Relevant bibliographies by topics / IEC 60870-5-104 / Journal articles
To see the other types of publications on this topic, follow the link: IEC 60870-5-104.

Journal articles on the topic 'IEC 60870-5-104'

Author: Grafiati
Published: 4 June 2021
Last updated: 18 June 2025

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the top 29 journal articles for your research on the topic 'IEC 60870-5-104.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.

1

Saif Qassim, Qais, Norziana Jamil, Maslina Daud, et al. "Simulating command injection attacks on IEC 60870-5-104 protocol in SCADA system." International Journal of Engineering & Technology 7, no. 2.14 (2018): 153. http://dx.doi.org/10.14419/ijet.v7i2.14.12816.

Full text
Abstract:
IEC 60870-5-104 is an international standard used for tele-control in electrical engineering and power system applications. It is one of the major principal protocols in SCADA system. Major industrial control vendors use this protocol for monitoring and managing power utility devices. One of the most common attacks which has a catastrophic impact on industrial control systems is the control command injection attack. It happens when an attacker injects false control commands into a control system. This paper presents the IEC 60870-5-104 vulnera-bilities from the perspective of command and information data injection. From the SCADA testbed that we setup, we showed that a success-ful control command injection attack can be implemented by exploiting the vulnerabilities identified earlier.
APA, Harvard, Vancouver, ISO, and other styles
2

Hareesh, Reddi, Rajesh Kalluri, Lagineni Mahendra, R. K. Senthil Kumar, and B. S. Bindhumadhava. "Passive Security Monitoring for IEC-60870-5-104 based SCADA Systems." International Journal of Industrial Control Systems Security 3, no. 1 (2020): 90–99. http://dx.doi.org/10.20533/ijicss.9781.9083.20346.2020.0010.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Han, Guozheng, Bingyin Xu, and Jiale Suonan. "IEC 61850-Based Feeder Terminal Unit Modeling and Mapping to IEC 60870-5-104." IEEE Transactions on Power Delivery 27, no. 4 (2012): 2046–53. http://dx.doi.org/10.1109/tpwrd.2012.2209685.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Maulana, Agus Harya. "Mengintegrasikan Adaptive Defense Scheme Ke Master Station Scada Pada Sistem Tenaga Listrik Jawa-Bali." PETIR 14, no. 1 (2020): 114–21. http://dx.doi.org/10.33322/petir.v14i1.935.

Full text
Abstract:
Abstract
 The success of SCADA and Defense Scheme system will take effect the operation of electric power system. However the two systems were stand alone in Java-Bali power system due to different development time and platform. At present in Java-Bali a modern Defense Scheme system is being built, that is called Adaptive Defense Scheme (ADS). ADS system has capability to communicate data between IEDs or relay, and between IEDs with ADS server. ADS server has also communication protocol such as IEC 60870-5-104. In a previous study it was found that the integration between two different systems was very possible, namely between PMU and SCADA. This paper will describe design of integration between ADS system with SCADA master station via communication routers that are commonly used to communicate with Remote Terminal Unit (RTU) based on IEC 60870-5-104. This integration will have financial and non financial effects on power system operation utility. Through this integration, data integrity will be obtained because of single data source, and investment and operation costs will be optimized because utility can avoid duplication of equipment functions. The integration of ADS system and SCADA will not affect the success rate of ADS because it is in different authority area.
 
 ABSTRAK 
 Keberhasilan sistem SCADA dan Defense Scheme akan berpengaruh terhadap pengaturan operasi sistem tenaga listrik. Namun kedua sistem ini di sistem tenaga listrik Jawa-Bali berdiri sendiri dikarenakan waktu pembangunan dan platform yang berbeda. Saat ini di Jawa-Bali sedang dibangun sistem Defense Scheme yang modern, yang disebut dengan Adaptive Defense Scheme (ADS). Sistem ADS memiliki kemampuan komunikasi data antar IED atau rele, dan antara IED dengan server ADS. Server ADS juga memiliki protokol komunikasi SCADA seperti IEC 60870-5-104. Dalam penelitian terdahulu diketahui bahwa integrasi antara dua sistem yang berbeda sangat dimungkinkan yaitu antara PMU dengan SCADA. Pada paper ini disampaikan rancangan integrasi antara sistem ADS dengan master station SCADA melalui router komunikasi yang biasa digunakan untuk berkomunikasi dengan Remote Terminal Unit (RTU) berbasis IEC 60870-5-104. Adanya integrasi ini akan memberikan dampak finansial dan non finansial terhadap pengelola operasi sistem tenaga listrik. Melalui integrasi ini maka akan diperoleh integritas data karena adanya satu sumber data, dan dapat dioptimalkannya biaya investasi dan biaya operasi karena utility dapat menghindari duplikasi fungsi peralatan. Integrasi sistem ADS dan SCADA tidak akan mempengaruhi tingkat keberhasilan ADS karena berada di area kewenangan yang berbeda.
APA, Harvard, Vancouver, ISO, and other styles
5

