SDN-Based Dynamic Cybersecurity Framework of IEC-61850 Communications in Smart Grid (2311.12205v2)
Abstract: In recent years, critical infrastructure and power grids have experienced a series of cyber-attacks, leading to temporary, widespread blackouts of considerable magnitude. Since most substations are unmanned and have limited physical security protection, cyber breaches into power grid substations present a risk. Nowadays, software-defined network (SDN), a popular virtual network technology based on the OpenFlow protocol is being widely used in the substation automation system. However, the susceptibility of SDN architecture to cyber-attacks has exhibited a notable increase in recent years, as indicated by research findings. This suggests a growing concern regarding the potential for cybersecurity breaches within the SDN framework. In this paper, we propose a hybrid intrusion detection system (IDS)-integrated SDN architecture for detecting and preventing the injection of malicious IEC 61850-based generic object-oriented substation event (GOOSE) messages in a digital substation. Additionally, this program locates the fault's location and, as a form of mitigation, disables a certain port. Furthermore, implementation examples are demonstrated and verified using a hardware-in-the-loop (HIL) testbed that mimics the functioning of a digital substation.
- D. Kreutz, F. M. V. Ramos, and P. Veríssimo, “Packet in message based ddos attack detection in sdn network using openflow,” in second workshop on Hot topics in software defined networking (HotSDNb12), 2013, pp. 55–60.
- Z. A. Bhuiyan, S. Islam, M. M. Islam, A. B. M. A. Ullah, F. Naz, and M. S. Rahman, “On the (in)security of the control plane of sdn architecture: A survey,” IEEE Access, vol. 11, pp. 91 550–91 582, 2023.
- Y. Li, Y. Qin, P. Zhang, and A. Herzberg, “Sdn-enabled cyber-physical security in networked microgrids,” IEEE TRANSACTIONS ON SUSTAINABLE ENERGY, vol. 10, no. 3, pp. 1613–1622, 2019.
- S. Usman, I. Winarno, and A. Sudarsono, “Implementation of sdn-based ids to protect virtualization server against http dos attacks,” in 2020 International Electronics Symposium (IES), 2020, pp. 195–198.
- P. Grammatikis, P. Sarigiannidis, C. Dalamagkas, Y. Spyridis, T. Lagkas, G. Efstathopoulos, A. Sesis, I. Pavon, R. Burgos, R. Diaz, and et al., “Sdn-based resilient smart grid: The sdn-microsense architecture,” Digital, vol. 1, no. 4, pp. 173–187, 2021.
- R. E. Pérez Guzmán, M. Rivera, P. W. Wheeler, G. Mirzaeva, E. E. Espinosa, and J. A. Rohten, “Microgrid power sharing framework for software defined networking and cybersecurity analysis,” IEEE Access, vol. 10, pp. 111 389–111 405, 2022.
- W. I. Khedr, A. E. Gouda, and E. R. Mohamed, “Fmdadm: A multi-layer ddos attack detection and mitigation framework using machine learning for stateful sdn-based iot networks,” IEEE Access, vol. 11, pp. 28 934–28 954, 2023.
- S. K. Yadav, P. Suguna, and R. L. Velusamy, “Entropy based mitigation of distributed-denial-of-service (ddos) attack on control plane in software-defined-network (sdn),” in 2019 10th International Conference on Computing, Communication and Networking Technologies (ICCCNT), 2019, pp. 1–7.
- A. N. H. D. Sai, B. H. Tilak, N. S. Sanjith, P. Suhas, and R. Sanjeetha, “Detection and mitigation of low and slow ddos attack in an sdn environment,” in 2022 International Conference on Distributed Computing, VLSI, Electrical Circuits and Robotics ( DISCOVER), 2022, pp. 106–111.
- J. Li, S. Qin, T. Tu, H. Zhang, and Y. Li, “Packet injection exploiting attack and mitigation in software-defined networks,” Applied Sciences, vol. 12, p. 1103, 2022.
- J. Hong, C.-C. Liu, and M. Govindarasu, “Integrated anomaly detection for cyber security of the substations,” IEEE Transactions on Smart Grid, vol. 5, no. 4, pp. 1643–1653, 2014.
- P. T. Dinh and M. Park, “Ecsd: Enhanced compromised switch detection in an sdn-based cloud through multivariate time-series analysis,” IEEE Access, vol. 8, pp. 119 346–119 360, 2020.