An abnormal traffic detection method in smart substations based on coupling field extraction and DBSCAN

Abstract

Smart Substation becomes more vulnerable to cyber attacks due to the high integration of information technologies, so it is essential to detect intrusion behaviour by abnormal traffic analysis in smart substations. Although there have been many detection methods for abnormal traffic, the existing ones all focus on the format check of a single field of the industrial transmission protocol, and ignore the deep coupling relationships among multiple protocol fields, which lead to more or less false detections and missed detections. To overcome this problem and further improve the detection accuracy, in this paper, we propose an abnormal traffic detection method based on the coupling field extraction and the density-based spatial clustering of applications with noise (DBSCAN). By using correlation analysis to extract the coupling fields of the protocol fields and using DBSCAN to remove the noise in the coupling fields, the deep coupling relationship between the coupling fields can be mined by the piecewise linear function fitting method, and used to detect abnormal traffic. The simulation results on 10,000 frames traffic prove that the proposed detection method can effectively identify the abnormal traffic.