Csatár, János, Péter György, and Tamás Holczer. "Holistic attack methods against power systems using the IEC 60870-5-104 protocol." Infocommunications journal 15, no. 3 (2023): 42–53. http://dx.doi.org/10.36244/icj.2023.3.5.

Full text
Abstract:
IEC 60870-5-104 is a widely used protocol for telecontrol in European power systems. However, security was not a design goal when it was originally published: This protocol lacks built-in security features such as encryption, integrity protection, or authentication. In this paper, we describe novel types of attacks against the protocol in a holistic way. Therefore, we also enumerate the possible entry points of the threat actors and demonstrate a new technique, where the malicious actor can precisely target the attack. These methods are demonstrated both on simulated environment and actual devices and compared with already published methods.
APA, Harvard, Vancouver, ISO, and other styles
6

Qassim, Qais Saif, Muhammad Reza Z'aba, Wan Azlan Wan Kamarulzaman, and Norziana Jamil. "Assessing the cyber-security of the IEC 60870-5-104 protocol in SCADA system." International Journal of Critical Infrastructures 16, no. 2 (2020): 91. http://dx.doi.org/10.1504/ijcis.2020.10029063.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Qassim, Qais Saif, Norziana Jamil, Muhammad Reza Z', N. A. aba, and Wan Azlan Wan Kamarulzaman. "Assessing the cyber-security of the IEC 60870-5-104 protocol in SCADA system." International Journal of Critical Infrastructures 16, no. 2 (2020): 91. http://dx.doi.org/10.1504/ijcis.2020.107242.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Durak, Onur, and Burak Tahincioglu. "Automated testing methodologies for substation automation systems (SAS) with IEC 61850 and IEC 60870-5-104 communication protocols." IET Conference Proceedings 2025, no. 5 (2025): 183–88. https://doi.org/10.1049/icp.2025.1067.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Feria Briceño, John Henry. "Diseño e implementación de un algoritmo para translación de protocolo entre las normas IEC60870-5-104 y MODBUS TCP/IP." Ingenium Revista de la facultad de ingeniería 16, no. 32 (2015): 102. http://dx.doi.org/10.21500/01247492.1674.

Full text
Abstract:
<p style="margin: 0cm 0cm 0pt; text-align: justify; line-height: 150%;"><span style="color: black; line-height: 150%; font-family: 'Arial','sans-serif'; font-size: 12pt; mso-bidi-font-weight: bold;">Este artículo muestra los resultados del proceso de diseño, implementación y prueba de un algoritmo para hacer la translación de protocolo entre las normas IEC 60870-5-104 y MODBUS TCP/IP, éste modelo de algoritmos son de amplio uso en los procesos de supervisión y automatización en sub-estaciones eléctricas.</span></p>
APA, Harvard, Vancouver, ISO, and other styles
10

Arifin, M. Agus Syamsul, Susanto Susanto, Deris Stiawan, Mohd Yazid Idris, and Rahmat Budiarto. "The trends of supervisory control and data acquisition security challenges in heterogeneous networks." Indonesian Journal of Electrical Engineering and Computer Science 22, no. 2 (2021): 874–83. https://doi.org/10.11591/ijeecs.v22.i2.pp874-883.

