The associated research area “Intrusion Detection and Prevention System for Energy Systems” will investigate the existing Intrusion Detection Systems (IDS) while identifying their limitations. A number of open-source softwares such as SNORT, Suricata, OSSEC etc. are available which are unable to cover the detection process entirely, like from the addressed softwares, former is susceptible to zero-day attack while laterals are susceptible to packet flooding attacks. Thus, there is a need to deeply explore various detection methods and bring them together i.e. statistical and machine learning based techniques. This will aim at improving the attack detection process and also distinguish between attacks and faults. A very generic layout of the system is demonstrated in the figure below.

The IDS will incorporate various cyber and physical features while accounting for the correlation between them via multiple techniques such as Pearson’s correlation, Euler’s representation etc. To proceed with identification and extraction of important features, and defining the basis for their selection in accordance with the behavior of substation against different attacks, multiple use cases would be implemented within the Kastel Security Lab architecture. The system will consider complex scenarios and cover the attacks from a broader perspective such as False Data Injection, Man-in-the-Middle, Denial of Service attacks etc. Covering various attacks will help understand and map better the features to-be-considered in detection process. Thus, distinguishing the system from existing ones by being efficient and better in terms of detection accuracy.