Corrupted GOOSE Detectors: Anomaly Detection in Power Utility Real-Time Ethernet Communications

Maëlle Kabir-Querrec 1, 2 Stéphane Mocanu 1 Pascal Bellemain 3 Jean-Marc Thiriet 2 Eric Savary 4
1 GIPSA-SYSCO - SYSCO
GIPSA-DA - Département Automatique
2 GIPSA-SAIGA - SAIGA
GIPSA-DA - Département Automatique, GIPSA-DIS - Département Images et Signal
3 GIPSA-Services - GIPSA-Services
GIPSA-lab - Grenoble Images Parole Signal Automatique
Abstract : GOOSE protocol is used for critical protection operations in the power grid, as standardized by IEC61850. It thus has strong real-time constraints that make very hard to implement any security means for integrity and confidentiality such as encryption or signature. Our answer to this lack of dedicated cybersecurity measures is to check legitimacy of every GOOSE messages flowing over the managed network. When detectors issue an alert, the SCADA informs field devices to discard GOOSE communication and run an alternative protection strategy. This article focuses on the GOOSE attack detectors we developed: one dedicated to Ethernet storm and the other one to fraudulent GOOSE frames. The paper first introduces main GOOSE protocol mechanisms and gives a brief state of the art regarding GOOSE attack management before presenting our architecture and the detectors.
Document type :
Conference papers
Complete list of metadatas

Cited literature [6 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-01237725
Contributor : Maëlle Kabir-Querrec <>
Submitted on : Thursday, December 3, 2015 - 4:31:52 PM
Last modification on : Monday, April 9, 2018 - 12:22:50 PM
Long-term archiving on : Friday, March 4, 2016 - 2:30:39 PM

File

GreHack_2015_Kabir-Querrec_Ver...
Files produced by the author(s)

Identifiers

  • HAL Id : hal-01237725, version 1

Citation

Maëlle Kabir-Querrec, Stéphane Mocanu, Pascal Bellemain, Jean-Marc Thiriet, Eric Savary. Corrupted GOOSE Detectors: Anomaly Detection in Power Utility Real-Time Ethernet Communications. GreHack 2015, Verimag, Nov 2015, Grenoble, France. ⟨hal-01237725⟩

Share

Metrics

Record views

474

Files downloads

329