Full text
Abstract:
Supervisory control and data acquisition (SCADA) has an important role in communication between devices in strategic industries such as power plant grid/network. Besides, the SCADA system is now open to any external heterogeneous networks to facilitate monitoring of industrial equipment, but this causes a new vulnerability in the SCADA network system. Any disruption on the SCADA system will give rise to a dangerous impact on industrial devices. Therefore, deep research and development of reliable intrusion detection system (IDS) for SCADA system/network is required. Via a thorough literature review, this paper firstly discusses current security issues of SCADA system and look closely benchmark dataset and SCADA security holes, followed by SCADA traffic anomaly recognition using artificial intelligence techniques and visual traffic monitoring system. Then, touches on the encryption technique suitable for the SCADA network. In the end, this paper gives the trend of SCADA IDS in the future and provides a proposed model to generate a reliable IDS, this model is proposed based on the investigation of previous researches. This paper focuses on SCADA systems that use IEC 60870-5-104 (IEC 104) protocol and distributed network protocol version 3 (DNP3) Protocol as many SCADA systems use these two protocols.
APA, Harvard, Vancouver, ISO, and other styles
11

Shi, Shan, Yong Wang, Cunming Zou, and Yingjie Tian. "AES RSA-SM2 Algorithm against Man-in-the-Middle Attack in IEC 60870-5-104 Protocol." Journal of Computer and Communications 10, no. 01 (2022): 27–41. http://dx.doi.org/10.4236/jcc.2022.101002.

Full text
APA, Harvard, Vancouver, ISO, and other styles
12

Nadeem, Furquan, Mohd Asim Aftab, S. M. Suhail Hussain, et al. "Virtual Power Plant Management in Smart Grids with XMPP Based IEC 61850 Communication." Energies 12, no. 12 (2019): 2398. http://dx.doi.org/10.3390/en12122398.

Full text
Abstract:
Communication plays a key role in the effective management of virtual power plants (VPPs). For effective and stable operation of VPPs, a reliable, secure, and standardized communication infrastructure is required. In the literature, efforts were made to develop this based on industry standards, such as the IEC 60870-5-104, OpenADR 2.0b and IEC 61850. Due to its global acceptance and strong object-oriented information models, IEC 61850 standard-based communication is preferred for smart grid operations, including VPPs. However, communication models based on IEC 61850 present cybersecurity and scalability challenges. To address this issue, this paper presents an eXtensible Message Presence Protocol (XMPP)-based IEC 61850 communication for VPPs. Firstly, a full mapping of IEC 61850 messages for VPP energy management is carried out. Secondly, XMPP-based single- and multiple-domain communications are demonstrated. Finally, a federation concept has been added to facilitate communication in multi-domain communication networks. These models show that a standard communication model can be implemented with IEC 61850 and XMPP, not only for VPPs but other wide-area communication implementations in smart grids. This not only facilitates plug-and-play (PnP) with easy component additions but secures smart grid communication against cyber-attacks.
APA, Harvard, Vancouver, ISO, and other styles
13

Tao, Weiqing, Mengyu Ma, Ming Ding, Wei Xie, and Chen Fang. "A Priority-Based Synchronous Phasor Transmission Protocol Extension Method for the Active Distribution Network." Applied Sciences 9, no. 10 (2019): 2135. http://dx.doi.org/10.3390/app9102135.

Full text
Abstract:
With the advancement of active distribution network construction, to solve the shortcomings of the existing distribution network technology in distribution network perception and control, the relevant technologies of the Wide Area Measurement System (WAMS) in the transmission network have attracted more attention in terms of their usage in the distribution network. Micro Multifunction Phasor Measurement Unit (μMPMU), as an example, is being gradually utilized in the distribution network. However, the existing synchronous phasor transmission protocol is mainly designed for the transmission network, which requires an extension to meet the communication requirements to be directly used in the distribution network. In this work, the requirements of active distribution network communication are analyzed, and trade-offs between National Standard of the People’s Republic of China/Recommended (GB/T) 26865.2-2011 and International Electro technical Commission (IEC) 60870-5-101/104 protocol are compared. An extension method of the communication protocol is proposed, with the benefits of the prioritized transmission of important data, expanded remote control function of μMPMU, increased types of offline files, and reduced amount of network communication and data storage. The method is built upon the existing GB/T 26865.2-2011 protocol, and refers to the Application Service Data Unit (ASDU) of IEC 60870-5-101/104 to add an application extension frame. Application extension frames are used to transmit telemetry data, telesignalization, partial commands, and partial offline files. Finally, an experimental environment is set up, which includes a phasor measurement unit (PMU) Emulator, distribution network phasor data concentrator (PDC), and main station emulator to implement the standard GB/T 26865.2-2011 protocol and extension protocol. The feasibility and effectiveness of the method are confirmed by the superior performance of the extended protocol compared with the standard protocol.
APA, Harvard, Vancouver, ISO, and other styles
14

