 Applying domain-specific knowledge to construct features for detecting distributed denial-of-service attacks on the GOOSE and MMS protocolsHassan Lahza, Kenneth Radke and Ernest Foo International Journal of Critical Infrastructure Protection, 2018, vol. 20, issue C, 48-67 Abstract: Electric substation automation systems based on the IEC 61850 standard predominantly employ the GOOSE and MMS protocols. Because GOOSE and MMS messages are not encrypted, an attacker can observe packet header information in protocol messages and inject large numbers of spoofed messages that can flood a substation automation system. Sophisticated machine-learning-based intrusion detection systems are required to detect these types of distributed denial-of-service attacks. However, the performance of machine-learning-based classifiers is hindered by the relative lack of features that express GOOSE and MMS protocol behavior. Keywords: SCADA Systems; GOOSE Protocol; MMS Protocol; Denial-of-Service Attacks; Intrusion Detection; Feature Construction; Machine Learning (search for similar items in EconPapers) Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:eee:ijocip:v:20:y:2018:i:c:p:48-67 DOI: 10.1016/j.ijcip.2017.12.002 Access Statistics for this article International Journal of Critical Infrastructure Protection is currently edited by Leon Strous More articles in International Journal of Critical Infrastructure Protection from Elsevier |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.