E3S Web Conf.
Volume 260, 20212021 International Conference on Advanced Energy, Power and Electrical Engineering (AEPEE2021)
|Number of page(s)||10|
|Section||Power Electronics Technology and Application|
|Published online||19 May 2021|
An abnormal traffic detection method in smart substations based on coupling field extraction and DBSCAN
1 State Grid Hunan Electric Power Company Limited Information and Communication Company, Changsha, China
2 College of Electrical and Information Engineering, Hunan University, Changsha, China
3 State Grid Hunan Electric Power Co., Ltd., Changsha, China
4 Hunan Key Laboratory of Ubiquitous Power Internet of Things, Changsha, China
* Corresponding author: firstname.lastname@example.org
Smart Substation becomes more vulnerable to cyber attacks due to the high integration of information technologies, so it is essential to detect intrusion behaviour by abnormal traffic analysis in smart substations. Although there have been many detection methods for abnormal traffic, the existing ones all focus on the format check of a single field of the industrial transmission protocol, and ignore the deep coupling relationships among multiple protocol fields, which lead to more or less false detections and missed detections. To overcome this problem and further improve the detection accuracy, in this paper, we propose an abnormal traffic detection method based on the coupling field extraction and the density-based spatial clustering of applications with noise (DBSCAN). By using correlation analysis to extract the coupling fields of the protocol fields and using DBSCAN to remove the noise in the coupling fields, the deep coupling relationship between the coupling fields can be mined by the piecewise linear function fitting method, and used to detect abnormal traffic. The simulation results on 10,000 frames traffic prove that the proposed detection method can effectively identify the abnormal traffic.
Key words: Abnormal traffic detection / Coupling fields / DBSCAN / Piecewise linear function fitting / IEC 60870-5-104
© The Authors, published by EDP Sciences, 2021
This is an Open Access article distributed under the terms of the Creative Commons Attribution License 4.0, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Current usage metrics show cumulative count of Article Views (full-text article views including HTML views, PDF and ePub downloads, according to the available data) and Abstracts Views on Vision4Press platform.
Data correspond to usage on the plateform after 2015. The current usage metrics is available 48-96 hours after online publication and is updated daily on week days.
Initial download of the metrics may take a while.