Jarmakiewicz, Jacek, Krzysztof Maślank, and Krzysztof Parobczak. "Evaluation of the Cyber Security Provision System for Critical Infrastructure." Journal of Telecommunications and Information Technology, no. 4 (December 30, 2015): 22–29. http://dx.doi.org/10.26636/jtit.2015.4.980.

Full text
Abstract:
The paper presents an assessment of the functional mechanisms that are part of the security system for the power grid control. The security system, its components, and the real time processes for the control of electricity supply were defined. In particular, SCADA protocols used in the control system and mechanisms for transferring them between the control center and actuators were identified. The paper also includes presentation of a test environment that is used for developed security mechanisms evaluation. In the last fragment of the paper, the test scenarios were formulated and the results obtained in the cyber security system were shown, which cover security probes reaction delay, forged malicious IEC 60870-5-104 traffic detection, DarkNet and HoneyPot interception of adversary actions, and dynamic firewall rules creation.
APA, Harvard, Vancouver, ISO, and other styles
15

Syamsul Arifin, M. Agus, Susanto Susanto, Deris Stiawan, Mohd Yazid Idris, and Rahmat Budiarto. "The trends of supervisory control and data acquisition security challenges in heterogeneous networks." Indonesian Journal of Electrical Engineering and Computer Science 22, no. 2 (2021): 874. http://dx.doi.org/10.11591/ijeecs.v22.i2.pp874-883.

Full text
Abstract:
<p>Supervisory control and data acquisition (SCADA) has an important role in communication between devices in strategic industries such as power plant grid/network. Besides, the SCADA system is now open to any external heterogeneous networks to facilitate monitoring of industrial equipment, but this causes a new vulnerability in the SCADA network system. Any disruption on the SCADA system will give rise to a dangerous impact on industrial devices. Therefore, deep research and development of reliable intrusion detection system (IDS) for SCADA system/network is required. Via a thorough literature review, this paper firstly discusses current security issues of SCADA system and look closely benchmark dataset and SCADA security holes, followed by SCADA traffic anomaly recognition using artificial intelligence techniques and visual traffic monitoring system. Then, touches on the encryption technique suitable for the SCADA network. In the end, this paper gives the trend of SCADA IDS in the future and provides a proposed model to generate a reliable IDS, this model is proposed based on the investigation of previous researches. This paper focuses on SCADA systems that use IEC 60870-5-104 (IEC 104) protocol and distributed network protocol version 3 (DNP3) protocol as many SCADA systems use these two protocols.</p>
APA, Harvard, Vancouver, ISO, and other styles
16

Shih, Yusi. "Measured wind data in digital: Develop and optimize offshore wind farm SCADA by IEC 60870-5-104 protocol and DMZ." Energy Reports 8 (April 2022): 1231–42. http://dx.doi.org/10.1016/j.egyr.2021.11.182.

Full text
APA, Harvard, Vancouver, ISO, and other styles
17

Akbarzadeh, Aida, Laszlo Erdodi, Siv Hilde Houmb, Tore Geir Soltvedt, and Hans Kristian Muggerud. "Attacking IEC 61850 Substations by Targeting the PTP Protocol." Electronics 12, no. 12 (2023): 2596. http://dx.doi.org/10.3390/electronics12122596.

