Skip to Main Content
This paper proposes the use of an intrusion detection system (IDS) tailored to counter the threats to an IEC61850-automated substation based upon simulated attacks on intelligent electronic devices (IEDs). Intrusion detection (ID) is the process of detecting a malicious attacker. It is an effective and mature security mechanism. However, it is not harnessed when securing IEC61850-automated substations. The IDS of this paper is developed by using data collected by launching simulated attacks on IEDs and launching packet sniffing attacks using forged address resolution protocol (ARP) packets. The detection capability of the system is then tested by simulating attacks and through genuine user activity. A new method for evaluating the temporal risk of an intrusion for an electric substation based upon the statistical analysis of known attacks is also proposed.