords:

Electrical substations, Cybersecurity, Anomaly detection, IEC 61850, IEC 60870

Abstract

This article presents a methodology oriented to the acquisition of network traffic data sets, both normal and anomalous, in digital electrical substation automation and control systems. The approach focuses on the protocols commonly used in these platforms–IEC61850 GOOSE, MMS and SV, PTP, IEC60870-5-104 and SNTP–and is developed in a controlled environment with representative devices, such as a bay controller, protection relays, SCADA system, etc. A set of planned experiments that reproduce the normal operation of a substation are run on this infrastructure and specific attacks are introduced to analyze their impact. Finally, the collected data is analyzed by feature extraction and selection and organized into data streams useful for subsequent model training.

References

Adepu, S., Kandasamy, N. K., Mathur, A., 2019. Epic: An electric power testbed for research and training in cyber physical systems security. In: Computer Security: ESORICS 2018 International Workshops, CyberICPS 2018 and SECPRE 2018, Barcelona, Spain, September 6–7, 2018, Revised Selected Papers 2. Springer, pp. 37–52.

Aftab, M. A., Hussain, S. S., Ali, I., Ustun, T. S., 2020. Iec 61850 based substation automation system: A survey. International Journal of Electrical Power & Energy Systems 120, 106008.

Akbarzadeh, A., Erdodi, L., Houmb, S. H., Soltvedt, T. G., Muggerud, H. K., 2023. Attacking iec 61850 substations by targeting the ptp protocol. Electronics 12 (12). URL: https://www.mdpi.com/2079-9292/12/12/2596 DOI: 10.3390/electronics12122596

Alghamdi, W., Schukat, M., 2020a. Cyber attacks on precision time protocol networks—a case study. Electronics 9 (9). URL: https://www.mdpi.com/2079-9292/9/9/1398 DOI: 10.3390/electronics9091398

Alghamdi, W., Schukat, M., 2020b. Practical implementation of apts on ptp time synchronisation networks. In: 2020 31st Irish Signals and Systems Conference (ISSC). pp. 1–5. DOI: 10.1109/ISSC49989.2020.9180157

Arifin, M. A. S., Stiawan, D., Susanto, Rejito, J., Idris, M. Y., Budiarto, R., 2021. Denial of service attacks detection on scada network iec 60870- 5-104 using machine learning. In: 2021 8th International Conference on Electrical Engineering, Computer Science and Informatics (EECSI). pp. 228–232. DOI: 10.23919/EECSI53397.2021.9624255

Baltuille, P., Mor´an, A., Alonso, S., Prada, M. A., Fuertes, J. J., Domínguez, M., 2024. Design of a testbed for network traffic analysis in iec 61850-based traction substations. Jornadas de Automática 45. URL: https://doi.org/10.17979/ja-cea.2024.45.10920 DOI: 10.17979/ja-cea.2024.45.10920

Conti, M., Donadel, D., Turrin, F., 2021. A survey on industrial control system testbeds and datasets for security research. IEEE Communications Surveys & Tutorials 23 (4), 2248–2294.

Elgargouri, A., Elmusrati, M., 2017. Analysis of cyber-attacks on iec 61850 networks. In: 2017 IEEE 11th International Conference on Application of Information and Communication Technologies (AICT). pp. 1–4. DOI: 10.1109/ICAICT.2017.8686894

Gaspar, J., Cruz, T., Lam, C.-T., Sim˜oes, P., 2023. Smart substation communications and cybersecurity: A comprehensive survey. IEEE communications surveys & tutorials 25 (4), 2456–2493. DOI: 10.1109/COMST.2023.3305468

Hussain, S. M. S., Aftab, M. A., Farooq, S. M., Ali, I., Ustun, T. S., Konstantinou, C., 2023. An effective security scheme for attacks on sample value messages in iec 61850 automated substations. IEEE Open Access Journal of Power and Energy 10, 304–315. DOI: 10.1109/OAJPE.2023.3255790

Kush, N. S., Ahmed, E., Branagan, M., Foo, E., 2014. Poisoned goose: Exploiting the goose protocol. In: Proceedings of the Twelfth Australasian Information Security Conference (AISC 2014)[Conferences in Research and Practice in Information Technology, Volume 149]. Australian Computer Society, pp. 17–22.