Full text
Abstract:
Digital substations, also referred to as modern power grid substations, utilize the IEC 61850 station and process bus in conjunction with IP-based communication. This includes communication with switch yard equipment within the substation as well as the dispatch center. IEC 61850 is a global standard developed to standardize power grid communications, covering multiple communication needs related to modern power grid substations or digital substations. Unlike the legacy communication standards, IEC 60870-5-104 and DNP3, IEC 61850 is specifically designed for IP-based communication. It comprises several communication models and supports real-time communication by introducing the process bus to replace traditional peer-to-peer communication with standard network communication between substation equipment and the switch yard. The process bus, especially Sampled Measured Values (SMV) communication, in modern power grid substations relies on extremely accurate and synchronized time to prevent equipment damage, maintain power grid system balance, and ensure safety. In IEC 61850, time synchronization is provided by the Precision Time Protocol (PTP). This paper discusses the significance and challenges of time synchronization in IEC 61850 substations, particularly those associated with PTP. It presents the results of a controlled experiment that subjects time synchronization and PTP to cyber-attacks and discusses the potential consequences of such attacks. The paper also provides recommendations for potential mitigation strategies. The contribution of this paper is to provide insights and recommendations for enhancing the security of IEC 61850-based substations against cyber-attacks targeting time synchronization. The paper also explores the potential consequences of cyber-attacks and provides recommendations for potential mitigation strategies.
APA, Harvard, Vancouver, ISO, and other styles
18

Yang, Chao, Deji Chen, and Hongyuan Hu. "IEC104 protocol-based substation data upload IoT cloud platform implementation." Journal of Physics: Conference Series 2874, no. 1 (2024): 012006. http://dx.doi.org/10.1088/1742-6596/2874/1/012006.

Full text
Abstract:
Abstract The Industrial Internet of Things (IoT) has been developing rapidly under the background of Internet technology, and the most crucial part of its realization is the unified collection and access of heterogeneous data from multiple sources across networks and regions. For the access of substation system data, this paper designs a scheme to read data from IEC 60870-5-104 protocol and upload the data to IOT cloud platform by converting the data to data format supported by Kafka protocol, solving the problem of incompatibility between communication protocols, obtaining data from 104 secondary stations by connecting to them, parsing and processing the data in different formats, and converting the data to JSON format by processing and sending it to the IOT cloud platform. The data is converted into JSON format through processing and sent to the Kafka server, and the cloud platform obtains its data by subscribing to the corresponding topics. This approach makes substation data access more convenient, and efficiently and effectively saves the cost of hardware gateway, solves the incompatibility and interoperability between the underlying equipment access protocol and the cloud platform communication protocol, and builds a bridge for the remote transmission of the underlying equipment data of the Industrial Internet of Things.
APA, Harvard, Vancouver, ISO, and other styles
19

Harrou, Fouzi, Benamar Bouyeddou, Abdelkader Dairi, and Ying Sun. "Exploiting Autoencoder-Based Anomaly Detection to Enhance Cybersecurity in Power Grids." Future Internet 16, no. 6 (2024): 184. http://dx.doi.org/10.3390/fi16060184.

Full text
Abstract:
The evolution of smart grids has led to technological advances and a demand for more efficient and sustainable energy systems. However, the deployment of communication systems in smart grids has increased the threat of cyberattacks, which can result in power outages and disruptions. This paper presents a semi-supervised hybrid deep learning model that combines a Gated Recurrent Unit (GRU)-based Stacked Autoencoder (AE-GRU) with anomaly detection algorithms, including Isolation Forest, Local Outlier Factor, One-Class SVM, and Elliptical Envelope. Using GRU units in both the encoder and decoder sides of the stacked autoencoder enables the effective capture of temporal patterns and dependencies, facilitating dimensionality reduction, feature extraction, and accurate reconstruction for enhanced anomaly detection in smart grids. The proposed approach utilizes unlabeled data to monitor network traffic and identify suspicious data flow. Specifically, the AE-GRU is performed for data reduction and extracting relevant features, and then the anomaly algorithms are applied to reveal potential cyberattacks. The proposed framework is evaluated using the widely adopted IEC 60870-5-104 traffic dataset. The experimental results demonstrate that the proposed approach outperforms standalone algorithms, with the AE-GRU-based LOF method achieving the highest detection rate. Thus, the proposed approach can potentially enhance the cybersecurity in smart grids by accurately detecting and preventing cyberattacks.
APA, Harvard, Vancouver, ISO, and other styles
20

Vrdoljak, K., B. Kopić, M. Gec, J. Krstulović Opara, and S. Sekulić. "Automatic Generation Control Application for Transmission and Generation Centres." Journal of Energy - Energija 67, no. 2 (2022): 23–32. http://dx.doi.org/10.37798/201867277.

