Neural Net-Based Anomaly Detection System in Substation Networks

Important components of the electric energy distribution systems are primary and secondary substations. Due to the incorporation of legacy communication infrastructure in these systems, they often have inherent cyber-security vulnerabilities. Further, traditional intrusion defence strategies for IT systems are often not applicable. In order to improve cyber-security in substation networks, this paper presents a neural net-based monitoring system. Further, to evaluate the applicability of the system, all experiments were conducted on a real test bed, which represents the substation domain as close as possible to reality. The proposed monitoring system covers several tasks. First, relevant network packets are acquired from network traffic and analysed. Based on these packets statistical features are extracted. Then, classes are defined, and a normal behaviour model of the network is trained by the neural net. New network traffic is compared to the model, in order to determine the nature of the traffic and identify potential anomalies. Finally, the monitoring system is evaluated by conducting several supervised and unsupervised network attacks against the test bed.