SDN-Based Dynamic Cybersecurity Framework of IEC-61850 Communications in Smart Grid

TL;DR

This paper proposes a hybrid intrusion detection system (IDS)-integrated SDN architecture for detecting and preventing the injection of malicious IEC 61850-based generic object-oriented system event (GOOSE) messages in a digital substation.

Abstract

In recent years, critical infrastructure and power grids have experienced a series of cyber-attacks, leading to temporary, widespread blackouts of considerable magnitude. Since most substations are unmanned and have limited physical security protection, cyber breaches into power grid substations present a risk. Nowadays, software-defined network (SDN), a popular virtual network technology based on the OpenFlow protocol is being widely used in the substation automation system. However, the susceptibility of SDN architecture to cyber-attacks has exhibited a notable increase in recent years, as indicated by research findings. This suggests a growing concern regarding the potential for cybersecurity breaches within the SDN framework. In this paper, we propose a hybrid intrusion detection system (IDS)-integrated SDN architecture for detecting and preventing the injection of malicious IEC 61850-based generic object-oriented substation event (GOOSE) messages in a digital substation. Additionally, this program locates the fault's location and, as a form of mitigation, disables a certain port. Furthermore, implementation examples are demonstrated and verified using a hardware-in-the-loop (HIL) testbed that mimics the functioning of a digital substation.

Figures (6)

• Figure 1: Proposed framework.
• Figure 2: HIL-testbed and basic system architecture with rule-based IDS-integrated SDN.
• Figure 3: Attack Scenario 1: abnormal GOOSE injection attack on station bus SDN network switch.
• Figure 4: Attack scenario 2: abnormal GOOSE cyber-attack on PIED.
• Figure 5: Time delay in a normal scenario without the proposed IDS-integrated SDN module.