Full text
Abstract:
Recently, a new Emergency Control Centre for Albanian Transmission System Operator (TSO), which includes Supervisory control and data acquisition (SCADA) and Automatic Generation Control (AGC) applications, has been commissioned. Nowadays, an AGC application is being prepared for the biggest generation company in Croatia, as part of control centre for hydropower plants within western part of Croatia. Both of these implementations use the same AGC application, which is presented in this paper. Although AGC for TSO and AGC for Generation Centre (GC) have many similarities, their main goals are different. AGC for TSO must mainly regulate system’s frequency and area’s active power interchange to their desired values, using only power plants engaged in load-frequency control (LFC). However, AGC for GC must ensure that power production of each power unit not engaged in LFC tracks its planned value, while also ensuring that centre’s share in LFC is being respected. Albeit the AGC is standalone application, in both afore-mentioned implementations it is affiliated with SCADA application, from which it obtains all required input measurements and indications and to which it delivers calculated setpoints. Additionally, all AGC pictures are integrated into SCADA pictures as well, in order to simplify operation and monitoring functionalities. AGC for Albanian TSO controls active power generation of six hydro power plants engaged in LFC. AGC for GC West in Croatia controls active power generation of ten hydro power plants. In both implementations, communication with remote objects is done using IEC 60870-5-104 communication protocol, while communication with other control centres is done using ICCP communication protocol. Power production plans are sent to AGC either from Market Management Systems (in TSO case) or from scheduling and optimization application (in GC case).
APA, Harvard, Vancouver, ISO, and other styles
21

Tao, Weiqing, Xiong Chen, and Qiaoyun Zhang. "Realization of IEC 60870-5-104 Protocol in DTU." International Journal of Computer and Electrical Engineering, 2010, 815–20. http://dx.doi.org/10.7763/ijcee.2010.v2.233.

Full text
APA, Harvard, Vancouver, ISO, and other styles
22

Egger, Michael, Günther Eibl, and Dominik Engel. "Comparison of approaches for intrusion detection in substations using the IEC 60870-5-104 protocol." Energy Informatics 3, S1 (2020). http://dx.doi.org/10.1186/s42162-020-00118-4.

Full text
Abstract:
Abstract Electrical networks of transmission system operators are mostly built up as isolated networks without access to the Internet. With the increasing popularity of smart grids, securing the communication network has become more important to avoid cyber-attacks that could result in possible power outages. For misuse detection, signature-based approaches are already in use and special rules for a wide range of protocols have been developed. However, one big disadvantage of signature-based intrusion detection is that zero-day exploits cannot be detected. Machine-learning-based anomaly detection methods have the potential to achieve that. In this paper, various such methods for intrusion detection in substations, which use the asynchronous communication protocol International Electrotechnical Commission (IEC) 60870-5-104, are tested and compared. The evaluation of the proposed methods is performed by applying them to a data set which includes normal operation traffic and four different attacks. While the results of supervised and semi-supervised machine learning approaches are rather encouraging, the unsupervised and signature-based methods suffer from general bad performance and had difficulties to detect some attacks.
APA, Harvard, Vancouver, ISO, and other styles
23

Baltuille Puente, Pablo, Antonio Morán, Serafin Alonso, Miguel Ángel Prada, Juan José Fuertes, and Manuel Domínguez. "Demostrador para el análisis de tráfico de red en subestaciones de tracción basadas en IEC61850." Jornadas de Automática, no. 45 (July 19, 2024). http://dx.doi.org/10.17979/ja-cea.2024.45.10920.

