Network traffic prediction for detecting DDoS attacks in IEC 61850 communication networks

This article presents the development of a Generic Object Oriented Substation Event (GOOSE) message traffic prediction system using a Nonlinear Autoregressive Model with Exogenous Input (NARX) input. An Artificial Neural Network was adopted to detect Distributed Denial-of-Service (DDoS) attacks in networks using the IEC-61850 protocol. The system uses the OpenFlow protocol to split the multicast groups of GOOSE messages, in which each transmission is analysed separately. The implemented intelligent system used 62 prediction steps with a percentage relative error of up to 5%. The system was embedded in the ZYBO development platform with the OpenMul controller. The results showed that the percentage relative error of each sample presents a determinant signature for classifying the state of operation of the electrical system, making it possible to identify DDoS attacks in communication networks for electric power substations.