ResiGATE IDS Demo

Demo 1: In this video, we introduce the substation architecture and the different types of communication protocols. We explain the normal operation of the breaker failure protection mechanism and show that an attacker can inject malicious GOOSE messages to cause the circuit breaker to trip even in the absence of an overcurrent condition. We then introduce our Resigate IDS built on Zeek (Bro) to detect such attacks. Our Resigate;s detection is based on applying semantic analysis and context-aware techniques. We explain the demo setup and use Kibana to visualize the logs generated by the Resigate IDS. We show that by correlating the context information of GOOSE and SV messages, Resigate IDS can detect false message injection attacks.

Demo 2: In this video, we reinforce the cyber-physical approach to cyber-attack detection by our proposed intrusion detection system (IDS). A couple of scenarios are presented to show the importance of physical system based rules in attack detection. In the first case, the power flow study by the power flow simulator alerts overloading of power system components and rejects the malicious command which has not been detected by the cyber rules. The second case deals with false data injection attack in measurements. The state estimation performed by the power flow simulator identifies the bad data injected by the attacker in measurement vector.