Full text
Abstract:
En este artículo se presenta un procedimiento para analizar tráfico de red en subestaciones de tracción ferroviaria basadas en el estándar IEC 61850. Se propone el uso de un conjunto de sondas que detectan los eventos generados por los diferentes dispositivos de la red (relés de protección, unidad de control de subestación, sistema SCADA, etc.), junto con la metodología a seguir para la generación y el análisis de los paquetes de red. Además, se realiza un experimento sobre un armario de control que replica la estructura de automatización de una subestación de tracción. En este sistema se genera tráfico de red de los protocolos IEC 60870-5-104, IEC 61850 GOOSE y MMS a través de la ejecución de una maniobra en condiciones normales. Este tráfico se monitoriza a través de las sondas y se hace un estudio de los eventos mediante la utilización de una herramienta de análisis de paquetes.
APA, Harvard, Vancouver, ISO, and other styles
24

Arifin, M. Agus Syamsul, Deris Stiawan, Bhakti Yudho Suprapto, et al. "Oversampling and undersampling for intrusion detection system in the supervisory control and data acquisition IEC 60870‐5‐104." IET Cyber-Physical Systems: Theory & Applications, January 4, 2024. http://dx.doi.org/10.1049/cps2.12085.

Full text
Abstract:
AbstractSupervisory control and data acquisition systems are critical in Industry 4.0 for controlling and monitoring industrial processes. However, these systems are vulnerable to various attacks, and therefore, intelligent and robust intrusion detection systems as security tools are necessary for ensuring security. Machine learning‐based intrusion detection systems require datasets with balanced class distribution, but in practice, imbalanced class distribution is unavoidable. A dataset created by running a supervisory control and data acquisition IEC 60870‐5‐104 (IEC 104) protocol on a testbed network is presented. The dataset includes normal and attacks traffic data such as port scan, brute force, and Denial of service attacks. Various types of Denial of service attacks are generated to create a robust and specific dataset for training the intrusion detection system model. Three popular techniques for handling class imbalance, that is, random over‐sampling, random under‐sampling, and synthetic minority oversampling, are implemented to select the best dataset for the experiment. Gradient boosting, decision tree, and random forest algorithms are used as classifiers for the intrusion detection system models. Experimental results indicate that the intrusion detection system model using decision tree and random forest classifiers using random under‐sampling achieved the highest accuracy of 99.05%. The intrusion detection system model's performance is verified using various metrics such as recall, precision, F1‐Score, receiver operating characteristics curves, and area under the curve. Additionally, 10‐fold cross‐validation shows no indication of overfitting in the created intrusion detection system model.
APA, Harvard, Vancouver, ISO, and other styles
25

Teryak, Hadir, Abdullatif Albaseer, Mohamed Abdallah, Saif Al-kuwari, and Marwa Qaraqe. "Double-Edged Defense: Thwarting Cyber Attacks and Adversarial Machine Learning in IEC 60870-5-104 Smart Grids." IEEE Open Journal of the Industrial Electronics Society, 2023, 1–14. http://dx.doi.org/10.1109/ojies.2023.3336234.

Full text
APA, Harvard, Vancouver, ISO, and other styles
26

Agus Syamsul Arifin, M., Deris Stiawan, Bhakti Yudho Suprapto, et al. "A Novel Dataset for Experimentation with Intrusion Detection Systems in SCADA Networks using IEC 60870-5-104 Standard." IEEE Access, 2024, 1. http://dx.doi.org/10.1109/access.2024.3473895.

Full text
APA, Harvard, Vancouver, ISO, and other styles
27

Radoglou-Grammatikis, Panagiotis, Konstantinos Rompolos, Panagiotis Sarigiannidis, et al. "Modelling, Detecting and Mitigating Threats Against Industrial Healthcare Systems: A combined SDN and Reinforcement Learning Approach." July 1, 2021. https://doi.org/10.1109/TII.2021.3093905.

