Ir al contenido

Documat

Adquisición de tráfico de red en demostrador de subestación eléctrica

  • Baltuille Puente, Pablo [1] ; Santos Puente, Jose Miguel [1] ; Pérez López, Daniel [1] Árbol académico ; Alonso Castro, Serafín [1] ; Fuertes Martínez, Juan José [1] ; Domínguez González, Manuel [1] Árbol académico
    1. [1] Universidad de León

      Universidad de León

      León, España

  • Localización: Jornadas de Automática, ISSN-e 3045-4093, Nº. 46, 2025
  • Idioma: español
  • DOI: 10.17979/ja-cea.2025.46.12126
  • Títulos paralelos:
    • Acquisition of network traffic at electrical substation demonstrator
  • Enlaces
  • Resumen
    • español

      En este artículo se presenta una metodología orientada a la adquisición de conjuntos de datos de tráfico de red, tanto normal como anómalo, en sistemas de automatización y control de subestaciones eléctricas digitales. El enfoque se centra en los protocolos comúnmente utilizados en estas plataformas --IEC61850 GOOSE y SV, PTP, IEC60870-5-104 y SNTP-- y se desarrolla en un entorno controlado con dispositivos representativos, como un controlador de bahía, relés de protección, sistema SCADA, etc. Sobre esta infraestructura se ejecuta un conjunto de experiencias planificadas que reproducen el funcionamiento normal de una subestación y se introducen ataques específicos para analizar su impacto. Finalmente, los datos recopilados se analizan mediante la extracción y selección de características y se organizan en flujos de datos útiles para el posterior entrenamiento de modelos.

    • English

      This article presents a methodology oriented to the acquisition of network traffic data sets, both normal and anomalous, in digital electrical substation automation and control systems. The approach focuses on the protocols commonly used in these platforms–IEC61850 GOOSE, MMS and SV, PTP, IEC60870-5-104 and SNTP–and is developed in a controlled environment with representative devices, such as a bay controller, protection relays, SCADA system, etc. A set of planned experiments that reproduce the normal operation of a substation are run on this infrastructure and specific attacks are introduced to analyze their impact. Finally, the collected data is analyzed by feature extraction and selection and organized into data streams useful for subsequent model training.

  • Referencias bibliográficas
    • Adepu, S., Kandasamy, N. K., Mathur, A., 2019. Epic: An electric power testbed for research and training in cyber physical systems security....
    • Aftab, M. A., Hussain, S. S., Ali, I., Ustun, T. S., 2020. Iec 61850 based substation automation system: A survey. International Journal of...
    • Akbarzadeh, A., Erdodi, L., Houmb, S. H., Soltvedt, T. G., Muggerud, H. K., 2023. Attacking iec 61850 substations by targeting the ptp protocol....
    • Alghamdi, W., Schukat, M., 2020a. Cyber attacks on precision time protocol networks—a case study. Electronics 9 (9). URL: https://www.mdpi.com/2079-9292/9/9/1398...
    • Alghamdi, W., Schukat, M., 2020b. Practical implementation of apts on ptp time synchronisation networks. In: 2020 31st Irish Signals and Systems...
    • Arifin, M. A. S., Stiawan, D., Susanto, Rejito, J., Idris, M. Y., Budiarto, R., 2021. Denial of service attacks detection on scada network...
    • Baltuille, P., Mor´an, A., Alonso, S., Prada, M. A., Fuertes, J. J., Domínguez, M., 2024. Design of a testbed for network traffic analysis...
    • Conti, M., Donadel, D., Turrin, F., 2021. A survey on industrial control system testbeds and datasets for security research. IEEE Communications...
    • Elgargouri, A., Elmusrati, M., 2017. Analysis of cyber-attacks on iec 61850 networks. In: 2017 IEEE 11th International Conference on Application...
    • Gaspar, J., Cruz, T., Lam, C.-T., Sim˜oes, P., 2023. Smart substation communications and cybersecurity: A comprehensive survey. IEEE communications...
    • Hussain, S. M. S., Aftab, M. A., Farooq, S. M., Ali, I., Ustun, T. S., Konstantinou, C., 2023. An effective security scheme for attacks on...
    • Kush, N. S., Ahmed, E., Branagan, M., Foo, E., 2014. Poisoned goose: Exploiting the goose protocol. In: Proceedings of the Twelfth Australasian...
    • Mahlous, A. R., 2024. Quantitative risk analysis of network time protocol (ntp) spoofing attacks. IEEE Access 12, 164891–164910. DOI: 10.1109/ACCESS.2024.3493759
    • Malhotra, A., Cohen, I. E., Brakke, E., Goldberg, S., 2015. Attacking the network time protocol. Cryptology ePrint Archive, Paper 2015/1020....
    • Manzoor, F., Khattar, V., Liu, C.-C., Jin, M., 2024. Zero-day attack detection in digital substations using in-context learning. In: 2024...
    • Pärssinen, J., Raussi, P., Noponen, S., Opas, M., Salonen, J., 2022. The digital forensics of cyber-attacks at electrical power grid substation....
    • Radoglou-Grammatikis, P., Sarigiannidis, P., Giannoulakis, I., Kafetzakis, E., Panaousis, E., 2019. Attacking iec-60870-5-104 scada systems....
    • Roomi, M. M., Hussain, S. M. S., Mashima, D., Chang, E.-C., Ustun, T. S., 2023. Analysis of false data injection attacks against automated...
    • Rudman, L., Irwin, B., 2015. Characterization and analysis of ntp amplification based ddos attacks. In: 2015 Information Security for South...
    • Sassani, B. A., Abarro, C., Pitton, I., Young, C., Mehdipour, F., 2016. Analysis of ntp drdos attacks’ performance effects and mitigation...
    • Tasmi, Stiawan, D., Suprapto, B. Y., Setiawan, H., Arifin, M. A. S., 2024. Introduction to goose data communication attack traffic pattern...
    • Teryak, H., Albaseer, A., Abdallah, M., Al-Kuwari, S., Qaraqe, M., 2023. Double-edged defense: Thwarting cyber attacks and adversarial machine...
    • Ullmann, M., V¨ogeler, M., 2009. Delay attacks — implication on ntp and ptp time synchronization. In: 2009 International Symposium on Precision...
    • Zemanek, S., Hacker, I., Wolsing, K., Wagner, E., Henze, M., Serror, M., 2022. Powerduck: A goose data set of cyberattacks in substations....
Fundación Dialnet

Mi Documat

Opciones de artículo

Opciones de compartir

Opciones de entorno