BROWSE
Detail
Conference Paper
Real-Time GOOSE Attack Detection in IEC 61850 Substations Using SDN-Based Traffic Inspection
Cited 0 time in 
Share 
Share
- Authors
- Seunghyun Yoon, Ryangsoo Kim, Hark Yoo, Hyuk Lim
- Issue Date
- 2025-06
- Citation
- International Conference on Dependable Systems and Networks (DSN) 2025, pp.271-272
- Language
- English
- Type
- Conference Paper
- Abstract
- Medium-voltage DC (MVDC) substations using IEC 61850 GOOSE messaging remain vulnerable to cyber threats due to a lack of built-in security. This paper introduces a cybersecurity architecture combining Software-Defined Networking (SDN) with a hybrid Intrusion Detection System (IDS) to detect and mitigate such threats. The centralized control and dynamic programmability of SDN enable rapid threat containment with minimal disruption to substation operations. The proposed SDN-based architecture uses a switch to mirror GOOSE traffic to an IDS, which integrates rule-based protocol verification and deep learning-based anomaly detection. Detected attacks trigger real-time isolation of compromised Intelligent Electronic Devices (IEDs) through dynamic port disabling by the SDN controller. Experimental validation using the IEC61850SecurityDataset demonstrates high accuracy in detecting various attack scenarios and effective containment with minimal operational impact.
- KSP Keywords
- Attack Detection, Built-in, Centralized control, Cyber threats, Detection Systems(IDS), GOOSE messaging, High accuracy, Hybrid Intrusion Detection System, IEC 61850 GOOSE, Intelligent electronic devices, Learning-based