Full text
Abstract:
The rise of the Internet of Medical Things introduces the healthcare ecosystem in a new digital era with multiple benefits, such as remote medical assistance, real-time monitoring, and pervasive control. However, despite the valuable healthcare services, this progression raises significant cybersecurity and privacy concerns. In this article, we focus our attention on the IEC 60 870-5-104 protocol, which is widely adopted in industrial healthcare systems. First, we investigate and assess the severity of the IEC 60 870-5-104 cyberattacks by providing a quantitative threat model, which relies on Attack Defence Trees and Common Vulnerability Scoring System v3.1. Next, we introduce an intrusion detection and prevention system (IDPS), which is capable of discriminating and mitigating automatically the IEC 60 870-5-104 cyberattacks. The proposed IDPS takes full advantage of the machine learning (ML) and software defined networking (SDN) technologies. ML is used to detect the IEC 60 870-5-104 cyberattacks, utilizing 1) Transmission Control Protocol/Internet Protocol network flow statistics and 2) IEC 60 870-5-104 payload flow statistics. On the other side, the automated mitigation is transformed into a multiarmed bandit problem, which is solved through a reinforcement learning method called Thomson sampling and SDN. The evaluation analysis demonstrates the efficiency of the proposed IDPS in terms of intrusion detection accuracy and automated mitigation performance. The detection accuracy and the F1 score of the proposed IDPS reach 0.831 and 0.8258, respectively, while the mitigation accuracy is calculated at 0.923.
APA, Harvard, Vancouver, ISO, and other styles
28

Akbarzadeh, Aida, Laszlo Erdodi, Siv Hilde Houmb, and Tore Geir Soltvedt. "Two-stage advanced persistent threat (APT) attack on an IEC 61850 power grid substation." International Journal of Information Security, May 14, 2024. http://dx.doi.org/10.1007/s10207-024-00856-6.

Full text
Abstract:
AbstractAdvanced Persistent Threats (APTs) are stealthy, multi-step attacks tailored to a specific target. Often described as ’low and slow’, APTs remain undetected until the consequences of the cyber-attack become evident, usually in the form of damage to the physical world, as seen with the Stuxnet attack, or manipulation of an industrial process, as was the case in the Ukraine Power Grid attacks. Given the increasing sophistication and targeted nature of cyber-attacks, especially APTs, this paper delves into the substantial threats APTs pose to critical infrastructures, focusing on power grid substations. Through a detailed case study, we present and explore a 2-stage APT attack on an IEC 61850 power grid substation, employing a Hardware-in-the-Loop (HIL) testbed to simulate real-world conditions. More specifically, this paper discusses two significant experiments conducted to assess vulnerabilities in the control protocols used in IEC 61850 substations: IEC 60870-5-104 and IEC 61850. The integration of findings from these experiments revealed a number of previously undiscussed potential threats to power grid infrastructure that could arise from attacking one or more substations. To better address these potential threats, the paper proposes an extension to the Industrial Control System (ICS) kill chain that explicitly accounts for the consequences of attacks on the physical aspects of Cyber-Physical Systems (CPSs).
APA, Harvard, Vancouver, ISO, and other styles
29

Ciaramella, Giovanni, Fabio Martinelli, Antonella Santone, and Francesco Mercaldo. "A method for smart grid intrusion detection through explainable deep learning." Journal of Computer Virology and Hacking Techniques 21, no. 1 (2025). https://doi.org/10.1007/s11416-025-00549-1.

Full text
Abstract:
Abstract Over the years, cyber-attacks have increased drastically, and their execution changed with time. One of the targets of cyber criminals is trying to obtain sensitive information from mobile, cloud, or generally IoT devices. To avoid those risks, different countermeasures have been developed and implemented. For instance, the IEC 60870-5-104 protocol was developed to define the systems used for remote control in electrical engineering and power system automation applications. Starting from these considerations, in this paper, we propose an intrusion detector based on explainable Deep Learning (DL) that is able to detect possible attacks. In a nutshell, we consider several DL models, i.e., AlexNet, DenseNet, EfficientNet, Inception, LeNet, MobileNet, ResNet50, Standard CNN, VGG16, and VGG19 to understand whether a network trace (stored in a PCAP file) is related to an attack. Moreover, to explain of the model attack prediction, we resort to two different Class Activation Mapping algorithms available in the literature: Grad-CAM++ and Score-CAM. As the last step, we also calculated the IF/IM-SSIM index to strengthen the robustness of the top-performing model and evaluate the similarity between the two CAM algorithms. Experimental results show the effectiveness of the proposed method, and we obtained an accuracy equal to 0.900 with the DenseNet. In conclusion, we applied the exact steps to a new dataset to confirm that the proposed methodology is scalable and applicable to other datasets and achieved promising results.
APA, Harvard, Vancouver, ISO, and other styles
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography