Abstract
Cyber actors can target the unsecured IEC 61850 protocols in digital substations to open circuit breakers and affect the power system operation. Thus, system operators must detect cyber-physical anomalies and differentiate in real-time between power system faults and cyber attacks on digital substations for effective incident response. In this work, we propose a novel image encoding method for event correlation using cyber-physical time-series data, i.e., Phasor Measurement Units (PMUs) and Operational Technology (OT) network traffic. More specifically, we propose a dynamic variation of the Gramian Angular Field method, which generates image streams capturing in real-time the spatial-temporal features in PMU measurements and IEC 61850 GOOSE traffic throughput. The proposed method for cyber-physical event correlation uses an image fusion technique. The method is tested using the benchmark IEEE 9-bus system. It successfully distinguishes between three-phase faults and GOOSE cyber attacks, demonstrating its usefulness for power system cyber security analytics.
Original language | English |
---|---|
Title of host publication | Proceedings of the 2024 12th Workshop on Modeling and Simulation of Cyber-Physical Energy Systems (MSCPES) |
Publisher | IEEE |
Number of pages | 6 |
ISBN (Electronic) | 979-8-3503-6284-8 |
ISBN (Print) | 979-8-3503-6285-5 |
DOIs | |
Publication status | Published - 2024 |
Event | 12th Workshop on Modeling and Simulation of Cyber-Physical Energy Systems, MSCPES 2024 - Hong Kong, China Duration: 13 May 2024 → 13 May 2024 |
Conference
Conference | 12th Workshop on Modeling and Simulation of Cyber-Physical Energy Systems, MSCPES 2024 |
---|---|
Country/Territory | China |
City | Hong Kong |
Period | 13/05/24 → 13/05/24 |
Bibliographical note
Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-careOtherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.
Keywords
- Cyber attacks
- cyber security
- cyber-physical power systems
- event correlation
- IEC 61850
- image encoding