Convolutional Neural Network-Based Classification of Secured IEC 104 Traffic in Energy Systems

conference paper

English

This paper focuses on the classification of secure IEC 104 protocol traffic in energy systems using a specific convolutional neural network model. Secure communication of the IEC 104 protocol was used to train the network. The data were obtained using a special network traffic simulator and from an energy testbed. In order to analyze secure communication, a classifier was developed to identify the individual operating states of the communicating station. In this article, we focused on the classification of IEC 104 protocol communication with TLS security. The classifier consisted of a convolutional neural network with a defined two-dimensional input matrix. The matrix was composed of the information from five consecutive packets. The information was constructed from the interarrival time between packets, the length of TLS encrypted application data, and the encrypted application data up to 64B in size. To obtain enough data to train the convolutional network, a simulator of characteristic messages for each state was developed. The classifier was trained to accurately classify the ”Normal operation” and ”Short circuit” states of the station, achieving a probability exceeding 90% for the distinct data flow. However, in the case of other operating states characterized by subtle differences, misclassification occurred between two states sharing similar characteristics.

Convolutional Networks; Energy Protocol; IEC 60870-5-104; IEC 62351; TLS; Traffic Classification

BOHAČÍK, A.; HOLASOVÁ, E.; FUJDIAK, R.; RACKA, J.

3. 12. 2023

ACM

New York, NY, USA

979-8-4007-0796-4

Proceedings of the 2023 13th International Conference on Communication and Network Security

1

159

165

7

https://doi.org/10.1145/3638782.3638806