Synchrophasor technology is used for real-time control and monitoring in modern power systems. IEEE C37.118 communication framework is most widely used by synchrophasor devices such as Phasor Measurement Units (PMUs) and Phasor Data Concentrators (PDCs). The size, format and structure of IEEE C37.118 payloads vary significantly from one PMU/PDC to the other which make traditional signature based IDS tools (i.e., SNORT, Suricata, etc) inefficient for synchrophasor-based systems. Thus, this paper presents the design of a comprehensive model-based Synchrophasor Specific Intrusion Detection System (SS-IDS) and analyzes its features and capabilities. The proposed SS-IDS is implemented as a light-weight efficient multi-threaded tool using optimized PCAP filters. The defined model-based rules enable it to detect known as well as unknown attacks (including unintentional misuse). The functionalities of the proposed SS-IDS are validated in the lab using a testbed consisting of real PMU data and NRL CORE based emulated network.
展开▼