Mahlous, A. R., 2024. Quantitative risk analysis of network time protocol (ntp) spoofing attacks. IEEE Access 12, 164891–164910. DOI: 10.1109/ACCESS.2024.3493759

Malhotra, A., Cohen, I. E., Brakke, E., Goldberg, S., 2015. Attacking the network time protocol. Cryptology ePrint Archive, Paper 2015/1020. URL: https://eprint.iacr.org/2015/1020 DOI: 10.14722/ndss.2016.23090

Manzoor, F., Khattar, V., Liu, C.-C., Jin, M., 2024. Zero-day attack detection in digital substations using in-context learning. In: 2024 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm). IEEE, pp. 220–225.

Pärssinen, J., Raussi, P., Noponen, S., Opas, M., Salonen, J., 2022. The digital forensics of cyber-attacks at electrical power grid substation. In: 2022 10th International Symposium on Digital Forensics and Security (ISDFS). pp. 1–6. DOI: 10.1109/ISDFS55398.2022.9800831

Radoglou-Grammatikis, P., Sarigiannidis, P., Giannoulakis, I., Kafetzakis, E., Panaousis, E., 2019. Attacking iec-60870-5-104 scada systems. In: 2019 IEEEWorld Congress on Services (SERVICES). Vol. 2642-939X. pp. 41–46. DOI: 10.1109/SERVICES.2019.00022

Roomi, M. M., Hussain, S. M. S., Mashima, D., Chang, E.-C., Ustun, T. S., 2023. Analysis of false data injection attacks against automated control for parallel generators in iec 61850-based smart grid systems. IEEE Systems Journal 17 (3), 4603–4614. DOI: 10.1109/JSYST.2023.3236951

Rudman, L., Irwin, B., 2015. Characterization and analysis of ntp amplification based ddos attacks. In: 2015 Information Security for South Africa (ISSA). pp. 1–5. DOI: 10.1109/ISSA.2015.7335069

Sassani, B. A., Abarro, C., Pitton, I., Young, C., Mehdipour, F., 2016. Analysis of ntp drdos attacks’ performance effects and mitigation techniques. In: 2016 14th Annual Conference on Privacy, Security and Trust (PST). pp. 421–427. DOI: 10.1109/PST.2016.7906966

Tasmi, Stiawan, D., Suprapto, B. Y., Setiawan, H., Arifin, M. A. S., 2024. Introduction to goose data communication attack traffic pattern in iec 61850. In: 2024 11th International Conference on Electrical Engineering, Computer Science and Informatics (EECSI). pp. 256–261. DOI: 10.1109/EECSI63442.2024.10776142

Teryak, H., Albaseer, A., Abdallah, M., Al-Kuwari, S., Qaraqe, M., 2023. Double-edged defense: Thwarting cyber attacks and adversarial machine learning in iec 60870-5-104 smart grids. IEEE Open Journal of the Industrial Electronics Society 4, 629–642. DOI: 10.1109/OJIES.2023.3336234

Ullmann, M., V¨ogeler, M., 2009. Delay attacks — implication on ntp and ptp time synchronization. In: 2009 International Symposium on Precision Clock Synchronization for Measurement, Control and Communication. pp. 1–6. DOI: 10.1109/ISPCS.2009.5340224

Zemanek, S., Hacker, I., Wolsing, K., Wagner, E., Henze, M., Serror, M., 2022. Powerduck: A goose data set of cyberattacks in substations. In: Proceedings of the 15th Workshop on Cyber Security Experimentation and Test. pp. 49–53.

Acquisition of network traffic at electrical substation demonstrator

Authors

DOI:

Keywords:

Abstract

References

Downloads

Published

Issue

Section

License

Make a Submission

Latest publications

Language