Abstract
Energy Management System (EMS) communicates with power plants and substations to maintain the reliability and efficiency of power supplies. EMS collects and monitors data from these sources and controls power flow through commands to ensure uninterrupted power supply, frequency and voltage maintenance, and power recovery in the event of a power outage. EMS works in a Distributed Network Protocol (DNP) 3.0-based network environment that is considered secure due to its unique security features and communication methods. However, cyberattacks exploiting the vulnerability of the DNP 3.0 protocol can manipulate the power generation output, resulting in serious consequences such as facility malfunction and power outages. To address this issue, this paper identifies security threats in power system networks, including DNP 3.0, and proposes an AI-based anomaly detection system based on DNP 3.0 network traffic. Existing network traffic target rule-based detection methods and signature-based detection methods have defects. We propose an AI-based anomaly detection system to compensate for defects in existing anomaly detection methods and perform efficient anomaly detection. To evaluate the performance of the AI-based anomaly detection system proposed in this paper, we used a dataset containing normal network traffic and nine types of attack network traffic obtained from the DNP 3.0 communication testbed, and experiments showed 99% accuracy, 98% TPR, and 1.6% FPR, resulting in 99% F-1 score. By implementing these security measures, power system network environments, including EMS, can be better protected against cyber threats.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Jae-guk, Y.: Energy management system (EMS) operation status and improvement plan. NARS Pending Rep. 157, 1–141 (2016)
Ji Woong, J., Huy Kang, K.: A study on vulnerabilities of serial based DNP in power control fields. J. Korea Inst. Inf. Secur. Cryptol. 23(6), 1143–1156 (2013)
New Mirai Variant Attacks Apache Struts Vulnerability, https://searchsecurity.techtarget.com/news/252448779/New-Mirai-variant-attacks-Apache-Struts-vulnerability. Accessed 09 June 2023
Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: Mirai and other botnets. Computer 50(7), 80–84 (2016)
Radoglou Grammatikis, P., Sarigiannidis, P., Efstathopoulos, G., Karipidis P., Sarigiannidis, A.: DIDEROT: an intrusion detection and prevention system for dnp3-based SCADA systems. In: Proceedings of the 15th International Conference on Availability Reliability and Security, pp. 1–8, Association for Computing Machinery, Virtual Event Ireland (2020)
Rodofile, N., Radke, N., Foo E.: Framework for SCADA cyber-attack dataset creation. In: Proceedings of the Australasian Computer Science Week Multiconference, Association for Computing Machinery, USA, pp. 1–10 (2017)
Kelli, V.: Attacking and defending DNP3 ICS/SCADA systems. In: 2022 18th International Conference on Distributed Computing in Sensor Systems (DCOSS), pp. 183–190. IEEE, USA (2022)
Siniosoglou, I., Radoglou-Grammatikis, P., Efstathopoulos, G., Fouliras, P., Sarigiannidis, P.: A unified deep learning anomaly detection and classification approach for smart grid environments. IEEE Trans. Netw. Serv. Manage. 18(2), 1137–1151 (2021)
Jungwook, K., Eui Young, S., Seung Hyun, K., Joong-Kyum, K., Yongbeum, Y.: 2021/22 KSP policy consultation report Czech republic smart systems resilience 4.0 for the Czech republic, Korea development institute, Korea (2022)
Pil Sung, W., Balho H, K.: Establishment of cyber security countermeasures amenable to the structure of power monitoring & control systems. Trans. Korean Inst. Electr. Eng. 67(12), 1577–1586 (2018)
East, S., Butts, J., Papa, M., Shenoi, S.: A taxonomy of attacks on the dnp3 protocol. In: Palmer, C., Shenoi, S. (eds.) ICCIP 2009. IAICT, vol. 311, pp. 67–81. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04798-5_5
DNP, DNP3 Application Note AN2013–004b Validation of Incoming DNP3 Data (2014)
Sungmoon, K., Hyung-uk, Y., Yi Sang, H., Shon, T.S.: DNP3 protocol security and attack detection method. J. Adv. Navig. Technol. 18(4), 353–358 (2014)
Radoglou-Grammatikis, P., Kelli, V., Lagkas, T., Argyriou, V., Sarigiannidis, P.: DNP3 Intrusion Detection Dataset, IEEE Dataport (2022)
Razib, M., Javeed, D., Khan, M., Alkanhel, R., Muthanna, M.: Cyber Threats detection in smart environments using SDN-enabled DNN-LSTM hybrid framework. IEEE Access 10, 53015–53026 (2022)
Sun, X., Houfeng, W.: Adjusting the precision-recall trade-off with align-and-predict decoding for grammatical error correction. In: Proceedings of the 60th Annual Meeting of the Association for Computational Linguistics, pp. 686–693. Computational Linguistics Dublin (2022)
Acknowledgements
This work was supported by Institute of Information & communications Technology Planning & Evaluation (IITP) grant funded by the Korea government (MSIT) (RS-2023–00241376, Development of security monitoring technology based network behavior against encrypted cyber threats in maritime environment).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Ji, I., Jeon, S., Seo, J.T. (2024). AE-LSTM Based Anomaly Detection System for Communication Over DNP 3.0. In: Kim, H., Youn, J. (eds) Information Security Applications. WISA 2023. Lecture Notes in Computer Science, vol 14402. Springer, Singapore. https://doi.org/10.1007/978-981-99-8024-6_8
Download citation
DOI: https://doi.org/10.1007/978-981-99-8024-6_8
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-8023-9
Online ISBN: 978-981-99-8024-6
eBook Packages: Computer ScienceComputer Science (R0)