Conference paper Open Access

# An Anomaly Detection Mechanism for IEC 60870-5-104

Panagiotis Radoglou Grammatikis; Panagiotis Sarigiannidis; Antonios Sarigiannidis; Dimitrios Margounakis; Apostolos Tsiakalos; Georgios Efstathopoulos

### Dublin Core Export

<?xml version='1.0' encoding='utf-8'?>
<oai_dc:dc xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:oai_dc="http://www.openarchives.org/OAI/2.0/oai_dc/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.openarchives.org/OAI/2.0/oai_dc/ http://www.openarchives.org/OAI/2.0/oai_dc.xsd">
<dc:creator>Panagiotis Sarigiannidis</dc:creator>
<dc:creator>Antonios Sarigiannidis</dc:creator>
<dc:creator>Dimitrios Margounakis</dc:creator>
<dc:creator>Apostolos Tsiakalos</dc:creator>
<dc:creator>Georgios Efstathopoulos</dc:creator>
<dc:date>2020-09-18</dc:date>
<dc:description>The transformation of the conventional electricity grid into a new paradigm called smart grid demands the appropriate cybersecurity solutions. In this paper, we focus on the security of the IEC 60870-5-104 (IEC-104) protocol which is commonly used by Supervisory Control and Data Acquisition (SCADA) systems in the energy domain. In particular, after investigating its security issues, we provide a multivariate Intrusion Detection System (IDS) which adopts both access control and outlier detection mechanisms in order to detect timely possible anomalies against IEC-104. The efficiency of the proposed IDS is reflected by the Accuracy and F1 metrics that reach 98% and 87%, respectively.</dc:description>
<dc:identifier>https://zenodo.org/record/4064667</dc:identifier>
<dc:identifier>10.1109/MOCAST49295.2020.9200285</dc:identifier>
<dc:identifier>oai:zenodo.org:4064667</dc:identifier>
<dc:language>eng</dc:language>
<dc:relation>info:eu-repo/grantAgreement/EC/H2020/787011/</dc:relation>
<dc:relation>url:https://zenodo.org/communities/h2020_spear_project</dc:relation>
<dc:rights>info:eu-repo/semantics/openAccess</dc:rights>
<dc:subject>Anomaly Detection</dc:subject>
<dc:subject>Cybersecurity</dc:subject>
<dc:subject>IEC-60870- 5-104</dc:subject>
<dc:subject>Supervisory Control and Data Acquisition</dc:subject>
<dc:title>An Anomaly Detection Mechanism for IEC 60870-5-104</dc:title>
<dc:type>info:eu-repo/semantics/conferencePaper</dc:type>
<dc:type>publication-conferencepaper</dc:type>
</oai_dc:dc>

49
120
views